Feeds

Cracker in ‘credit card Viagra sting on Gates’

Claims in Sun story on Curador beggar belief

  • alert
  • submit to reddit

High performance access to file storage

A teenager hacker, who is awaiting sentence after pleading guilty to stealing credit card details from a number of insecure Web sites, has reportedly claimed he sent a shipment of Viagra to Bill Gates using the Microsoft boss's own credit card.

In an 'exclusive' story given star billing in today's issue of The Sun, Raphael Gray explained the motives behind his crusade to expose the insecurity of ecommerce sites.

"I wanted to prove how insecure these sites are - that's why I posted the information on the Internet. I had no choice. If I could get in then so could someone else," Gray is quoted as telling friends.

"I sent Bill a lot of Viagra and I was disappointed not to get a thank you note for demonstrating the insecurity of the site."

As previously reported, late last month Gray (whose handle is "Curador" or custodian in Welsh) pleaded guilty to theft and hacking offences which fall under the Computer Misuse Act.

Gray set up two Web site, ecrackers.com and freecreditcards.com, paid for with stolen credit card details. On these sites he published credit card details obtained from dotcom sites, including what was alleged to be the credit card details and phone number of Bill Gates.

This latter claim was subsequently debunked, and did not feature as part of the case against Gray. However despite this the Web sites brought Gray to the attention of the FBI, a raid on the sleepy Welsh hamlet where he lived and his eventual conviction.

Neil Barrett, technical director of Information Risk Management, and expert witness for the prosecution in the case, said claims attributed to Gray about Gates could only be true if he was involved in the attack on Davos, where the Microsoft's chairman's credit card details might well have been exposed.

Barrett said that Gray would be foolish to hack something else or make such claims whilst awaiting sentence on other offences.

He commented that in general young hackers, although technically gifted, are often exposed as naive about the seriousness of their offences and have a tendency to boast about what they have done, even to investigators.

Prior to pleading guilty, Gary had argued in his defence the he hadn't hacked the Web sites and that because there was no way for him to establish that his access was authorised, it couldn't be unauthorised. When it came to trial these arguments were dropped and he pleaded guilty.

"It was a shame that the interesting arguments about authorised versus unauthorised access on Web sites were not fully exposed in the case," said Barrett.

Gray will be sentenced later this month but according to The Sun article he's been offered a job as a security consultant by an unnamed software firm. Really guys, you're just making this stuff up aren't you?

Or maybe not, the story also quotes Microsoft spokesman Mark Thomas who is quoted as saying "we do not endorse hacking but we know hackers are out there and want them to work with us".

Nice try but we still don't believe Curador landed a job with either Microsoft or a security firm.

Still, it might make for a nice change in strategy for Microsoft - willingly working with people who could advise it on how to make its software secure, rather than creating fresh problems to exploit. ®

Related Stories

Welsh hacker pleads guilty to deception and theft
Hackers worse than terrorists - Robin Cook
Win-NT/IIS admins made April Fools by hackers
One in three UK firms hit by cyber-crime

External links

Curador's web site (contains bogus Bill Gates credit card details) - as mirrored by Attrition
Hacker, 19, in Viagra 'sting' on Bill Gates

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.