A teenager from the UK has been sentenced to nearly two years in prison after supplying sensitive personal data and hacker-for-hire services.
19-year-old Elliot Gunton was sentenced to 20 months at Norwich Crown Court on Friday 16th August after pleading guilty to money laundering, hacking offences and breach of a Sexual Harm Prevention Order.
The court heard how police seized Gunton’s laptop in April 2018 following the discovery of software which enabled him to commit cybercrime offences. Officers made the discovery during a routine visit to the teenager’s home to ensure he was complying with the Sexual Harm Prevention Order, imposed in June 2016.
Information found on the Gunton’s computer showed he had offered to supply and distribute compromised personal data for use in criminal activity. This, the court heard, included victims’ names, addresses and online account details.
- FBI arrests hacker responsible for Capital One data breach
- UK police scheme offers teen hackers white hat opportunities
- Majority of hacker-for-hire services are scams
Gunton also passed on mobile phone numbers which allowed third parties to intercept calls and texts in order to commit a type of fraud known as SIM-swapping.
This entails a fraudster gathering personally identifiable information (PII) on a target – such as the aforementioned personal details – and contacting the victim’s network provider. By pretending to be the real owner of a particular account, fraudsters are able to dupe an operator into switching the victim’s contact number to gain control.
Officers said they also found evidence that Gunton had advertised his services as a hacker-for-hire in exchange for $3,000 (£2,480) in Bitcoin. Gunton accepted payments via cryptocurrency to hide the payments from being discovered by police services, the court was told.
Despite taking steps to conceal his activities, Gunton left behind clues of his cybercriminal activity, police said. Fragments of conversations with others online – where he discussed criminal activity – were uncovered by officers. Additionally, police traced and seized around £275,000 worth of cryptocurrency under his control.
In a Twitter post under the handle @Gambler, Gunton posted that “having lots of money is cool…but having lots of money without people knowing is cooler”.
Although sentenced to 20 months, Gunton was immediately released from the court having already served his sentence whilst on remand.
He was also ordered to pay back £407,359 and issued with a three-and-a-half-year community behaviour order. This states that Gunton cannot own or use – unless at a place of employment or supervised facility – any device capable of accessing the internet unless the police can access and/or view it at any time.
Similarly, Gunton cannot use any kind of VPN, encryption or access the Dark Web. Additionally, he cannot delete internet histories or use ‘incognito mode’ on an internet browser.
Detective Sergeant Mark Stratford said: “This was a complex investigation which relied on the expertise of officers and staff from the Norfolk and Suffolk Cybercrime Unit. This emerging type of criminality requires police investigators to be at the forefront of technological advancements so they can effectively combat the ever-growing paradigm of cybercrime.