Teenage hacker who targeted ‘high profile’ Instagram accounts ordered to hand over £400,000
PUBLISHED: 14:12 16 August 2019 | UPDATED: 14:50 16 August 2019
A teenage hacker has been ordered to hand over £400,000 and given a criminal behaviour order after targeting high profile social media accounts.
19-year-old Elliott Gunton walked free from court today despite being given 20 months immediate custody, as he had already served that time on remand.
Gunton infiltrated the computer systems of Australian telecoms giant Telstra, allowing him to take control of an Instagram account with a following of 1.3m users.
The account - @adesignersmind - belonged to Australian designer Phil Darwen, who was "mortified" when Gunton set up an auto-reply to bombard his customers with "foul abuse", Norwich Crown Court heard.
The teenager had been under close watch by police after being made subject to a sexual harm prevention order in June 2016.
Explicit images had been discovered on his laptop and officers began checking his computer every six months.
In April 2018 they discovered a "suite" of hacking tools on his computer, prosecutor Kevin Barry told the court.
He said officers found a "complex system of virtual mechanisms to run computer activity without leaving a trace".
The software was being used to penetrate network providers and take over social media accounts before offering them for sale on hacker forums.
Mr Barry said Gunton was an "experienced computer user" and his laptop had "clear links to hacking".
He said Gunton had "offered to supply compromised online user names and email accounts" to other hackers, knowing they would exploit them for criminality.
He would offer them for sale for thousands of pounds in crypto-currency on the HackForums website as a "highly respected member".
Investigating officers discovered posts made by Gunton offering "a batch of high-tier [Instagram] accounts", and "all fresh to market and come with [original] emails".
They would be offered for thousands of pounds based on their follower base, originality or uniqueness.
"He was in a position to provide to others credentials which would enable them to get into people's accounts and take them over," said Mr Barry. "He would advertise and promote his service indicating he could obtain any user name for $3,000 in Bitcoin."
He added Gunton was engaged in "social engineering", where a network provider is contacted in an attempt to elicit unauthorised access to accounts.
Other chat messages indicated he had been planning "sim-swap" hacks on Telstra.
Gunton has previously been convicted in December 2016 of hacking TalkTalk and Cambridge University - exposing vulnerabilities in their systems and publishing them online.
"He was giving them the keys to unlock the door, break in, and do as they wished," said Mr Barry.
Locked inside a "nano-ledger", officers found more than £400,000 worth of crypto-currency, mainly in Bitcoin, while Gunton maintained he was unemployed.
They also found two watches worth around £10,000.
The hack of the Australian designer was only discovered after police sifted through messages to Gunton's girlfriend.
In one he boasted: "I forgot to tell you, I jacked a 1.2m IG last night".
"He gained unauthorised access to a very popular Instagram account belonging to an Australian national and set up an automatic response mechanism so those who contacted the compromised account received insulting and offensive messages," Mr Barry told the court.
It took Mr Darwin two weeks to regain control of the account.
"He realised something was wrong when posts appeared on his account he had not written and friends of his contacted him and said they have had insulting replies," said Mr Barry
"He was both mortified by the hack and the content put on his account. It caused him considerable stress and anxiety."
Mitigating for Gunton, Matthew McNiff said he had been unable to take up a job at a "multi-national accounting firm" due to the restrictions of the sexual harm prevention order.
"It is not incorrect to describe him at the time as a young man, both in years and maturity," he said.
"He would use these tools to find weaknesses and let others know. He was first to the finish line to identify it and others chose to exploit it in a different way.
"It was social engineering and exploitation of the network provider's inadequate systems."
Mr McNiff added Gunton now has his own business re-purposing furniture, with the help of his grandparents.
"He has evolved from someone isolated from society into an individual who no longer sits in his room," he said.
"This court can have confidence when I stand here and say he is a changed man. He has behaved responsibly and shows himself to be capable of doing the right thing."
Sentencing Gunton, Judge Stephen Holt said: "You built up quite a reputation in this murky area. You are quite clearly a very intelligent and gifted I.T. person.
"Because of your reputation people were quite happy to pay for this information.
"It is quite plain over the last 18 months you have grown up and matured considerably."
Gunton, of Mountenay Close in Norwich, admitted breaching a sexual harm prevention order, multiple Computer Misuse Act offences, and money laundering.
He must pay back £407,359,35 and was given a criminal behaviour order for three and a half years.
"Make no mistake, if you commit any further offences you know exactly where you are going to go," Judge Holt told him.
After the hearing Judge Holt commended the investigative team, calling their work "outstanding".