Feeds

UK hacker jailed for nicking PayPal, banking data from MILLIONS

But York-based cybercrook only made £2.4k, court hears

High performance access to file storage

A UK cybercrook has been jailed for 26 months following his conviction for stealing millions of banking and PayPal identities, the Southwark Crown court confirmed to the Reg.

Edward Pearson, 23, from York, used information-stealing malware to harvest eight million personal identities between January 2010 and August 2011, the court heard. The vast majority of the information covered only names, addresses and dates of birth. However he also apparently managed to get his hands on compromised Paypal accounts and 2,700 bank cards.

The Daily Mail's report said Pearson had written a Python script to download the details of 200,000 PayPal accounts, obtaining names, passwords and balances in the process. He was said to have used variants of the ZeuS and SpyEye Trojans to steal personal information from PCs he managed to infect.

Pearson might have been able to cash out the compromised accounts and make hundreds of thousands in ill-gotten gains. But in the event he actually only made £2,400 before his 21-year-old student girlfriend, Cassandra Mennim, used stolen credit cards to book rooms at two upmarket York hotels, transactions that put police of the trail of the pair. Investigators then linked Pearson's email address to an online identity, G-Zero, which he was purported to have used on underground hacking forums.

After pleading guilty to fraud, Pearson was jailed for 26 months at a hearing at Southwark Crown Court. Mennim, from Newcastle, who admitted two counts of obtaining services by deception, has been placed on probation for 12 months, the York Press reports.

Pearson also is also allged to have hacked into Nokia’s network back in August 2011, prompting the telecoms giant to shut down its internal network for two weeks, the Daily Mail adds. The incident is not reckoned to have resulted in any incidents of fraud and did not form part of the charges against Pearson.

In sentencing Pearson, Judge Ms Recorder Ann Mulligan accepted that his primary motivation was not financial gain while roundly condemning his actions.

"This was a very sophisticated crime, in which you managed to access highly confidential information and put many many individuals at risk of attack," she said.

"I accept that you didn’t sell this information, but you shared it with other computer programmers, and you had no way of knowing how they might use this information. This stupendous criminality was not about financial gain, but about an intellectual challenge," she added.

A spokesman at Southwark Crown court listing's office confirmed the sentences. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.