Man sentenced for hacking offences | Norfolk Constabulary

You are here

Man sentenced for hacking offences

 
A man has been sentenced to 20 months in prison and ordered to pay back more than £400,000 after supplying online personal data and hacking services in exchange for thousands of pounds worth of ‘cryptocurrency’.

Elliot Gunton, aged 19 and of Mounteney Close in Norwich, was sentenced at Norwich Crown Court today (Friday 16 August) after pleading guilty at an earlier hearing.

The court heard how police seized Gunton’s laptop in April 2018 after they found software which enabled him to commit cybercrime offences. Officers made the discovery during a routine visit to Gunton’s home to ensure he was complying with a Sexual Harm Prevention Order imposed by the court in June 2016 for previous offences.

Further information found on the computer revealed Gunton had offered to supply compromised personal data of individuals to others for them to use for criminal purposes, such as passing on mobile phone numbers which allows third parties to intercept calls and texts to commit fraud.

Officers also found evidence of Gunton advertising compromised data and hacking theft services in exchange for $3,000 in Bitcoin, rather than hard currency, in a bid to hide the payments being discovered by police.

However, despite Gunton taking complex and sophisticated measures to conceal and delete his activity, he had left behind clues of his offending – fragments of conversations with others online where he discussed criminal activity, as well as officers tracing and seizing £275,000 worth of ‘cryptocurrency’ including Bitcoin under his control.

In a Twitter post under one of his online identities ‘@Gambler’, Gunton posted a message stating “having lots of money is cool….but having lots of money without people knowing is cooler”.

Gunton was charged with breaching a Sexual Harm Prevention Order, hacking offences and money laundering.

Gunton was sentenced to 20 months in prison at Norwich Crown Court today for the offences, along with further hacking offences against an Australian Instagram account to which he pleaded guilty at an earlier hearing.  However Gunton was immediately released from the court having already served his sentence whilst on remand.
He was also ordered to pay back £407,359 and issued a three and a half year Community Behaviour Order which states Gunton must not:
  • Own or use, save at your place of employment or at a supervised facility open to the public, any device capable of accessing the internet (also known as the World Wide Web) unless;
  1.        It has the capacity to retain and display the history of internet use and,
  2.        you make the device available upon request for inspection by a police officer / offender manager and,
  3.        you must not withhold from a police officer / offender manager when asked, any password / PIN / security pattern or otherwise which secures that device from unintentional opening, and,
  4.        you must not intentionally delete the internet history, or use any third party software, or modify any settings to intentionally delete the internet history.
  • Use, download, or otherwise acquire, any software (or other methodology) capable of providing a false Internet Protocol (IP) address, whilst using the internet, including, but not exclusively, through the use of a Virtual Private Network (VPN), proxy or the TOR “Dark Web” network

 

  • Intentionally use an internet browser with “incognito mode”, “private browsing” or any similar such option activated
 
  • Use any offsite storage service (commonly known as "Cloud" storage) unless he notifies a police officer / offender manager of his possession of such an account, or storage location, and makes the service/storage available upon request for inspection by a police officer/offender manager together with its access username and password.
 
  •  Install any encryption or deletion software on any device other than that which is intrinsic to the operation of the device. Should any intrinsic encryption be utilised you must notify Norfolk & Suffolk Cyber Crime Unit and provide any pass code necessary to access any encrypted data upon request to a Police Officer / Offender Manager.
 
  • Make use of any type of cryptocurrency storage address, software wallet, hardware wallet or exchange address without first informing a police officer / offender manager of said use, and the details of the address. If required by a Police Officer or Offender Manager you must provide a verifiable explanation as to the lawful origin of any cryptocurrency identified to be under your control.

Detective Sergeant Mark Stratford said: “This was a complex investigation which relied on the expertise of officers and staff from the Norfolk and Suffolk Cybercrime Unit. This emerging type of criminality requires police investigators to be at the forefront of technological advancements in order to effectively combat the ever-growing paradigm of cybercrime.

“Gunton was exploiting the personal data of innocent businesses and people in order to make a considerable profit but he did not succeed in hiding all of his ill-gotten gains which enabled us to seize hundreds of thousands of pounds worth of Bitcoin.

“Today’s sentence will ensure he cannot continue with this kind of criminal activity and the team remain committed to pursuing and identifying anyone involved in this kind of crime.”