UK hacker accessed accounts for 20 months before bust

The reassuring news in the UK this past week was that Edward Pearson, a 23-year-old hacker from York, was jailed for 26 months after stealing the personal information of bank card, credit card and PayPal customers. Also a relief to those customers was that Pearson was caught after making only $3,800 in fraudulent transactions.

Much less reassuring was that Pearson had spent 20 months hacking into those accounts — Jan. 1, 2010 to Aug. 30, 2011 — and was able to use Trojans such as Zeus and Spyeye to collect personal details on about 8 million people. Authorities said he could easily have stolen about $1.3 million.

The Daily Mail reported that it was only because his 21-year-old girlfriend, Cassandra Mennim, used stolen credit cards to book rooms at the upmarket Cedar Court Grand and Lady Anne Middleton Hotels, that investigators were able to track him down before more damage was done.

According to the Mail, Pearson also hacked into telecommunications giant Nokia’s internal network and copied the details of over 8,000 members of staff. Last August, Nokia issued a warning that the community discussion of part of its app developers’ forum had been hacked, and that their information may have been stolen.

The takedown of Pearson is said to be part of a crackdown on cybercrime. TechWeekEurope reported in mid-March on the arrest of 14 people suspected of a phishing operation that stole £1 million from one woman. The Metropolitan Police Service said 150 officers across different forces in its Police Central e-crime Unit (PCeU) were involved in the operation.

The PCeU had earlier announced the arrest of a 37-year-old man in Belvedere, Kent for computer misuse, in connection with an investigation into online banking fraud. A bank had complained that some of its online accounts had been compromised over an 18-month period.

All of which can leave credit and bank card users wondering how effective a crackdown is if it takes 18 months or more to eliminate a hacker.

Graham Cluley, a senior technology consultant at Sophos in the UK, says it is not the fault of investigators that things move as slowly as they do.

“Internet crime investigations are complicated,” he says, “and it can take a great deal of time to identify those responsible and gather all the evidence properly.” Cluley also says the crackdown is unlikely to curb cyber crime, since the rewards far outstrip the risks.

“I think we can expect to see more arrests and sentences in future. The only question is whether they will act as a deterrent — and I fear that the rewards for cybercrime are so huge that there won’t be a shortage of people willing to risk a jail sentence.”