Hacker jailed for selling 78m personal records

Minster-on-Sea

A cyber criminal who stole personal details of 78 million people to sell on the dark web has been jailed for more than 10 years.

Grant West, 26, hacked the computers of 500 companies across the world including the Just Eat food chain.

He blew thousands of pounds womanising in Las Vegas – but only bought his girlfriend Rachael Brookes a £40 bikini for helping him to make up to £2 million.

The millionaire drove around in a £40,000 Audi sports car while living on a caravan park on the Kent coast.

West and Brookes, 26, hacked the servers of ‘Just Eat’ to steal the personal details of 165,000 customers.

Jailing him for ten years and eight months Judge Michael Gledhill, QC, said: ‘A message has to go out from this court.

‘Those who have your abilities in computers and electronic communications, if you abuse them and commit criminal offences by using your skills and if you are caught these courts will impose very heavy sentences in order to deter other like minded, such as yourself.

‘You enjoyed the money that you made and I have no doubt at all that at least some of it has been secreted away, hoping that it will be there when you are released.

‘When members of the public decide to become customers of companies such as Just Eat they rightly expect that their sensitive details will remain private.

‘Consumer companies themselves are only too well aware of the need for security and take every precaution to make sure that no unauthorised person has access to that material.

‘Regrettably, security of information held is at best poor, whenever such internet security is confronted by a criminal of your skills and ambitions it is totally unfit for purpose.

‘This case should be a wake up call to the very real threat of what is now known as cyber crime.

‘You have a deep and impressive knowledge of computers and if you had decided to use your abilities lawfully I would have no doubt at all that you would have a very successful career.

‘You considered yourself as untouchable, you thought you were covered in teflon – nothing would stick to you – and so I look with some cynicism in what you now from a prison cell say you wish you had done throughout those years.’

West used the confidential information he gleaned in the hack to send out ‘phishing’ emails to Just Eat customers offering ten-pound rewards for completing a survey.

Victims were asked to disclose more details about themselves including names, addresses, email addresses, passwords and credit card CVV numbers – known as ‘Fullz’ – which were sold on to other cyber-crooks over the dark web, Southwark Crown Court heard.

The hack set Just East back around £210,000 in repair and litigation costs but their customers are thought to have lost hundreds of thousands more.

West carried out ‘brute force’ attacks against companies including Sainsbury’s, Groupon, Uber, T-Mobile, Asda, the British Cardiovascular Society and Argos while on bail for the Just Eat hack.

The geek, who used the pseudonym ‘Courvoisier’ after the expensive cognac, offered a bespoke service where dark web customers could buy premium California cannabis along with bank details.

West then converted his profits into £500,000 worth of the crypto currency Bitcoin.

A further £1.6m worth of offshore crypto currency remains unaccounted for.

Detectives found £25,000 in his caravan as well as half a kilo of cannabis in storage containers rented by West.

Kevin Barry, prosecuting, said the couple ‘reached an agreement to get confidential details of Just Eat customers.

‘They wanted to carry out fraudulent actions. This was a sophisticated and organised agreement and planned.

‘West pleaded guilty and can rightly be called an expert.

‘Just Eat is an online delivery company. It holds a date-base which as the confidential details such as names and payment records.

‘The defendant was involved in the hacking into the data-base. Then the fraud was then the use of email addresses to send out, ‘phishing emails’.

‘Many of these emails were crafted to look like they were made by Just Eat and had offers of a cash reward.

‘The customers were asked to complete a survey, but the emails were never sent back to Just Eat.

‘They went to the fraudsters. This data was then used to get more information about the Just Eat customers.

‘Complete sets of information are known as, ‘Fullz’. This is then used by the criminal minded to carry out fraud.

‘It is of intrinsic value to them and often traded in massive quantities. When on the dark web each data is given a value, and this can be just a few pence or thousands of pounds.’

West’s scams came to light after several Just Eat customers became suspicious about the phishing email encouraging them to open a poisonous link and reported it to Action Fraud.

He was in a first class railway carriage carrying out some crooked deals on his laptop when an undercover detective arrested him in front of applauding commuters last September.

In the first case of its kind for the Met Police, cyber crime detectives then seized £500,000 worth of Bitcoin from his bank accounts.

Brookes was spared jail earlier this month after claiming her only benefit was the cheap swimsuit she ‘fell into the arms of a villain.’

West expressed his remorse for putting the mother of his 19-month-old baby in a ‘precarious’ position.

Brookes, of Ffordd Colomendy, Denbigh, north Wales, admitted doing an act with intent to secure unauthorised access to data held on a computer.

West, of Minster-on-Sea, Kent, admitted two counts of conspiracy to defraud, one of the unauthorised modification of a computer, attempting to supply cannabis, offering to supply cannabis, possessing cannabis, possessing cannabis with intent to supply, two counts of possessing criminal property and money laundering.

The profligate nerd swaggered through the door to the cells with a grin on his face to begin his sentence.