backtop


Print 18 comment(s) - last by OCDtech.. on Mar 11 at 12:10 PM

While taking an IT class, famous cybercriminal gains access to one of his prison's closed network

Back in 2009, Nicholas Webber bragged he was "probably the most wanted cybercriminal just now".  Today, the infamous UK cybercriminal has gone from wanted to imprisonment, serving his sentence in a UK correctional institution, HMP Isis.  

Opened in 2010, the pricey £110M ($166.3M USD) facility is supposed to provide a flexible, but secure environment for 18 to 24 year-old criminals.  But the prison's extensive security measures -- which include thumbprint biometrics -- were unable to stop the brilliant, but troubled youth from hacking his jailers' network from the inside in a stunning security breach.

I. From Boarding School to Card Crime


The son of a local Guernsey politician, Tony Webber, Nicholas was sent to the prestigious Bradfield College boarding school in Berkshire, whose tuition is around $36,400 USD a year.  During his time at the school he became interested in programming and showed off an uncanny aptitude for digital mischief.  He was caught hacking into school systems to delete one of his friend's detention records.

But ultimately it was his disappointing GCSE (General Certificate of Secondary Education) results that led to him being booted from the boarding school, not his hacking.  His school would later describe him as having trouble socializing with his peers.  After effectively flunking out, Nicholas Webber decided to try his hand at an entrepreneurial venture -- a site called Gh0stMarket.

Bradfield College
Mr. Webber flunked out of Bradfield College at age 16. [Image Source: Geograph Graham Horn]

His barrister would later describe the site as "Crimebook as opposed to Facebook."

Prosecutor Hugh Davies would describe Mr. Webber as having "full control" over the site.  He describes the forum, stating, "The Gh0stMarket forum had approximately 8,000 members worldwide. It existed simply to facilitate the criminal trade in compromised credit cards, access to online bank accounts and distribution of malicious software and computer hacking tricks."

The site also contained manuals on in-real-life (IRL) crime methods such as manufacturing crystal meth and explosives.

II. Living Large

Mr. Webber had business cards printed and brazenly advertised the site (ghostmarket.net) as a specialist internet crime service.  The hacker himself was a poster child for the site, specializing in creating Zeus-derived worms to infect computers and steal credit card numbers.  He ran a sister site fastunix.net to facilitate his criminal trade.

He is estimated to have stolen around 132,073 credit card numbers, and committed an estimated £15-18M ($22.6-27.2M USD) in fraud.  He brazenly wore a shirt proclaiming "legendary carder" in pictures he posted online, referring to his talent at stealing credit cards.

Nicholas Webber
Mr. Webber, prior to his arrest [Image Source: Central News]

Before long the young man was living a life few his age could dream of.  He bought a black Hummer SUV and funneled money into an offshore bank account in Costa Rica.  But something went wrong.  Mr. Webber and his partner Ryan Thomas were arrested on Oct. 12, 2009 for trying to pay for a £1,000 ($1,500 USD) bill for a penthouse suite at the at the Hilton Hotel in Park Lane, Central London with a stolen credit card.

Released on bail, Mr. Webber fled to the Spanish island of Majorca with his cohort Mr. Thomas.  

The pair for a time lived in a rented flat in Port D’Andrax.  In a post to Gh0stMarket.net before its Nov. 2 shutdown by authorities, he tells his former "business partners":

I’m probably the most wanted Cyber Criminal right now, so I gotta keep underground for a while.

I hope that GM has helped members to meet new people and do successful business with others, and that you can understand Big Sh** is Poppin.

Remember guys and girls, to be a Legend Carder, u gotta be a Ghost ;) Watch your back and F*** the Police!

But when Mr. Webber tried to return to the UK in January 2010 he was arrested at the Gatwick airport.  In 2011 he was sentenced to five years in prison after pleading guilty to charges of conspiracy to commit fraud, conspiracy to make or supply articles for use in fraud and encouraging or assisting offences.

III. Keep Calm and Hack On

That's where the story might have ended, were it not for a seemingly innocuous educational program at HMP Isis, the prison to which Mr. Webber was assigned.  The program was designed to teach inmates information technology (IT) skills to help them find a job after their release.

Somehow no one at the prison seemed to put two and two together and realize that putting a computer in the hands of Mr. Webber, a convicted hacker, might be dangerous.

In late 2011 in a class taught by Kensington and Chelsea College instructor Michael Fox, Mr. Webber used his computer access to hack into prison networks creating a "major panic".

Prison IT officials comment to Sophos : Naked Security:

At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible.

IV. Wild Hack Finally Comes to Light 

The incident was kept off the radar until the matter came before the Croydon Employment Tribunal as part of a case brought by Mr. Fox against his former university employer.

Following the hack Mr. Fox was not fired, but was not assigned new positions.  He comments, "The perceived problem was there was a tutor who had been excluded by the prison and charged with allowing a hacking expert to hack into the prison’s mainframe."

The college’s business development director, Shanie Jamieson, who appears on Mr. Fox's side said: "He [Mr Fox] did not feel he had done anything wrong as the student concerned was in his view a convicted computer hacker and should not have been allowed in his classroom."

ISIS Prison
The HMP Isis facility has been plagued with technical issues.

As a result of the effective dismissal the full tail of the unusual and embarassing hack came to light.

The tale marks the latest odd twist in the career of Mr. Webber.  And for HMP Isis, it raises more serious questions of technical incompetence.

This was not the first incident at the prison.  Back in January 2012 a report by government inspectors suggested the prison was "bedevilled" by faulty technology. During a five-day inspection the prison's biometric thumbprint recognition system broke every single day.

Sources: Sophos, Daily Mail



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Wow UK justice system
By Ammohunt on 3/5/2013 4:28:34 PM , Rating: 4
Only 5 years for $22 millions in theft and fraud UK justice is very strange.




RE: Wow UK justice system
By Assimilator87 on 3/6/2013 12:56:40 AM , Rating: 5
Imagine if he'd pirated $22 million worth of music and movies. He'd have gotten the death sentence.


RE: Wow UK justice system
By bigboxes on 3/6/2013 12:07:04 PM , Rating: 3
No. They would have excuted him, revived him and then executed him again. Killing's too good for that scum! Where's beenthere to back me on this???


RE: Wow UK justice system
By random2 on 3/6/2013 5:46:06 PM , Rating: 4
In the U.S, they don't even put them in jail. They punish them by giving them positions of greater responsibility and authority along with burdening them with even larger bonuses at the end of the year. Banking is a ruthless industry.


So the teacher took the fall?
By Trisped on 3/5/2013 3:52:22 PM , Rating: 5
quote:
At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible.
So the prison system let a convicted hacker use the educational computers (which are supposedly not networked to anything else) and the teach gets the blame?

Sounds to me like a very poorly run prison.




RE: So the teacher took the fall?
By Captain Orgazmo on 3/5/2013 6:57:36 PM , Rating: 2
Have you ever heard of bureaucracy?

The root word is "burro", or ass (jack-ass), hence the definition: The art of covering one's ass.


By geekman1024 on 3/5/2013 8:57:44 PM , Rating: 2
you mean "Burro-caress-y"?


RE: So the teacher took the fall?
By OCDtech on 3/11/2013 12:10:44 PM , Rating: 2
Sounds to me like a normal prison


Brilliant
By mike66 on 3/5/2013 6:05:13 PM , Rating: 5
The kids a genius. The problem is not him but the systems, he sees everyone as stupid so why should the rules for the stupid apply to him. If you see what I'm getting at then he will never reform which is what they do in kiddy jails. He needed to be punished hard core to turn him from he's antisocial behavior. I think that's why the Judge gave him a 5 year sentence which of course got watered down by the stupid do gooders. Adult prison would have worked first time but will be useless now. The best way to deal with now is to give him a well paid job ( so he does not feel like robbing everyone ) in cyber security so he can express his talent in a controlled manner. Give him a terminal and point him to Chinese servers and say " one day of your criminal sentence for every instance of Chinese hacking the west you can back track too source ". Two birds with one stone. Are we learning yet.




RE: Brilliant
By chmilz on 3/6/2013 12:18:02 AM , Rating: 4
If I were him I'd agree to that deal, then steal my boss' identity, and sell some secrets to the Chinese.

Because he's the kind of guy that doesn't seem to give a crap.


Good Background but no meat
By Busboy2 on 3/5/2013 4:09:26 PM , Rating: 5
Any details on the actual hack? The IT said there was an air gap but obviously there wasn't. Good background on the man however I started reading this for the hack.




Access to computers?
By laviathan05 on 3/5/2013 7:25:15 PM , Rating: 2
They should have given this dude the Zero Cool treatment and banned him from using a computer for the next 10 years.

Boom, problem solved.




Shouldn't be in jail
By EricMartello on 3/5/13, Rating: -1
RE: Shouldn't be in jail
By bigboxes on 3/5/2013 10:58:33 PM , Rating: 5
Victimless? Post your credit card number.


RE: Shouldn't be in jail
By EricMartello on 3/6/13, Rating: -1
RE: Shouldn't be in jail
By theapparition on 3/6/2013 10:47:14 AM , Rating: 3
Right. Only the faceless monster of a bank is out of the money. Who cares about them?

Oh...wait...I forgot banks use their customers money, so losses are passed on. If jail time is taken off the list of punishments, then what deterrent is left. Let's all go out and steal credit cards. After all, it's supposedly victimless, right?

Anyway you want to spin this, you are wrong. I don't know if anyone has ever been more wrong on a topic.

Any attempt of misdirection by pointing out Wall Street corruption only weakens your case. Stealing is stealing, and ultimately everyone pays.


RE: Shouldn't be in jail
By Schrag4 on 3/6/2013 12:52:26 PM , Rating: 2
"Shoplifting is a victimless crime, like punching someone in the dark."

Seems you would agree with this obvious satire. You cannot possibly be this shortsighted, can you?


RE: Shouldn't be in jail
By theapparition on 3/6/2013 10:51:53 AM , Rating: 2
quote:
People like this guy should at least be given the option to work as consultants for the government rather than wasting away in a jail cell for a victimless "crime".

The problem with many "hackers" isn't that they are very talented or even geniuses in their fields. Certainly, their skills could be used.

The problem is at the core, many hackers tend to be anarchists. Not all, but many. That belief is precisely why you DON'T want them in positions where they have direct access to government networks.


"I modded down, down, down, and the flames went higher." -- Sven Olsen














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki