Canadian authorities have arrested Alexander Moucka, also known as Connor Moucka, in connection with a sweeping series of cyberattacks targeting Snowflake cloud customers. The arrest took place on Wednesday, October 30, 2024, following a formal request from the United States government.
The Impact of the Snowflake Data Breaches
Over several months, hackers executed a massive campaign compromising internal data from approximately 165 corporate clients of Snowflake, a prominent provider of cloud storage and data analysis services. High-profile victims included AT&T, Ticketmaster, and Advance Auto Parts.
The attackers gained unauthorized access by leveraging employee passwords harvested via malware. A critical security oversight—the lack of mandatory multi-factor authentication (MFA) on many Snowflake accounts—allowed the perpetrators to exfiltrate vast amounts of sensitive and personally identifiable information with relative ease.
From Online Monikers to Custody
The suspect, who operated under the aliases “Waifu” and “Judische,” had previously signaled an awareness of his impending apprehension. In a statement to 404 Media last month, the individual claimed to have destroyed incriminating evidence and “poisoned” remaining data, hoping to limit potential charges to conspiracy.
Ian McLeod, a spokesperson for the Canadian Department of Justice, confirmed that Moucka appeared in court on October 30. His case has been adjourned until November 5, 2024. Officials have not yet disclosed details regarding a potential extradition to the United States.
Google Confirms Hacker Identification
Google has publicly identified Moucka as the primary actor behind the Snowflake breaches. Mark Karayan, a spokesperson for Google, highlighted the significance of the arrest, noting that it effectively neutralizes the threat group.
“With his co-conspirator, John Binns, having been arrested by Turkish authorities earlier this year, this means that both threat actors responsible for this campaign are now finally in custody,” Karayan stated. Binns, a 21-year-old American hacker, was previously linked to the high-profile AT&T data breach.
A Consequential Arrest for Cybersecurity
Industry experts view the apprehension as a major victory for global cybersecurity enforcement. Austin Larsen, a senior threat analyst at Google’s Mandiant, characterized Moucka as one of the most consequential threat actors of 2024.
“This arrest serves as a deterrent to cybercriminals and reinforces that their actions have serious consequences,” Larsen added. While the investigation remains ongoing, the U.S. Department of Justice has not provided further comment on the case.