Teen TalkTalk hacker ordered to pay £400k after hijacking popular Instagram account
Sanitised browser history sparked another investigation
One of the crew who hacked TalkTalk has been ordered to hand over £400,000 after seizing control of a high-profile Instagram account following a hack on Aussie telco Telstra.
Elliott Gunton, 19, pleaded guilty to breaching a Sexual Harm Prevention Order (SHPO), Computer Misuse Act crimes and money laundering at Norwich Crown Court. He was sentenced on Friday 16 August.
The Instagram account he targeted, @adesignersmind, was used by an Australian designer to post innocuous lifestyle content – until Gunton got his hands on it. Boasting to his girlfriend in chat messages later found by police, the teenager bragged that he had "jacked a 1.2M IG". The account, meanwhile, had auto-replies configured to send abuse to people interacting with its content.
It took two weeks for the hapless designer to regain access to it, with prosecuting barrister Kevin Barry telling the court: "He was both mortified by the hack and the content put on his account. It caused him considerable stress and anxiety."
Gunton admitted illicitly finding his way into the systems of Telstra, according to the Eastern Daily Press which attended the sentencing hearing.
He was said to be adept at "social engineering and exploitation of the network provider's inadequate systems", using that access to compromise social media accounts. He was also accused of preparing to carry out SIM-swap attacks as part of his account-compromising operation.
On top of the social media chicancery, Gunton had also pleaded guilty to money laundering. Police workers became suspicious when a house raid and subsequent examination of his computers and devices revealed a Bitcoin wallet. Police said the wallet contained £407,359.35 worth of Bitcoin at the time of the seizure – which Gunton has now been ordered to hand over.
As we previously reported, the Bitcoin was the proceeds of Gunton's crimes. After compromising Instagram accounts, he would then trade the account details on cybercrime forums, earning thousands of pounds at a time thanks to his status as a "highly respected member".
Gunton also pleaded guilty to breaking his SHPO after police found the popular CCleaner disk cleanup and file deletion utility on his laptop. A standard condition of SHPOs prohibits deleting one's internet history or otherwise obscuring it so unskilled police employees are unable to trawl through it for any evidence of wrongdoing.
The SHPO was imposed when Gunton was being investigated for his part in the TalkTalk hack of 2016, to which he pleaded guilty. Police said they had found indecent images of children on the then 16-year-old's devices. Gunton had applied to have his SHPO removed, which triggered an increase in no-notice police visits to inspect his browsing history. It was the discovery of CCleaner that triggered the full investigation in the latest case.
Defending Gunton, barrister Matthew McNiff said the SHPO had stopped his client from taking a job at a "multinational accounting firm", but added, addressing the full spectrum of Gunton's criminality: "It is not incorrect to describe him at the time as a young man, both in years and maturity... He has evolved from someone isolated from society into an individual who no longer sits in his room."
Sentencing him, His Honour Judge Stephen Holt said: "It is quite plain over the last 18 months you have grown up and matured considerably."
Gunton, 19, of Longland Close, Old Catton, Norwich, admitted five charges including money laundering and Computer Misuse Act offences. He was sentenced to 20 months, though was immediately freed thanks to time spent in prison on remand. A 3.5-year community order was also imposed to restrict his internet and software use. ®