A teenager hacker, who is awaiting sentence after pleading guilty to stealing credit card details from a number of insecure Web sites, has reportedly claimed he sent a shipment of Viagra to Bill Gates using the Microsoft boss's own credit card.

In an 'exclusive' story given star billing in today's issue of The Sun, Raphael Gray explained the motives behind his crusade to expose the insecurity of ecommerce sites.

"I wanted to prove how insecure these sites are - that's why I posted the information on the Internet. I had no choice. If I could get in then so could someone else," Gray is quoted as telling friends.

"I sent Bill a lot of Viagra and I was disappointed not to get a thank you note for demonstrating the insecurity of the site."

As previously reported, late last month Gray (whose handle is "Curador" or custodian in Welsh) pleaded guilty to theft and hacking offences which fall under the Computer Misuse Act.

Gray set up two Web site, ecrackers.com and freecreditcards.com, paid for with stolen credit card details. On these sites he published credit card details obtained from dotcom sites, including what was alleged to be the credit card details and phone number of Bill Gates.

This latter claim was subsequently debunked, and did not feature as part of the case against Gray. However despite this the Web sites brought Gray to the attention of the FBI, a raid on the sleepy Welsh hamlet where he lived and his eventual conviction.

Neil Barrett, technical director of Information Risk Management, and expert witness for the prosecution in the case, said claims attributed to Gray about Gates could only be true if he was involved in the attack on Davos, where the Microsoft's chairman's credit card details might well have been exposed.

Barrett said that Gray would be foolish to hack something else or make such claims whilst awaiting sentence on other offences.

He commented that in general young hackers, although technically gifted, are often exposed as naive about the seriousness of their offences and have a tendency to boast about what they have done, even to investigators.

Prior to pleading guilty, Gary had argued in his defence the he hadn't hacked the Web sites and that because there was no way for him to establish that his access was authorised, it couldn't be unauthorised. When it came to trial these arguments were dropped and he pleaded guilty.

"It was a shame that the interesting arguments about authorised versus unauthorised access on Web sites were not fully exposed in the case," said Barrett.

Gray will be sentenced later this month but according to The Sun article he's been offered a job as a security consultant by an unnamed software firm. Really guys, you're just making this stuff up aren't you?

Or maybe not, the story also quotes Microsoft spokesman Mark Thomas who is quoted as saying "we do not endorse hacking but we know hackers are out there and want them to work with us".

Nice try but we still don't believe Curador landed a job with either Microsoft or a security firm.

Still, it might make for a nice change in strategy for Microsoft - willingly working with people who could advise it on how to make its software secure, rather than creating fresh problems to exploit. ®

Related Stories

Welsh hacker pleads guilty to deception and theft
Hackers worse than terrorists - Robin Cook
Win-NT/IIS admins made April Fools by hackers
One in three UK firms hit by cyber-crime

External links

Curador's web site (contains bogus Bill Gates credit card details) - as mirrored by Attrition
Hacker, 19, in Viagra 'sting' on Bill Gates