A teenage British hacker has been sentenced to 20 months in prison after pleading guilty to selling hacking services and stolen personal data for cryptocurrency.
19-year-old Elliott Gunton was no stranger to the authorities, having previously been convicted in December 2016 for his role in the infamous hack of the telecoms firm TalkTalk.
Gunton, 17 years old at the time, avoided a prison sentence in relation to the TalkTalk breach, but was given a 12-month youth rehabilitation order.
You would like to think that such a close call would teach Gunton to keep on the straight and narrow in future, but unfortunately it did not.
On September 8 2017, Gunton hacked Australian designer Phil Darwen, who runs the “A Designer’s Mind” Instagram account with more than 1.4 million followers.
Gunton seized control of the Instagram account for two weeks, setting up an auto-reply that sent “grotesquely offensive” messages to Darwen’s customers.
At the time Gunton was being monitored by police under a sexual harm prevention order (SHPO), after he had been found to be in possession of indecent images.
Under the terms of the SHPO, police checked Gunton’s laptop every six months to check that he was complying. The SHPO banned Gunton from using incognito mode to hide his browsing activity, delete his browser history, or do anything else that prevented police checking his laptop from determining what sites he had been visiting.
However, police readily admitted that their checks would not actually determine if internet browsing histories had been deleted.
“Our unit does not have specialist software for home visits and we have to rely on the honesty of the offender. It would be impossible for us to know if he has deleted any history.” The Eastern Daily Press reported Detective Constable Jamie Hollis, of the public protection unit at Norfolk Police, as saying.
It was only in April 2018, when authorities learnt that Gunton was planning to appeal his SHPO that they seized his computer for a “thorough search”, and found software had been installed to wipe his internet history and activities.
In a subsequent search of Gunton’s home, police seized an iPhone and a £10,000 Rolex watch hidden in a safe. In addition, investigators discovered that Gunton had received significant deposits in his Bitcoin wallet, including over $100,000 on just a single day.
Police were suspicious of his earnings, and Gunton claimed he had amassed a cryptocurrency fortune worth more than $380,000 through online trading.
However, police found evidence on his computer that Gunton Gunton had offered to supply compromised personal identifiable information (PII) of individuals to third-parties, to assist fraudsters in hijacking mobile phone numbers through SIM swap fraud.
And despite Gunton’s attempts to wipe any evidence of wrongdoing from his computer, the authorities discovered “fragments” of conversations where he discussed criminal activity with others.
Bizarrely, despite attempting to wipe digital evidence from his hard drive, Gunton was not afraid to brag on his @Gambler Twitter account about his money-making activities:
Gunton received a 20 month prison sentence at Norwich Crown Court last week, but was immediately released due to having already served his sentence while on remand.
He has, however, been ordered to pay back £407,359, and has been issued with a three and a half year Community Behaviour Order which – amongst other restraints – limits his access to the internet, requires him to share his browsing history and any passwords with the police, and forbids him from deleting his internet history or using VPNs or proxies.
“Gunton was exploiting the personal data of innocent businesses and people in order to make a considerable profit but he did not succeed in hiding all of his ill-gotten gains which enabled us to seize hundreds of thousands of pounds worth of Bitcoin,” said Detective Sergeant Mark Stratford of the Norfolk constabulary.