A 25-year-old UK man got three years and eight months in prison for stealing account credentials which he then used to purchase goods worth $112,000 from online stores.
Sentencing Andrew Morgan and three others at Grimsby Crown Court in the UK, Judge David Tremberg said the offenses caused “enormous inconvenience and vexation” to customers.
Tremberg told Morgan he was not at the level of sophistication of professional fraudsters to devise his own hacking tool kit, but the judge described him as an “enthusiastic follower” of a forum on how to commit fraud, according to a report in the Grimsby Telegraph.
Tremberg said Morgan had played the “senior operational role” organizing multiple attacks.
He also imposed a Serious Crime Prevention Order which means Morgan cannot change his name for Internet purposes and he must keep a verifiable history of all Internet use for five years.
Accomplices included Ashton Leach, 21, of Immingham, who admitted conspiracy to commit fraud and two drug offenses, including the supply of cannabis and methadrone in November 2011.
He received eight months in prison suspended for 18 months and 80 hours of unpaid work for the fraud offenses and a further eight months suspended for 18 months and 80 hours unpaid work for the drugs offenses.
Amanda Gollings, 32, of Immingham, admitted conspiracy to commit fraud between August and September last year.
She said she had signed for goods three times but pleaded guilty on the basis that she only dishonestly signed for two of them. She received a 12-month community order and 60 hours of unpaid work.
Her cousin Sarah Louise McIntyre, 22, of Immingham, admitted using criminal property, a Nintendo DS for her son, but said she was not part of the conspiracy of her former partner, Morgan.
Prosecuting, Craig Lowe said Proceeds of Crime proceedings will end up taken against Morgan. He said Leach had received goods in 50 transactions in one month.
Lowe said Morgan hacked into confidential information held electronically by various companies, which he had learned how to do by going on websites that provide a tool kit to obtain email address and passwords.
Firms like Amazon set up accounts that store details on secure servers and end up used each time a customer makes a purchase, using a “one click” system so the customer doesn’t have to give details each time they order.
One of the stipulations of opening an Amazon account is that the billing or home address should be the same as the delivery address, to try to reduce fraud, the court heard.
On one hackers’ forum, Morgan said he had been doing fraud for two years and had “blasted it for four months with Paypal, Amazon and shops.”