Londoner Anwar Batson has been sentenced to nine months in jail at Southwark Crown Court after pleading guilty to participating in a targeted attack on Camelot, the operator of the UK’s National Lottery.
The cyber attack targeted Camelot’s extensive customer database that contained the data of nine million player records.
Batson provided others with help and tuition in order to compromise Camelot’s system, according to the UK’s National Crime Agency (NCA)
He suggested that the participants should use a Sentry MBA to crack and access user accounts.
A Sentry MBA is an automated cracking tool, available online, that is used in credential stuffing attacks. Systems without any anti-automation protections are particularly vulnerable to this type of HTTP bot.
Such a tool requires no technical knowledge to attack a website with lists of weak passwords and user combinations, as well as compromised account combinations leaked through data dumps and paste websites.
Daniel Thompson and Idris Kayode Akinwunmi were among those instructed by Batson. Using the alias ‘Rosegold’, Batson told the others that they could make easy money using Sentry MBA.
He conducted conversations with them “about hacking, buying and selling of username and password lists, configuration files, and personal details,” the prosecution said.
Made aware of the attack in 2016, the NCA said that the core systems responsible for draws were not impacted, but that a database containing millions of records was.
At the time, the National Lottery said 27,000 player accounts may have been compromised due to “suspicious activity”. Data including names, contact details, dates of birth, and limited payment card information may have been exposed by the attack, the organisation said.
- DIGIT Movers & Shakers: December 2019
- Dundee Rolls Out New High-Tech Buses Over the Weekend
- 5 of the Most Impressive Electric Vehicles Showcased at CES 2020
Although Batons only made £5 from his efforts, it is still classed as fraud and an offence under the UK’s 1990 Computer Misuse Act.
The expense of responding to the attack combined with the loss of customers – 250 closed their accounts as as result of the hack – Camelot had to pay out £230,000, according to the Register.
Batson originally denied involvement in the attack; however, he eventually pleaded guilty to four offences under the act and one count of fraud in Southwark Crown Court.
Thompson and Akinwunmi have also been jailed for the attack, receiving eight and four months behind bars respectively.
NCA senior investigating officer, Andrew Shorrock, commented: “Even the most basic forms of cybercrime can have a substantial impact on victims. No one should think cybercrime is victimless or that they can get away with it.”