Welsh Hacker Pleads Guilty to Site Break-ins
Page 1 of 1
Raphael Gray, the Welsh computer hacker who called himself Curador, will find out April 9 whether he'll do jail time for breaking into several small online shops last year and stealing 26,000 credit card numbers.
Calling himself the "Custodian of Ecommerce," Gray hacked into nine sites during February of 2000, including Salesgate.com, VisionComputers.com, Promobility.net, and AlbionsMO.com. At the time of his arrest on March 23, 2000, the Federal Bureau of Investigation said the losses connected with Gray's intrusions could exceed $3,000,000.
At a pre-trial hearing March 27, less than a week before his trial was to begin in Crown Court in Swansea, Wales, the 19-year-old Gray pleaded guilty to 6 counts of unauthorized computer access under section 1 of Britain's Computer Misuse Act of 1990. In exchange, the prosecution agreed to drop more severe charges against Gray under section 2 of the Act, which deals with access with an intent to commit other crimes. Gray also admitted to using some of the stolen credit cards to obtain web hosting services for two sites where he posted stolen card numbers and rants about the shoddy state of Internet security, e-crackerce.com and freecreditcards.com.
Under Britain's Computer Misuse Act of 1990, the maximum jail sentence Gray could receive is 12 months.
According to his solicitor, Michael J. Reed, Judge Gareth Davies will have to weigh a desire to make an example of Gray against the facts of the case.
"A judge could give a deterrence sentence to send a message out to would-be hackers. Equally, he could take this for what it was -- a youngster who was messing about, and who believed that what he was doing was for a good motive but who was a bit misguided in his approach," said Reed.
Gray's youth and willingness to plead guilty may enable him to avoid jail time, said Andrew Charlesworth, a senior lecturer in information technology law at the University of Hull law school.
"I'm not sure people over here are that keen on the idea of sending teens to jail for hacking. As long as they catch them and get a conviction, I think that sends almost as strong a message to the hacker community as pushing it all the way through an expensive court case," said Charlesworth, who predicted that the judge may simply levy a fine against Gray, as allowed under the law.
Coverage of the case by the media in the UK, particularly a BBC Panorama program that aired last March, mistakenly played into Gray's attempts to portray himself as doing a service to the sites he victimized, according to Steven Phillppsohn, a London lawyer who specializes in electronic fraud litigation.
"He was shown to be exposing the weaknesses of the whole system and not as a serious criminal who should be punished. Clearly, he's an intelligent fellow and I wouldn't put him in the same bracket as these experienced fraudsters who hire guys to do it for them. But, of course, there's the other side," said Phillippsohn.
That other side of the case is likely to be detailed in the pre-sentence report currently being prepared by the Crown Court probabation service. The report will brief the judge on the charges against Gray, background on the case, and possible sentences.
Al Smith, the president of AlbionsMO.com, one of the sites Gray attacked, said his company lost many customers after notifying them last February that their credit cards had been stolen and posted on the web.
"He may have exposed a security flaw, which was helpful. But we figure it killed our return-customer business, and that's a large percentage of an ecommerce business. So that hurt us," said Smith. He hopes federal law enforcement in the United States will take additional action against Gray.
"For a person who created chaos to be charged with a misdemeamor, that's not a deterrant at all," said Smith.
A spokesperson said the FBI does not plan to comment on the case until after sentencing in the UK.
Gray is currently free on bail and working as a computer programmer for a firm in Whitland, Wales, according to his solicitor.