Instantly delete email threats with 365 Threat Monitor » Free Offer
Welcome Guest | Sign In
ECommerceTimes.com

Welsh Teens Arrested for E-Commerce Hack Attacks

By Lori Enos
Mar 27, 2000 12:00 AM PT

The Federal Bureau of Investigation (FBI) announced Friday that two Welsh teenagers have been arrested for allegedly hacking into 11 e-commerce sites and stealing information on more than 26,000 credit card accounts. Losses in the case could exceed $3 million (US$).

Welsh Teens Arrested for E-Commerce Hack Attacks

Raphael Gray, 18, and another unnamed teenager are being charged under the United Kingdom's 1990 Computer Misuse Act and may also face charges in the United States. The British Broadcasting Corporation (BBC) is reporting that the two have been released on bail and are scheduled to "return to an undisclosed police station at an undisclosed date."

In an interview with the E-Commerce Times, security expert Chris Davis, who worked on the investigation with the consulting firm TygerTeam, said the pair exploited two breaches to break into the systems. Davis said the first allowed them to locate security holes and the second allowed them to access data on supposedly secure servers. At least part of the problem was attributed to a flaw in Microsoft's e-commerce Web server software.

Hackers Hit World Wide

Gray and the unnamed teen, acting under the screen name Curador, are accused of breaking into sites in Britain, the United States, Canada, Japan, and Thailand. The hacker attacks apparently began in January and targeted smaller e-commerce sites such as Feelgoodfalls.com, LTAMedia.com, and Promotobility.net. The hackers reportedly posted at least 1,000 of the stolen credit card numbers online and used them to charge -- among other things -- the registration of their domain name.

The duo was tracked down by an international task force that included the Welsh police, the FBI, the Royal Canadian Mounted Police and Internet security consultants. The FBI said the international banking and credit card industry also helped solve the case.

Hackers Needle Gates

Even Microsoft founder Bill Gates was not immune to the hacker attack. The Telegraph reported Sunday that the hackers e-mailed Gates' credit card details to NBCi, a subsidiary of NBC.

In a message on their Web site, which has since been taken down, Curador said "Greetz to my friend Bill Gates, I think that any guy who sells Products Like SQL Server, with default world readable permissions can't be all BAD."

Call for International Policing

Davis called the attacks a "real wake-up call for the e-commerce community." He also told the E-Commerce Times that "The most important lesson we can learn from this is that we need to establish a police force that handles nothing but crimes like this."

Davis believes that an international force is the answer, because investigators working on this case narrowed the search for the hackers to two neighboring houses in the small town of Clunderwen within a week. However, it took another month to move in on them because of jurisdictional squabbles, most notably between the U.S. Secret Service and the FBI.

Davis believes these incidents were more serious than the much-publicized denial-of-service (DoS) attacks on popular Web sites last month, because sites were not actually compromised in those instances.


Deliver winning CX every time
How important is social media to the success of your business?
Highly -- Social media is essential to our business model.
Somewhat -- We do see benefit from social media, but without it our operations would continue.
Minimally -- We're on social media because that's expected, though it's influence on our success is negligible.
Not at All -- Social media is not useful to our business.
Deliver winning CX every time