UK hacker accessed accounts for 20 months before bust

The reassuring news in the UK this past week was that Edward Pearson, a 23-year-old hacker from York, was jailed for 26 months after stealing the personal information of bank card, credit card and PayPal customers. Also a relief to those customers was that Pearson was caught after making only $3,800 in fraudulent transactions.

Much less reassuring was that Pearson had spent 20 months hacking into those accounts -- Jan. 1, 2010 to Aug. 30, 2011 -- and was able to use Trojans such as Zeus and Spyeye to collect personal details on about 8 million people. Authorities said he could easily have stolen about $1.3 million.

The Daily Mail reported that it was only because his 21-year-old girlfriend, Cassandra Mennim, used stolen credit cards to book rooms at the upmarket Cedar Court Grand and Lady Anne Middleton Hotels, that investigators were able to track him down before more damage was done.

According to the Mail, Pearson also hacked into telecommunications giant Nokia's internal network and copied the details of over 8,000 members of staff. Last August, Nokia issued a warning that the community discussion of part of its app developers' forum had been hacked, and that their information may have been stolen.

The takedown of Pearson is said to be part of a crackdown on cybercrime. TechWeekEurope reported in mid-March on the arrest of 14 people suspected of a phishing operation that stole Ã'£1 million from one woman. The Metropolitan Police Service said 150 officers across different forces in its Police Central e-crime Unit (PCeU) were involved in the operation.

The PCeU had earlier announced the arrest of a 37-year-old man in Belvedere, Kent for computer misuse, in connection with an investigation into online banking fraud. A bank had complained that some of its online accounts had been compromised over an 18-month period.

All of which can leave credit and bank card users wondering how effective a crackdown is if it takes 18 months or more to eliminate a hacker.

Graham Cluley, a senior technology consultant at Sophos in the UK, says it is not the fault of investigators that things move as slowly as they do.

"Internet crime investigations are complicated," he says, "and it can take a great deal of time to identify those responsible and gather all the evidence properly." Cluley also says the crackdown is unlikely to curb cyber crime, since the rewards far outstrip the risks.

"I think we can expect to see more arrests and sentences in future. The only question is whether they will act as a deterrent -- and I fear that the rewards for cybercrime are so huge that there won't be a shortage of people willing to risk a jail sentence."

Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.

Join the CSO newsletter!

Error: Please check your email address.

More about etworkMicrosoftNokiaPayPalPearsonSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts