Headline Feeds
The self-proclaimed "Saint of E-Commerce," a 19-year-old Welsh teenage hacker named Raphael Gray, was sentenced Friday in a Wales court to three years of psychiatric and community service rehabilitation for posting the hacked credit card details of thousands of people to the Web, according to reports in the London Register.
Gray, who also went by the hacker name "Curador," pled guilty in March to two charges of obtaining services by deception and six charges of intentionally accessing sites containing credit card details. The offenses fell under the UK's Computer Misuse Act of 1990.
According to the U.S. Federal Bureau of Investigation (FBI), Gray stole more than 23,000 credit card numbers from multiple e-commerce sites worldwide, with losses in fraudulent charges estimated to be above US$3 million.
It took the FBI and Welsh authorities over a month to track down and raid the premises of "the Saint," who operated out of his parents' home in a small Welsh town.
Motive and Means
Gray has maintained from the beginning that his motivation for the hacks was to prove how insecure e-commerce sites are.
"Maybe one day people will set up their sites properly before they start trading because otherwise this won't be the last page I post to the Net," Gray said on his Web site. "If your site is broken into, you should spend more time asking why and not who."
At the Gates
Gray also claimed to have stolen the credit card details of Bill Gates, which several other news sources stated he posted to his Web sites and used to send a shipment of Viagra to the Microsoft (Nasdaq: MSFT) chief. However, the London Register said the alleged Gates details were obviously phony.
Visits to a mirror version of Gray's site on Attrition.org revealed that the Gates' data was probably not accurate. The site states: "The number does not look valid but orders had been taken on this card at the site I got it from so judge for yourself."
Gray's efforts to expose e-commerce security flaws also reportedly led to the closure of several of the sites he hacked.
Defense Not Heard
According to the Register, Gray's defense prior to pleading guilty was that because there was no way he could establish that his access to the credit card numbers was authorized, it could not be proven to be unauthorized -- which would mean that no hacking had actually taken place.
However, these arguments, which could potentially have led to a significant line of defense for hackers, were never tested in court due to Gray's eventual guilty plea.
The defense said that a head injury suffered by Gray four years ago, as well as chronic low self-esteem, were among the reasons behind his actions.
Published sources said that Gray appeared not to regret what he had done.
"I would do it all again but another time I would choose to ensure that I
acted legally," he told the UK's Press Association news agency.
Talkback: 
