Scottish hacker and spammer gets 1 1/2 year in jail
November 23, 2010
Matthew Anderson, a thirty-three year old Scottish hacker and email spammer was convicted and sentenced to 1 1/2 year in prison this morning and was also ordered to pay £5,000 in costs for hijacking thousands of computers from his mother's house.
Anderson used the global network of compromised computers to send tens of millions of spam emails. The father of five, whose own home was too remote to get broadband Internet access, also stole personal data and spied on victims via their webcams.
Known in hacker circles as "Warpig", Anderson commissioned a Finnish programmer to create sophisticated, IRC-controlled bots and backdoor viruses, including "Breplibot". He disguised these Trojans as legitimate files, and used an existing list of four million email addresses to build the botnet through malicious attchments.
Anderson pleaded guilty last month and sat impassively in the dock at Southwark Crown Court as the sentence was being read earlier this morning.
"Clearly, only a custodial sentence is justified," said Judge Geoffrey Rivlin, spurning appeals by the defence for a suspended sentence.
The Judge added that had the offences been committed since October 2008, when the maximum sentence for offences under section three of the Computer Misuse act was doubled to 10 years, Anderson's sentence would be "at least" 36 months.
According to the prosecution's opening note to the sentencing hearing, Anderson made about £12,800 between September 2005 and his arrest on 27 June 2006, by sending up to 50 million junk emails in total. Winston Lay, a Suffolk businessman who didn't know Anderson was also using illegal methods to distribute marketing material, and then paid him for business "leads".
Anderson said to the Judge: "The computers that I did this from didn't come to any harm. I didn't steal information from them, I wasn't out to do identity theft or anything like that, my main aim was to support my family and generate 'leads' for Winston. Winston didn't know how I went about this, but I just provided him with a list of emails once a week, maybe twice a week sometimes."
But a closer analysis of the computer Anderson used at his mother's house showed he had stolen data. He had used his access to upload software to to log keystrokes, and to download intimate photographs, medical information, CVs, even a will and various webcam images he managed to capture.
In an Internet Relay Chat exchange with "CraDle", Anderson described how he took control of a teenage girl's computer and took pictures as she became upset.
Source: The Southwark Crown Court.
You can link to the Internet Security web site as much as you like.