Information Security News
mailing list archives
Joking Hacker 'Saint' Sentenced
From: InfoSec News <isn () c4i org>
Date: Mon, 9 Jul 2001 03:21:03 -0500 (CDT)
By Michelle Delio
9:55 a.m. July 6, 2001 PDT
A self-styled "saint of e-commerce" has been sentenced to three years
of court-ordered psychiatric treatment for posting the credit card
numbers of thousands of Internet shoppers on his websites.
Raphael Gray, a Welsh teenager, said that he was on a mission to prove
the dangers of shopping over the Internet. To demonstrate his point,
in January 1999, Gray embarked on a four-week crack attack on
e-commerce sites to see how many systems he could hack into.
During his month-long crusade, Gray managed to collect at least 23,000
credit card numbers, including one belonging to Bill Gates, which Gray
said he used to send a shipment of the impotence-curing drug Viagra to
The teenager was commended in court for his whimsy in sending the drug
"You demonstrated some sense of humor by sending Viagra to Bill Gates
to mock him," said Judge Gareth Davies, at Gray's sentencing hearing
in the Merthyr Tydfil Crown Court in southern Wales.
After his sentencing Gray, 19, told reporters outside the courthouse
that he would "do it all again, given the chance," but would act
within the law next time.
Court records state that Gray cracked thousands of company databases,
which resulted in the closure of two companies and an estimated $2.8
million in fraudulent Visa and MasterCard charges.
Gray publicly posted the credit card information he purloined on a
"Hall of Shame" that was housed on two of his own websites.
He said he posted the cards to prove that many e-commerce sites were
not properly secured.
Gray said during the trial that he had attempted to notify companies
of the holes in the e-commerce software they were using, but was often
rebuffed or ignored.
Only after a company had failed to react to his warnings, said Gray,
did he post stolen credit card numbers on his own websites,
ecrackers.com and freecreditcards.com, both of which are now closed.
Gray also posted details of his database cracks, and a poll on his
websites, asking people to vote on whether he was a saint or a sinner.
Fifty-six percent of those who voted thought that Gray was acting
ethically when he cracked e-commerce databases and then posted the
plunder on his sites.
Gray also boasted that law enforcement officials would never catch
him, "because they never catch anyone. The police can't hack their way
out of a paper bag."
The police, however, knew enough about hacking to track Gray by
analyzing the logs of one of the servers he had cracked into.
Gray had scripted a program that tapped into databases, extracted
information, and then crashed the site's server after he was done. The
crash was intended to wipe out any traces of his crack.
But the program failed to crash a server on at least one occasion, and
the FBI and Royal Canadian Mounted Police used that server's logs to
track Gray to the small cottage he lives in with his mother and two
sisters in Clynderwen, in western Wales, in March 2000.
Gray was at his computer when law enforcement showed up at the door.
Gray later pleaded guilty to six charges of unlawful entry to
corporate websites and four of dishonestly obtaining services.
Gray said in court that he has been offered a job as a security
consultant for a software company. The company was not identified.
Judge Davies ordered psychiatric treatment for Gray after hearing the
teenager only began hacking after he took a fall in a playground six
years ago and suffered a severe head injury.
According to psychiatric assessments ordered by the court, after the
accident Gray had a difficult time relating to people and became
obsessed with computers.
ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com
- Joking Hacker 'Saint' Sentenced InfoSec News (Jul 09)