If you ever wanted to get an idea about the amount of money that a reasonably skilled cyber criminal can earn then it’s worth taking a look at the recent case of Grant West. Last week he was sentenced to just over ten years in jail after an online crime career spanning just over 3 years. He was responsible for attacking more than 100 companies worldwide although his primary attack method was ‘phishing’ email scams directed at ordinary people.
The ten years jail sentence may have even been worthwhile if West had been able to hide his profits from the authorities, but fortunately the Metropolitan Police were able to seize the majority of these. It is a testament to the increasing skill of our police forces in investigating these sort of crimes that not only did they solve the crime, arrest the culprit but also seize his assets too.
Grant West was a skillful hacker who operated in a variety of methods and even converted his ill gotten gains into Bitcoins in order to hide them. They were stored in heavily encrypted bitcoin wallets and stored in a protected format on his laptop. This was one of the crucial aspects of the arrest, West was literally grabbed at his laptop during a train journey. His arms were seized in order to stop him logging out of his laptop, this made gaining evidence and access to his Bitcoin wallets possible. Without this arrest style, it would be extremely difficult to gain access to either the laptop or the funds that West had stolen.
The investigation actually took nearly two years and covered the huge range of attacks that West carried out. As mentioned he operated on a variety of levels but his most successful attacks were based on sophisticated phishing techniques. An example was an email offering a bonus amount for the takeaway company Just Eat. People had to fill in a short survey to qualify and complete the details of their credit card information, part filled which made it look much more convincing. West would then sell their credit card details on the Dark Web usually in return for Bitcoin payments. In isolating himself from the direct fraud he was minimizing the risk of being caught.
As ever though, it’s much easier to commit cyber crime than it is to avoid detection. It’s interesting to look at the final charge sheet which gives some indication of how he was caught.
2 x conspiracy to defraud;
2 x possession of criminal property;
1 x unauthorised modification of computer material;
1 x possession of a Class B drug with intent to supply;
1 x possession of Class B drug
1 x attempting to supply a controlled drug;
1 x offering to supply a Class B drug, and;
1 x concealing/removing criminal property from England and Wales, Scotland or Northern Ireland.
As you can see West branched out into all sorts of criminal activity, basically anything that could make him some cash. Moving into the drugs arena would have put him on the radar of other law enforcement departments. It would also involve movement and possession of a physical product which also makes investigation and prosecution much easier.
Grant West may have been a reasonably skilled hacker but it appears he was careless and greedy too. It’s interesting that few of the charges relate to actual hacking and computer related criminal charges, most of these would have been covered under the Computer Misuse Act. They also would have attracted heavy fines and sentences but it looks like they were difficult to prove which suggests that West was able to cover his tracks with regards to the computer attacks.
There are lots of ways of hiding yourself online whether it’s just for your own privacy or indeed for committing criminal acts. Indeed even if you take some standard security software, which I use to access the Match of the Day stream on my laptop while travelling has the ability to switch between encrypted servers across the globe automatically. In addition, there’s no logs kept on any of the servers so there’s no evidence to seize on any of the devices.
He also unbelievably was still selling drugs whilst on bail, plus carried out a range of ‘brute force’ attacks on some major companies at that time. This is unbelievably stupid as it’s extremely simple to monitor and track someone you suspect of committing computer crime. Presumably more evidence was gathered due to this rather reckless behaviour.
The police in their summary, reported that this was the first time they had managed to seize a cryptocurrency like Bitcoin. Although other forces internationally have been slightly more successful, this year the Bavarian government sold off over 14 million pounds worth of seized cryptocurrencies.
There are people making money online in a slightly more legitimate way, take for example this article regarding how people buy and sell the latest designed sneakers online –Sneaker Proxies for Sale.