Technology blog TechNadu reported that a British teen acting as a hacker-for-hire had been arrested for SIM-Swapping attacks. Elliot Gunton, a 19-year-old from Norwich pled guilty to charges of online fraud and money laundering at the local Crown Court, receiving a 20 month prison sentence. It is reported that he offered hacking-for-hire services in exchange for cryptocurrencies, and charged $3000 per case. His use of cryptocurrency was not enough to stop the authorities from identifying him.
In April 2018 the police visited the teen’s house for a different matter, and made note that he could be involved in cybercrime during their inspection. Gunton’s laptop was seized and during their investigation and analysis of the device authorities were able to determine that he was running a hacker-for-hire service.
The type of attacks that he was conducting are called SIM-swapping attacks. This form of attack is a form of identity theft in which an attacker removes the SIM card from the victim’s phone to access the information stored on the device. The data contained on SIM cards can often contain phone numbers, contact lists, and stored messages. Gunton’s other activities included stealing and selling of personally identifiable information (PII), hacking of an Instagram account, and the breach of a Sexual Harm Prevention Order that was imposed in 2016. In his hacker-for-hire scheme, he made about £275,000 in Bitcoin, which was seized by the police.
The court determined that the imprisonment sentence had already been served on remand and Gunton will not serve any additional time behind bars. He is prohibited from using any internet capable devices unless he is being monitored by the police directly or through a network that the authorities can monitor at all times. He is not allowed the use of a virtual private network (VPN), encrypted communications of any type, or the use of a Tor network. Additional restrictions include the inability to delete web browser history, the use of any private browsing on web browsers, and the use of any cloud storage service. The restrictions are to be imposed for the next 3.5 years and he has been instructed to pay back £407,359 to the identified and confirmed victims.
Email: firstname.lastname@example.org Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology