[ISN] Jail for Playboy blackmailer

From: InfoSec News (isn@private)
Date: Tue Jun 29 2004 - 06:24:17 PDT

  • Next message: InfoSec News: "[ISN] Security: The root of the problem"

    http://www.thisissouthampton.co.uk/hampshire/southampton/news/SOTON_NEWS_NEWS2.html
    
    28 June 2004
    By Echo reporter
    
    A SUPERMARKET shelf stacker woke up to find Hampshire detectives and 
    the US Secret Service on his doorstep after he blackmailed Playboy for 
    $100.
    
    Simon Jones, 25, used his computer knowledge to obtain user names and 
    passwords for the private section of the American porn empire's 
    website.
    
    >From the bedroom of his Rownhams home, the science degree holder 
    e-mailed Playboy, claiming he belonged to an elite band of hackers 
    whose sole aim was to gain access to adult-based servers to retrieve 
    account information.
    
    He told them: "Our current account listing runs to about 21,000 
    individual compromised accounts and is growing steadily.
    
    "While many hackers do this purely for the purpose of hacking and 
    gaining control of Web servers, my motives are far simpler. I want to 
    sell the accounts on to the owner or highest bidders."
    
    He told the shocked security staff: "There are currently ten accounts 
    from playboy.com that you get first choice. I look forward to hearing 
    from you," signing himself as Pastmaster 69.
    
    Charles Thomas, prosecuting at Southampton Crown Court, described how 
    Jones had obtained the user names and passwords through access to a 
    different site which was an Internet channel.
    
    Armed with that information, he then approached Playboy for money.
    
    They indicated they were interested in buying the accounts for $50 
    each. Playboy bought two initially for which $100 was forwarded 
    through an Internet-based payment system into his account.
    
    Mr Thomas said Playboy carried out their own review at a cost of 
    $6,500 and found their database had not been compromised, otherwise it 
    would have cost about $1m to set up again with the potential loss of 
    subscribers fearful of their identity being compromised.
    
    Jones was arrested at home by police accompanied by the American 
    Secret Service after the payment had been traced to his bank account.
    
    Jones, of Greenwood Avenue, pleaded guilty to blackmail and was jailed 
    for two years. He was of previous good character, the court heard.
    
    In mitigation, James Leonard said Jones had got himself into 
    considerable trouble through "a whim" and no subscribers had been 
    compromised.
    
    He said: "There cannot be very many young people waking up one morning 
    to find the police and the American Secret Service inquiring about 
    their Internet use.
    
    "Jones only made one demand before he was arrested six months later. A 
    more dedicated, sophisticated blackmailer would have carried on. On 
    the face of it, he had this steady flow of income to be exploited, but 
    it stopped."
    
    Mr Leonard added: "It shows how far he was prepared to go. It shows no 
    criminal sophistication but naivety.
    
    "He is genuinely bewildered by the consequences and wants to apologise 
    for all the trouble he has caused and didn't wish to compromise 
    Playboy."
    
    Passing sentence, Judge John Boggis QC accepted neither the Playboy 
    database nor its subscribers had been compromised, that Jones had 
    received only $100 and that he was remorseful.
    
    He said: "You were bored and disappointed you didn't find employment 
    in the computer world as you hoped for. But this was a planned 
    invasion. Your e-mail to Playboy set out your motive to extract 
    money." 
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Tue Jun 29 2004 - 07:59:29 PDT