'Student' hacker fined £20,000
A 23-year-old who faked being a student to access email passwords has been fined.
A hacker who pretended to be a student in order to gain access to emails of real students has been told pay over 20,000 in costs and compensation.
Daniel Woo, a 23-year-old living in London, was also given a 36 week suspended prison sentence, a two-year supervision order and 200 hours of unpaid work.
He used the passwords in order to gain valuable data, including financial information and personal identification details.
The police learned fraudulent activity had occurred on a number of the victims' payment accounts.
Woo was caught installing password-thieving software at the University of London's School of Oriental and African Studies, popularly known as Soas.
IT staff discovered some anomalies in the university's network and after the alarm was raised Metropolitan Police Service's Police Central e-Crime Unit detectives found Woo had faked being a student to access a computer room on the campus.
He then placed an easily downloadable password recovery tool called Cain and Able on university computers to collect further login credentials.
Woo was believed to have accessed the computer room on at least ten occasions between October and November 2006.
Officers later discovered Woo had committed other similar offences at the University of Coventry and had stolen an ID card from a student from the University of Northampton.
Earlier this month, IT PRO attended an event where an ethical hacker showed how simple it is to steal passwords.
When showing a method for thieving passwords, CRYPTOCard's senior vice president in Europe Jason Hart also used the Cain and Abel tool. In that case he used the software to gather passwords of people using a Wi-Fi network.
-
How to prevent employees from sabotaging AI rolloutsEmployees worried about being replaced are pushing back against tools by compromising their company’s AI strategy and, potentially, sensitive data
-
When building in-house costs more than you thinkIndustry Insights Why smart software teams choose integrated partnerships over building in-house
-
We need to do something about passwordsPasswords are a fundamental aspect of access security, but recent password leaks have undermined their ability to protect data
-
Dashlane lifts the lid on attack that saw hackers download encrypted user vaultsNews The company said it has now informed all affected customers, and taken action to shut down the operation
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
AI agents are creating new identity security risks: 1Password wants to solve thatNews The Unified Access system from 1Password will help enterprises manage AI agent access across different devices and users
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
