http://www.wired.com/news/culture/0,1284,45057,00.html By Michelle Delio 9:55 a.m. July 6, 2001 PDT A self-styled "saint of e-commerce" has been sentenced to three years of court-ordered psychiatric treatment for posting the credit card numbers of thousands of Internet shoppers on his websites. Raphael Gray, a Welsh teenager, said that he was on a mission to prove the dangers of shopping over the Internet. To demonstrate his point, in January 1999, Gray embarked on a four-week crack attack on e-commerce sites to see how many systems he could hack into. During his month-long crusade, Gray managed to collect at least 23,000 credit card numbers, including one belonging to Bill Gates, which Gray said he used to send a shipment of the impotence-curing drug Viagra to Gates' home. The teenager was commended in court for his whimsy in sending the drug to Gates. "You demonstrated some sense of humor by sending Viagra to Bill Gates to mock him," said Judge Gareth Davies, at Gray's sentencing hearing in the Merthyr Tydfil Crown Court in southern Wales. After his sentencing Gray, 19, told reporters outside the courthouse that he would "do it all again, given the chance," but would act within the law next time. Court records state that Gray cracked thousands of company databases, which resulted in the closure of two companies and an estimated $2.8 million in fraudulent Visa and MasterCard charges. Gray publicly posted the credit card information he purloined on a "Hall of Shame" that was housed on two of his own websites. He said he posted the cards to prove that many e-commerce sites were not properly secured. Gray said during the trial that he had attempted to notify companies of the holes in the e-commerce software they were using, but was often rebuffed or ignored. Only after a company had failed to react to his warnings, said Gray, did he post stolen credit card numbers on his own websites, ecrackers.com and freecreditcards.com, both of which are now closed. Gray also posted details of his database cracks, and a poll on his websites, asking people to vote on whether he was a saint or a sinner. Fifty-six percent of those who voted thought that Gray was acting ethically when he cracked e-commerce databases and then posted the plunder on his sites. Gray also boasted that law enforcement officials would never catch him, "because they never catch anyone. The police can't hack their way out of a paper bag." The police, however, knew enough about hacking to track Gray by analyzing the logs of one of the servers he had cracked into. Gray had scripted a program that tapped into databases, extracted information, and then crashed the site's server after he was done. The crash was intended to wipe out any traces of his crack. But the program failed to crash a server on at least one occasion, and the FBI and Royal Canadian Mounted Police used that server's logs to track Gray to the small cottage he lives in with his mother and two sisters in Clynderwen, in western Wales, in March 2000. Gray was at his computer when law enforcement showed up at the door. Gray later pleaded guilty to six charges of unlawful entry to corporate websites and four of dishonestly obtaining services. Gray said in court that he has been offered a job as a security consultant for a software company. The company was not identified. Judge Davies ordered psychiatric treatment for Gray after hearing the teenager only began hacking after he took a fall in a playground six years ago and suffered a severe head injury. According to psychiatric assessments ordered by the court, after the accident Gray had a difficult time relating to people and became obsessed with computers. ISN is hosted by SecurityFocus.com --- To unsubscribe email isn-unsubscribeat_private
This archive was generated by hypermail 2b30 : Mon Jul 09 2001 - 01:44:50 PDT