25-year-old Cameron Lacroix, of New Bedford, Massachusetts, was known to be involved in hacking as long ago as 2005, when he was too still young to be publicly identified, and since has had several run-ins with the law, building up a Wikipedia page that reads like an extended rap sheet.
His past exploits include a teenage association with a hacking group linked to compromising both the corporate network of regular data theft target LexisNexis and the cellphone of privacy-impaired celebrity Paris Hilton.
He was last released from incarceration in early 2011, according to the Federal Bureau of Prisons’ inmate locator, and has now admitted that between May 2011 and May 2013 he committed a raft of further hacking offences.
- Compromising the networks of local police and other law enforcement agencies, accessing email accounts and sensitive police reports and sex offender records.
- Using stolen credentials to access and change records on the computer systems of Bristol Community College, where Lacroix was a student at the time.
- Getting hold of payment card information for 14,000 people from an unnamed source, with complete sets of personal information on some of these people also obtained.
For the most part, the motivation for committing a cybercrime or intrusion falls into one of a few main categories. The majority, of course, are all about the money, with payment card records one of the easiest assets to monetize once acquired.
Another subset is motivated by slightly less tangible personal gain, that of improving oneself through the doctoring of school and college grade records, a far smaller category but one which crops up surprisingly often.
One recent example apparently targeted Italy’s central examination system.
Then alongside other motives such as promoting a cause through hacktivism, spying on governments and citizens, and corporate espionage, there’s a long-standing tradition of hacking “the man” to find out the secrets he’s been keeping from us, which Lacroix’s intrusions into law enforcement databases presumably fits into.
There is of course some cross-pollination between these spheres of activity, given the overlapping skills required, but it must be rare for one individual to be involved in such a wide range of offences, which seem to be inspired by such very different motives.
It seems that some people, once they have picked up the skills to get into other people’s computer systems using technical or social engineering techniques, find it hard to resist exploiting these skills to get round any barrier placed in front of them.
Mr Lacroix could be an early example of a future sub-class of criminal, the recidivist petty cybercrook.
So if you’re ever tempted to take advantage of a flaw in cybersecurity to make some cash, to make yourself look better, or just out of curiosity, remember Lacroix – it seems such behaviour is not only criminal, it may also be addictive.