Feeds

back to article Teenage duo sentenced over credit card Ghostmarket

Two UK teenagers received sentences for repeated hack attacks that stole credit card data and took one online webhost offline. Zachary Woodham, 19, and Louis Tobenhouse, 18, pleaded guilty to the online offenses in late December, members of the Metropolitan Police Service's Police Central e-Crime Unit said on Monday. Using the …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

Stiffer sentences required

Hackers who steal credit card and personal data should get a mandatory 5 years minimum prison sentence. They ruin many peoples lives for decades.

16
4
Silver badge
Thumb Down

@Stiffer sentences required...

The Daily Mail forums are that way ---->

6
14
Grenade

Meh

They are 19 and its the first offence. I bet even a year in jail would make make them never commit another hacking offence as long as they live. Isn't that the purpose of jail after all to rehabilitate or is it to punish and spread fear amongst other hackers by making an example? might want to ask yourself that question.

5
3
Thumb Down

Pretty immature statement

Those are mostly 18-yo script-kiddies with no experience at life. The ones that should be punished are web developers that make such unsecured applications and take tonnes of money for them. Nowadays anyone can run fully automated scripts that extract credit card info using Google, the thing is those kids aren't fully aware of what they're actually doing.

2
12

It should be a minimum of 20 years.

Enough to ensure that whatever skills they had are completely obsolete by the time they emerge from incarceration.

1
2
WTF?

Not so much

I don't think it's a pretty immature statement in the slightest. I think maybe the five years mentioned is a little extreme, but a mandatory two years, not so much. Would your view change if it was some chav who mugged an old lady and went on a spending spree with her cash and cards, or a teen burglar pilfering your TV's and laptops. Just because it's online doesn't make it a victimless crime and as mentioned, some people are affected for years.

5
2
Bronze badge

all of the above

I suppose there are multiple reasons for whatever action is carried out in response to a crime, ideally it should satisfy all of the following:

1. personal deterrence (i.e. discouraging the perpetrator committing the crime again)

2. preventing recidivism (making it *impossible* to commit the crime again, distinct from point 1)

3. deterrence by example (i.e. discouraging everyone who finds out about it from committing the same crime)

4. restitution/compensation (all damage done in committing the crime is repaired, all losses are returned, where not possible, alternatives such as financial compensation would be indicated)

(probably more, but that'll do for now)

Prison would:

probably be OK for 1

2, temporarily (or not, if there are computers for prisoners to use in prisons)

3 - yes, probably

4 - definitely not - it would be the opposite, as it puts everyone's taxes up slightly

It would be good if judges had to show that any sentence satisfied all these criteria, although that's likely impossible.

2
0
WTF?

@Pretty immature statement

Brilliant.

Going by your logic, you should be jailed if you get mugged, because you didn't take self defence lessons.

Or maybe if someone, kicks in your front door, steals your car keys, then you should be jailed becuase you didn't have an reinforced steel door, your keys were not in a safe and you didn't remove the f'ing battery from your car.

They knew full well what they were doing.

A 10 year ban from using computers and the internet would be a better punishment.

4
2
Alert

Jesus Jones

So if I leave my front door unlocked it should be legal to steal mine and other people's stuff, then I should be flogged for having my shit stolen?

3
1
Silver badge

other way to rob people

"Isn't that the purpose of jail after all to rehabilitate or is it to punish and spread fear amongst other hackers by making an example?"

Nope, it's for outfits like Group4 to make shedloads of money.

It goes hand-in-hand with the Daily Wail's "Lock them all up" and the inhuman treatment of unwanted forriners -- there's a killing to be made in prisons (it starts with getting rid of staff).

2
3
Flame

Retribution

I'm guess the bleeding hearts have never been the victim of credit card fraud.

Please note that by victim, I don't mean that you were mildly inconvenienced by having your card used for fraud. The victim in that situation is not you, it is whatever poor sod took payment for goods on your card, and once you have reported the fraud, will have the funds stopped out payments for future transactions.

These two thieves quite probably have either stolen from me directly, or have enabled others to do so. And I want justice for that.

I don't want it primarily for the good of society, or for the good of these thieves. I want it because I have been stolen from, and I want the shits who did it to suffer for it.

This is the most fundamental purpose of the justice system - not to rehabilitate criminals, or even to confine them or deter them. It is to provide justice to those who have had crimes committed against them; you cannot have a justice system that doesn't acknowledge this, since people will take the law into their own hands if they cannot get justice through the system.

I always find it amusing that the same people who take a bleeding heart approach to crimes of property theft against others, often sound like a Daily Mail headline when they talk about spammers. Shows you the different perspective you have when you are a victim, even if the crime has only cost you a few seconds of your time.

1
2

@Maxson

Broken analogy. If you were running a storage business and you left your door unlocked, and other peoples' stuff got stolen (that they had paid and trusted you to look after), then yes you would be culpable. So would the security consultant who advised you that an alarm wasn't necessary.

None of this makes it legal to steal, or even mitigates it. When a crime is committed there isn't a fixed amount of blame that has to be shared out amongst those responsible. The thief is just as guilty whether or not those in charge of security did their job properly.

1
0
FAIL

Buckets of Phail

@Mike2R "I'm guess the bleeding hearts have never been the victim of credit card fraud."

You guess wrong, even with your specialised redefinition of where the victim lies.

Like lots of posters here you dont want "justice" - you want revenge and the two are very different things.

Justice holds for a "fair and reasonable" treatment which is instantly lost when we demand teenagers (too young to drink in the US as an example) should be punished in a manner that would pretty much ensure the rest of their lives is spent pursing criminal activities.

Yes, what they have done is wrong and criminal and there should be an element of punishment involved. 12 months in jail is *only* a soft option to people who live in luxury and, through misguided reading of various tabloids assume that prison is a holiday home. It is not.

The "justice system" is not the "punishment system" - we moved away from that concept centuries ago (in principle if not in practice). In normal use, the criminal justice system is made up of multiple components, each of which is as "fundamental" as the other. Using the justice system as nothing more than a punishment system has been shown the world over to lead to more crime and public uprising. You appear to be driving for a revolution in your frothing desire to send these people down for LONGER sentences than if they carried out accounting fraud and stole millions from the taxpayer.

We (in the UK at least) seem to be struggling with a mixed desire to see longer and longer headline punishments for even the most trivial offences because it shows we are "tough on crime" while in complicated cases (business fraud, corporate manslaughter) the hard work involved in understanding it means people get let off with a caution. Someone shoplifting a £10 item of clothing will probably spend longer in jail than an accountant who fiddles £10m. How is this justice? Sadly, the reductio ad absurdum here is that everyone gets life for littering.

In this case *we* (reg readers) understand it and are outraged so we call for a longer sentence than if they had killed someone through reckless driving. Longer sentences than if they robbed a little old lady with a knife. Longer sentences than if they actually stole the credit cards from someones hands even.

Does that make sense? Is that justice?

By all means punish them but the punishment should fit the crime and we have to keep a sense of perspective here. If they got 10 years for this how could we scale up the punishments for more serious offenders..... ?

2
0
Megaphone

I too the victem of crime.

I have on many occasions been the victim of crime and it makes my blood boil when the culprits get of with a slap on the wrist (read as scott free).

It makes my blood boil when I read about car thieves getting getting days out racing cars about a track. It makes my blood boil when these cretins get handed holidays abroad because the bleeding hearts feel sorry for the poor little thing who didn't have a PS3 growing up...

I had sweet FA growing up on a council estate in Liverpool in the 80's. unemployment was at 95% on our estate... WE HAD NOTHING...

Did I resort to stealing? no... some did and where are they now? still kicking around the same hole... I got my head burred in books and educated myself because the education system failed me because they did not understand dyslexia. Now I am running my own successful business and a family of my own.

It makes my blood boil that my daughter who is currently doing her GCSE's and is expected to get A+ across the board, Who has never been late for school, never had a day off unless she was ill, never been in trouble with the police, does not smoke or drink.... and what does she get? all she is going to get is £30,000 worth of debit when she goes to university. but as she wants to be a dentist and will earn £100,000 a year that's ok....

If they really want to get the yoof of today to behave, is to give them something worth loosing... how about, if your child reaches the grand age of 17 without being known to the police, passing all the GCSE's never being late for school... give them driving lessons, a small car and 5 years worth of insurance.....but make it so easy to loose.... even being in a group of people that have been reported to police for causing trouble you loose it.... see how many kids hang around with the "wrong type" then....

3
2
Bronze badge
WTF?

@GrayFox

WTF have you been smoking dude, 'cos I want some of that good sh*t?!

Bollocks! They know full well that stealing is wrong, they even gloated about it on forums. They took credit card details and tried to sell them and you're painting them as paragon of virtue?

Typical f**king liberal intelligencia telling us that every screwed-up little teenage thief is simply "misunderstood", bullshit! They broke into places they knew were supposed to be secure, they stole some very valuable commodities and then they had the f**king nerve to gloat about it to other screw-ups who'd listen! F**k me they even called themselves hackers, so they knew they had to break in to get the good stuff.

I'm all for the 5 years inside suggested by the other poster above. We aren't just talking about a little mistake, tried to download some files and accidentally ended up with half a dozen credit card numbers.

My 8 year old knows stealing is wrong, knows things like ripping off moves from the internet are wrong ( got the school lecture about copyright theft quoted verbatim the other day when I was caught ripping my own DVDs! ), so if a child 10 years younger that these two gets it, these two have no excuses.

2
2
Anonymous Coward

Scott Free

How is a criminal record "scott free"?

By the way, 1980s East Germany called and asked for its social policy back.

1
1

Yeh but

Let me ask you - how would you feel if you discovered that your credit card had been skimmed for £2,185? Or how about being laid off from your job while your employer rebuilt the business following a hacking attack?

1
1
Coat

The Fuzzy Wotnot

Love the "hang 'em all" rant but reality intrudes every now and then. Isnt it a shame we cant kill these small level criminals so the market is left wide open for the more organised corporate robbery.

Who has tried to paint them as a paragon of virtue? In your binary existence is it "paragon" or "same sentence as a rapist" ?

Stealing is wrong, yet 99% of people steal all the time. Cheating and lying are wrong yet we still do it.

The *problem* with the youngsters is that they are too young and immature to realise the consequences of their actions. This is one of the reasons why sentences do not act as a deterrent to teen offenders.

There are much worse criminals than these two so suck up the fact you "understand" this crime and can relate to it, accept the fact JUSTICE has been done and move on.

1
1
Anonymous Coward

Yeh but yeh but

Who said that wasnt horrific? What does that have to do with it?

How about finding out your pension has lost £50,000 in value because a stockbroker made a bad decision? How about discovering your job ceases to exist because the funds to run it have gone to keeping the banks afloat? How about losing £30k on your house because the market has collapsed?

Better still, how about knowing that with criminal convictions, it is likely to cost the taxpayer in excess of half a million to look after them rather than allow them to learn from their lessons and become productive citizens. (*)

To address your two examples - credit card skimming is a nasty shock but the loss is the card companies (and the vendor who accepted the payment, not yours). In the second one, it seems that a business has CHOSEN to take a risk on what security to put in place and lost the bet.

How would you feel if you were laid off from your job while your employer rebuilt the business following damage from heavy rain because he hadnt bothered to properly structure the building?

This isnt in anyway absolving these two of any guilt - what they did was criminally wrong - it is just that "justice" is not served in this manner.

---------------------------

(*) anyone who says that at 19 they should have learned everything is either 15 or a retard.

1
2

"Decades" - really?

Rape ruins lives for decades, so do other violent crimes, I don't really see credit card fraud being in the same league.

In my limited personal experience, having had my credit card number stolen 3 times, the longest I've suffered is a gap of about a week until the new card turned up & the money was refunded by the bank.

Fraudulently applying for credit can have a bigger effect on the victim but can be resolved in much smaller timescales than decades.

1
0
Unhappy

Re: "Decades" - really?

Neil 23. Refunded by the bank? The bank?? You don't honestly think that the bank would give you its own money in such a quick and painless process do you...

The money came from whatever merchant was unlucky enough to be defrauded by the person who compromised your card.

1
1
Bronze badge
Pint

@AC 12:13

"Stealing is wrong, yet 99% of people steal all the time."

Do they really? Well explains why the Police get a bit annoyed when 62 million in this country alone are nicking stuff 'all the time', every day!!! Surprised TESCO had any sarnies left at lunchtime with everyone nicking 'em!

Difference between lying to someone and deliberately going to some place, be it physical or virtual, with the express intention of taking or copying something without permission, with criminal intent.

Far worse criminals and far worse crimes, so we just let it go? OK, as you wish I'll let it go, I'm sure it won't happen again!

1
1
FAIL

The Fuzzy Wotnot

Two minor problems with your attempt at sarcasm but both seem to stem from your idea that people are still either a saint or rapist with no in-between stages. You seriously need to consider that.

The majority (by volume) of thefts are petty thefts along the lines of employee stealing pens and other bits of stationery (British Crime Survey). This may be trivial and almost acceptable but it is a crime that costs businesses serious amounts of money (in aggregation). This isnt theft from Tesco, it is the almost constant drain that most employees seem to view as a "right." By your standards we should be locking every single one of these people up for 5 years and never letting them work again.

Secondly, who said "let it go?" You might want to try taking a few deep breaths and re-reading what was said. It really does help with the understanding.

Punishments should fit the crime. Taking some money of people is a bad thing, no one is doubting that, but on the scale of bad things it is pretty much at the low end. We let banks and governments do it to us on much larger scales without trying to see everyone of them banged up until the sun explodes.

It is perfectly normal for victims of crime to feel that their crime is the worst imaginable but the reality is the justice system has to step away from that and take an objective view. Anything else is not justice - it is mob-fulled, hate-filled, frothing revenge.

And we dont want that, do we?

1
1
Silver badge

"I will never get a job in IT now"

While I'm sure some companies may be warned off, there's plenty of tales of ex-crims turned security analysts. Sort of like hiring a thief to design a better lock, I suppose. You get years of experience in how to break the things, going into hardening said things. Plus you know who the little fucker is and he's on the payroll, so easy enough to track.

So long as they come out the other end of their sentences and try for a BSc in Computer Forensics or similar, I'd say his current criminal record might even help. Just don't go bragging about it in the job interview like it's your best qualification.

2
4
Anonymous Coward

No. Just... NO.

Nobody sane EVER hires anyone with a criminal record, especially when it comes to Security.

Past behaviour is one of the best ways of predicting future behaviour, as the saying goes - and the last thing you want is some little fucker thinking they can design-in a few choice security flaws, which they then sell details of, to their little mates on the black market. After all, it's the sort of thing they do - and it's the sort of thing they're known for. The criminal record is a big hint, you see...

No. If you cannot trust someone to get through adolescence without stealing peoples' credit card numbers (and don't give me any shit that they don't know what they're doing - most ten-year olds can readily identify what theft is), then you cannot - ever - trust them in a position of responsibility. They should be left on the job market, or allowed to join the millions in Indian call centres who routinely steal customer credit card details anyway...

I have worked in IT for several banks and also the military. I've had my background checked so many times that it's almost routine, now. I've signed the Official Secrets Act at least twice, and I cannot tell you how amusing it is to be accompanied to the toilet until your full clearance comes through. But I am part of the security industry now, and I understand why things are done this way. You do not trust unknown quantities - and you most certainly do not trust known criminals.

3
1
Anonymous Coward

Might as well kill them then.

"Nobody sane EVER hires anyone with a criminal record, "

Well thats their life over then - they will live on state hand outs for the next sixty years. Wonderful.

Even if it is just JSA (ironically) it will now cost the state £400,000 for these two. Who is being punished?

"especially when it comes to Security."

Rarely the case. Even in the military and banking sector. The OSA iform s a notification, not a check as it applies whether or not you bother to sign the form.

Even the Cabinet Office guidance does not say to reject an SC or DV candidate (let alone the BPSS) where there are spent convictions. Thats the whole idea of having spent / unspent. Depending on the nature of the offence, an unspent conviction is not an automatic bar to SC/DV as this is down to the judgement of the IO.

Most of the insider threat comes, not from "Known Criminals" but all the people who have successfully passed the check and are no longer under suspicion.

Still, I bet you've stolen stationery from work.

1
0
Vic
Silver badge

Sure about that?

> Nobody sane EVER hires anyone with a criminal record

I know quite a few people with SIA badges who have previous convictions.

Besides which, the Rehabilitation of Offenders Act 1974 means that criminal records are frequently not disclosed, as the offences are deemed "spent".

So your bold assertion is clearly wrong - sane people often employ those with a criminal record, both knowingly and unknowingly.

Vic.

1
0
N2
Bronze badge

200 hours of unpaid work?

not unlike working in IT then

8
0
Stop

Unfortunately...

Being a script kiddie doesn't really qualify you to be a penetration tester.

2
0
Anonymous Coward

Toolz and Toolz

All penetration testeres these days seem to do is use NMap and use Metasploit. (The same as a Skiddie....)

1
0

re Toolz and Toolz

Sadly that isnt even a joke. Even the "gold standard" CHECK testers seem to be heading that way.

0
0
Bronze badge
Coat

"“I will never get a job in IT now.”

Sure you will... just keep up your skillz and learn Russian. Or Chinese. Or possibly Farsi.

0
0
Joke

“I will never get a job in IT now.”

Consider yourself fortunate, kid. If you're anything like I was at age 19, then your experience of programming to date (fun, quick, exciting, able to do what you want when you want unsing whatever technology you damn well feel like) and the reality of working as a programmer (process, documentation, reviews, teamwork, meetings, very occasionally getting to code boring stuff, general drudgery, annoying micro-managers who know just enough about software to be a real pain in the ass, sales departments making promises that engineering have to work unpaid overtime to keep) will be two VERY different animals.

Then it'll get outsourced to somewhere cheaper and you'll be 40, out of work and wondering what was supposed to be so awesome about working in IT.

22
0
Unhappy

NO Joke

The sad thing AC is what you have stated is no joke!

4
0
Joke

A real professional

And despite the drawn-out rant in the middle, he even remembered to close his brackets. Now that's a programmer!

5
0

yep..

Capitalisation is correct as well, and since he doesn't finish every sentence with a ';' they haven't been stuck using Java/ECMA-script for the last couple of decades.

ttfn

0
0
Bronze badge

no security

The script kiddies used security vulnerabilities on the websites to gleem unencrypted credit card details but obviously didn't consider using any security and encryption on their own computers as if they had encrypted them and stored them on a truecrypt partition may have meant the MET had not enough evidence to charge them with anything.

And having dealt with the MET e-crime unit in the past they pretty much want all the evidence handing to them on a plate and you bringing the suspect into the police station yourself before they will do anything

1
0
Anonymous Coward

Keys

Remember not giving your encryption keys to the police makes it an automatic guilty plea

0
0
Anonymous Coward

eh?

Guilty plea to a different charge maybe.

0
0
Silver badge

Manual needs an update

"Woodham and Tobenhouse posted tutorials on Ghostmarket that gave advice on hacking into company websites, committing fraud and evading capture by authorities, police said."

That last bit needs updating.

4
0
Silver badge

committing fraud and evading capture by authorities

So not very good at it then.

that would give me far more pause for thougth if they applied for a job than anything else.

1
1
Silver badge

"I'll never get a job in IT now"

Awwww. Poor little boy. You should count your lucky stars sunshine, because if I was in charge of things you'd now be swinging from the end of a rope. In a public city square.

Ch-Click...HOCK! HOOOORRRRAAAAYYYYYYY!

0
0
Joke

Roper

I see what you did there.

ttfn

0
0
Silver badge
Thumb Up

@Paul_Murphy

It's actually my real name. I guess my family comes from a long line of hangmen. String 'em up, I say, string 'em up!

0
0
Silver badge
Coat

When I were 18.....

...we were more interested in women, cars and the drink.

Scamming people wasn't on the list.

The kids these day, eh?

0
1
IT Angle

It's called "entrepreneurial".

David Flashman said we haz to all be more like that, now they do and getz punishd. No fair!

But then this cabinet promised a less fair society so that's OK.

1
1
Coat

/facepalm

"Woodham also used some of the stolen cards to pay for access to premium chat lines that he owned."

That may have been a contributing factor to getting caught.

Do people never learn, always take the 2nd taxi!

0
0
Anonymous Coward

"I will never get a job in IT now"

10 actions have consequences

20 goto 10

1
0
FAIL

Just the begining.

Just wait till the FBI and UK authorities get their hands on the people that hacked/DDOS PSN...

Surely anyone foolish enough to have downloaded and ran LOIC will be shitting bricks right now, waiting for the knock on the door...

Oh Dear, no so cool now heh?

EPIC FAIL, is the term I think you like to use....

0
0
FAIL

“I will never get a job in IT now.”

FX : The world's saddest song, played on the world's smallest violin.

3
0

Page:

This topic is closed for new posts.