Norwich hacker plotted 'heist' on Australian telecoms giant Telstra and offered Instagram accounts for $3,000
PUBLISHED: 16:26 04 April 2019 | UPDATED: 08:42 05 April 2019
ARCHANT EASTERN DAILY PRESS (01603) 772434
A computer hacker from Norwich attempted a "heist" on the largest Australian telecoms company and was advertising active Instagram accounts for $3,000 each, a court heard.
Police seized 19-year-old Elliott Gunton’s computer in April last year as they suspected he had breached a sexual harm prevention order.
They discovered a wealth of around $381,000 of Bitcoin despite Gunton having “no discernible income”.
Officers combed through Gunton’s chat logs and forum posts and uncovered what appeared to be a plot to attack telecoms giant Telstra, Norwich Crown Court heard.
The teenager, who was convicted of hacking TalkTalk when he was 16, operated on the Adium instant messaging platform using the handle ‘Letsdothis’.
On November 13, 2017, he was speaking with a user named ‘Liedel’, hatching a plan to “heist” Telstra while their customers in Australia slept.
Leidel wrote to Gunton: “We could do Telstra in like 30 minutes. We got like six hours plus to heist and break as much as we can.”
He added: “Wait for the perfect time. There’s no rush bro we just need to make sure we have this when he goes to sleep.
“We can’t afford to miss this one. He must be so rich. He could be genuinely a multi-millionaire in crypto.”
The pair discussed security measures on their target’s email account, with Gunton saying he “doesn’t even have 2fac” - two-factor authentication which adds a layer of security.
Liedel told him: “I might do eBay fraud again. It is the easiest way to make 10k in like 30 minutes. The best part is it is not flagged as fraud or investigated.
“Getting verified on eBay in 21 days is a pain. Let’s do Telstra today.
“When Joe gets on with the Telstra SIMs we will do the heist.”
He added they would be able to “get any Bigpond” - referring to Telstra email accounts.
The day after the apparent heist plot, Gunton messaged Liedel again.
“We are making money left, right and centre,” he said. “I am getting better.”
More suspicious messages were discovered under Gunton’s handle ‘Glubs’ on Hack Forums - a community of more than 500,000 hackers.
In one post he asked if anyone knew an employee of Sprint - an American telecoms company.
Officer in the case Det Con Mark Stratford, of the cyber and serious organised crime directorate, told the court: “One user interpreted the question as an attempt to locate a member of staff at Sprint with the intention to facilitate a SIM swap.
“That is transferring the mobile phone number associated with a legitimate SIM card and diverting that to a third party - a type of phishing fraud.”
Glubs replied in the thread: “I do not condone illegal activity like that, just some simple questions.”
But DC Stratford added: “One reason of getting in contact with an employee would be because some users have pin numbers on their accounts.
“The service provider would want to verify it is a legitimate person they are dealing with. If you have a contact within the company they have access to the company systems. “It could be the pin number gets changed to allow you to contact customer services and pose as that person.”
The Hack Forums website has a facility for users to leave feedback and reviews for other members.
‘Glubs’ had a number of reviews under his name, the court heard.
One read: “Copped an Instagram account with no issues”, and another: “Vouch for the user, done thousands worth of deals with Glubs”.
Another wrote: “This guy literally helps me put food on my family’s table.”
One user wrote: “He is not the rule, Glubs is the exception.”
Another said: “Bought an OG [original] Snapchat account off him for $275. Thanks again.”
By October 28, 2017, ‘Glubs’ was actively advertising hacked Instagram accounts on the site.
He began a thread, posting: “Taking Instagram requests. $3,000 in Bitcoin or go home. PM me proof of funds and we can talk about usernames you want.”
DC Stratford told the court: “The illegitimate means of taking an Instagram account would be severing the link between the username and account to allow a software programme to snatch it or take control of the account.”
Gunton, of Mounteney Close, is charged with five counts including charges under the Computer Misuse Act 1990,
They include supplying profile user names and email accounts believing that they were likely to be used to commit or to assist in the commission of an offence.
Gunton is also charged with money laundering charges involving crypto currency.
He is also charged with breaching his sexual harm prevention order. Gunton has denied all charges.
The trial continues.