A 22-year-old with a lengthy history of convictions pleaded guilty last week to charges of blackmail and fraud, after threatening to reveal details of thousands of phished bank accounts if the bank involved refused to pay up.
The man, Lewys Martin, originally from the town of Walmer near Deal in Kent, apparently got his hands on 28,000 sets of account details for customers of the Halifax bank, part of the Lloyds Banking Group.
He then threatened to release the data to the Sun newspaper if Lloyds refused to pay up to the tune of 1 bitcoin for every 10 records he held, which came to just over £200,000 at the time of the offence in May 2013 and at today’s prices would be worth four times as much.
Lloyds and the Sun reported the attempted extortion to police, who tracked Martin down and found evidence of both the extortion and phishing-related activities on computer hardware seized from his home. Indecent images of children were also found – not thought to be connected to the blackmail attempt.
Martin has had a number of run-ins with the law over computer offences, starting at the age of 20 in 2012 when he was sentenced to 18 months in jail for spreading a Trojan Horse posing as a popular Call of Duty computer game, which logged keystrokes and stole passwords and banking details.
Shortly after that in November of 2012 he was again facing charges, this time for launching DDoS attacks on Oxford and Cambridge University websites, as well as that of the local Kent police force, according to local news reports.
He eventually pleaded guilty to the DDoS charges in April 2013 and was sentenced to another 2 years in jail in May of that year, by which time it seems he was already underway with his next crime, for which he is due to be handed another sentence in December.
All in all it’s a sorry tale of steadily escalating criminality.
It’s tempting to think in this age of organised gangs of cybercrooks that different types of crime are specialised skills performed by people dedicated to their given area – spammers spam, phishers phish, carders card and so on.
But at the low end of the scale (and Mr Martin is clearly at the low end, given his apparent inability to evade detection) a whole smorgasbord of cyber-related criminality is available to any entry-level wannabe with some basic skills and the required lack of morals.
Just as “real world” crooks can graduate from petty infractions, through thuggishness to hardened criminality, so Martin (and many others like him) started off by dabbling with simple malware, moved on to acts of vandalism and violence against websites which annoyed him, and then stepped up to extorting a major bank.
The danger is that this escalation may feel less significant when it comes to digital crimes, the victims of which are never real flesh-and-blood people standing in front of you but one step removed, appearing as no more than usernames, blurry photos or cartoonish avatars.
With the apparent boom in cybercriminality of late, evidenced by increasingly regular and increasingly massive data breaches at major firms, it’s possible that more and more young people will be drawn to digital malfeasance as an easy way to make it rich without putting in the hard hours.
So it’s important that we educate the young on just how real the people at the other end of their broadband uplink are, and how crimes against them can be every bit as unpleasant, and sometimes even devastating, as crimes committed “in person”.
And how the punishment for those crimes is every bit as real.