Brit founder of Windows leaks website BuildFeed, infosec bod spared jail over Microsoft hack

The Brit who ran the BuildFeed website of Windows leaks has been handed a suspended prison sentence – along with a former Malwarebytes bod who hacked into Microsoft's internal OS development networks.

Thomas Hounsell, 26, of Station Road, Sleaford, Lincolnshire, and former Malwarebytes researcher Zammis Clark, 24, of Agar Crescent, Bracknell, Berkshire, were convicted of computer misuse offences yesterday.

As reported by The Verge, Clark "gained access to a Microsoft server on January 24th, 2017 using an internal username and password he had acquired. Once inside the corporate network he achieved persistence through the use of a web shell and then helped himself to what was described as '43,000 files'."

Those files came from Microsoft's Windows flighting servers. Clark, aka Slipstream online, "targeted unique build numbers to gain information on pre-release versions of Windows".

Many wondered why Hounsell abruptly shut down Buildfeed in January after posting a rambling statement on the site which said, among other things: "The truth is that were it not for my failings, this day would not have come; and were it not for the persistent activities by third parties to force us offline, this day would not have come either."

The Register can reveal that Hounsell killed off Buildfeed, which tracked Windows leaks and releases, about a week before his and Clark's crown court hearing began this year, the two having entered pleas in September 2018. The Verge added that Hounsell used Clark's illicit access inside Microsoft "to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period".

In the Buildfeed shutdown statement, Hounsell also claimed not to have been involved in the "day to day running" of Buildfeed for "over two years now". In mid-2017, British police from the South East Regional Organised Crime Unit (SEROCU) arrested "a 22-year-old from Lincolnshire" on suspicion of "gaining unauthorised access to a computer", in connection with what was alleged at the time to be a conspiracy to break into Microsoft's internal networks.

While out on unconditional bail over the Microsoft hacking, Clark then went on to gain access to Nintendo's game development servers.

Microsoft veep Tom Burt told The Register in a statement: "This action by the courts in the UK represents an important step. Stronger internet security not only requires strong technical capability but the willingness to acknowledge issues publicly and refer them to law enforcement. No company is immune from cybercrime. No customer data was accessed, and we're confident in the integrity of our software and systems. We have comprehensive measures in place to prevent, detect, and respond to attacks."

While the police investigation into the Microsoft breach was active, Clark had been blogging for Malwarebytes*, and his last contribution was made in May 2017 – a month before SEROCU's first arrests.

Sitting at Blackfriars Crown Court yesterday afternoon, His Honour Judge Alexander Milne QC handed Clark a 15-month prison sentence suspended for 18 months, along with a 25-day rehabilitation activity requirement order, a serious crime prevention order lasting five years and a £140 victim surcharge tax. Clark pleaded guilty to three charges under the Computer Misuse Act 1990.

Hounsell pleaded guilty to a single charge under CMA90 and was sentenced to six months' imprisonment, suspended for 18 months, along with a 100-hour unpaid work order and a £115 victim surcharge tax. ®

Updated to add at 10:32 UTC on Monday 1 April

*Malwarebytes has been in touch to say: "When we learned about the allegations we terminated [Clark's] employment."