Personal data of customers sold on dark web leads to conviction of hacker

Hacker jailed for selling personal data on dark web

Grant West used popular food app Just Eat to gain access to thousands of emails and passwords

Grant West used popular food app Just Eat to gain access to thousands of emails and passwords

A British cybercriminal who gained access to a string of companies before selling their customers’ personal data on the dark web has been jailed.

Grant West, 26, who carried out his two and a half year cybercrime spree on several high-profile companies such as Uber, Argos, supermarket giants Sainsbury’s and Asda, and bookmakers Coral and Ladbrokes was jailed for 10 years and 8 months.

West carried out his attacks by sending phishing scams to 160,000 people impersonating the popular food app Just Eat, and offering to send a food voucher in return for answering questions that also included the confirmation of personal details.

West then set about extracting information that allowed him to access the details of 63,000 credit and debit cards.

Posing under the online pseudonym ‘Courvoisier’, he sold the ill-gotten information on the dark web via the now-defunct Alpha Bay market.

Caught Red-handed

The phishing campaign came to an end in September 2017, when West was arrested in the first-class section of a train as he was in the process of accessing the dark web.

According to a report by the BBC, West is said to have made “more than £180,000 from the scam”, and it is reported that a large chunk of that was converted into Bitcoins and placed in several accounts.

The police also seized £25,000 in cash and more than £500,000 in cryptocurrency during a raid on West’s home address. They also recovered an SD card with the details of the credit and debit cards used along with seven million email address — including the passwords.

During sentencing Judge Michael Gledhill described West as “a one-man cybercrime wave”.

The Guardian reports that Judge Gledhill also warned companies that their cybersecurity needed to be beefed up as the case showed how vulnerable it was to this type of cyberattack. He said: “Regrettably, as this case has demonstrated, security of information held electronically is at best poor. When such inadequate security is confronted with a criminal of your skills and ambition it is totally unfit for purpose and worthless.

“This case should be a wake-up call to customers, companies and the computer industry to the very real threat of cybercrime.”

Discussion