[ISN] Joking Hacker 'Saint' Sentenced

From: InfoSec News (isnat_private)
Date: Mon Jul 09 2001 - 01:21:03 PDT

  • Next message: InfoSec News: "[ISN] Mass web banking hack probed"

    By Michelle Delio 
    9:55 a.m. July 6, 2001 PDT 
    A self-styled "saint of e-commerce" has been sentenced to three years
    of court-ordered psychiatric treatment for posting the credit card
    numbers of thousands of Internet shoppers on his websites.
    Raphael Gray, a Welsh teenager, said that he was on a mission to prove
    the dangers of shopping over the Internet. To demonstrate his point,
    in January 1999, Gray embarked on a four-week crack attack on
    e-commerce sites to see how many systems he could hack into.
    During his month-long crusade, Gray managed to collect at least 23,000
    credit card numbers, including one belonging to Bill Gates, which Gray
    said he used to send a shipment of the impotence-curing drug Viagra to
    Gates' home.
    The teenager was commended in court for his whimsy in sending the drug
    to Gates.
    "You demonstrated some sense of humor by sending Viagra to Bill Gates
    to mock him," said Judge Gareth Davies, at Gray's sentencing hearing
    in the Merthyr Tydfil Crown Court in southern Wales.
    After his sentencing Gray, 19, told reporters outside the courthouse
    that he would "do it all again, given the chance," but would act
    within the law next time.
    Court records state that Gray cracked thousands of company databases,
    which resulted in the closure of two companies and an estimated $2.8
    million in fraudulent Visa and MasterCard charges.
    Gray publicly posted the credit card information he purloined on a
    "Hall of Shame" that was housed on two of his own websites.
    He said he posted the cards to prove that many e-commerce sites were
    not properly secured.
    Gray said during the trial that he had attempted to notify companies
    of the holes in the e-commerce software they were using, but was often
    rebuffed or ignored.
    Only after a company had failed to react to his warnings, said Gray,
    did he post stolen credit card numbers on his own websites,
    ecrackers.com and freecreditcards.com, both of which are now closed.
    Gray also posted details of his database cracks, and a poll on his
    websites, asking people to vote on whether he was a saint or a sinner.
    Fifty-six percent of those who voted thought that Gray was acting
    ethically when he cracked e-commerce databases and then posted the
    plunder on his sites.
    Gray also boasted that law enforcement officials would never catch
    him, "because they never catch anyone. The police can't hack their way
    out of a paper bag."
    The police, however, knew enough about hacking to track Gray by
    analyzing the logs of one of the servers he had cracked into.
    Gray had scripted a program that tapped into databases, extracted
    information, and then crashed the site's server after he was done. The
    crash was intended to wipe out any traces of his crack.
    But the program failed to crash a server on at least one occasion, and
    the FBI and Royal Canadian Mounted Police used that server's logs to
    track Gray to the small cottage he lives in with his mother and two
    sisters in Clynderwen, in western Wales, in March 2000.
    Gray was at his computer when law enforcement showed up at the door.
    Gray later pleaded guilty to six charges of unlawful entry to
    corporate websites and four of dishonestly obtaining services.
    Gray said in court that he has been offered a job as a security
    consultant for a software company. The company was not identified.
    Judge Davies ordered psychiatric treatment for Gray after hearing the
    teenager only began hacking after he took a fall in a playground six
    years ago and suffered a severe head injury.
    According to psychiatric assessments ordered by the court, after the
    accident Gray had a difficult time relating to people and became
    obsessed with computers.
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 01:44:50 PDT