UK Teen Sentenced For Hacking, Selling Personal Data

A British teenager has been sentenced to 20 months in prison after he was found to have supplied compromised personal data and hacking services in exchange for thousands of pounds in cryptocurrency.

Elliot Gunton, 19, of Norwich, was sentenced in Norwich Crown Court on Friday to charges of breaching a Sexual Harm Prevention Order, hacking offences and money laundering, after pleading guilty at an earlier hearing.

Gunton was ordered to pay back more than £400,000 he had received for illicit services.

In a Twitter post under an alias he had earlier posted a message saying: “having lots of money is cool… but having lots of money without people knowing is cooler”.

Fraud

In April 2018, officers were making a routine call on Gunton to ensure he was complying with a Sexual Harm Prevention Order that had been issued in June 2016 for previous offences, when they discovered software on his laptop that enabled him to commit hacking offences.

Further information found on the laptop indicated Gunton had been advertising compromised personal data and hacking services for $3,000 (£2,471) in Bitcoin.

Gunton’s services included selling the personal data of individuals to criminals, allowing them to commit fraud.

The data was used, for instance, to allow criminals to convince a user’s mobile phone company to transfer the user’s number to a phone under their control, allowing them to intercept calls and text messages during the period before the user discovered the switch.

Such attacks allow hackers to bypass two-factor authentication and illicitly access online services.

Police were able to seize some £275,000 worth of cryptocurrencies in spite of Gunton’s efforts to conceal it.

Personal data

Gunton was immediately released, having served his time in prison whilst on remand, but must still pay back £407,359.

Furthermore, under a three-and-a-half year Community Behaviour Order Gunton can only use internet-connected devices under tight restrictions, being barred, for instance, from using VPNs or the Tor anonymity network.

“This emerging type of criminality requires police investigators to be at the forefront of technological advancements in order to effectively combat the ever-growing paradigm of cybercrime,” said Detective Sergeant Mark Stratford.

“Gunton was exploiting the personal data of innocent businesses and people in order to make a considerable profit, but he did not succeed in hiding all of his ill-gotten gains, which enabled us to seize hundreds of thousands of pounds worth of Bitcoin.

“Today’s sentence will ensure he cannot continue with this kind of criminal activity.”