A prolific hacker who carried out cyber-attacks on more than 100 companies worldwide has been ordered to pay back £922,978.14 of cryptocurrency he had stashed away.
Grant West, 27 (15.02.92) of Ashcroft Caravan Park, Sheerness, Kent, was subject to a confiscation order under the Proceeds of Crime Act at Southwark Crown Court on Friday, 23 August.
The confiscation of the cryptocurrency, which West did not contest, follows a lengthy police investigation, codename ‘Operation Draba’, into the criminal activities of West, who was operating on the Dark Web under the moniker of ‘Courvoisier’.
The cryptocurrency will now be sold, and the victims will receive compensation for the damage caused by the organised criminality committed by West.
West was responsible for attacks on more than 100 companies worldwide. He predominately used ‘phishing’ email scams to obtain the financial data of tens of thousands of customers. West would then sell this personal data in different market places on the dark web.
He would then convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts.
West was jailed on Friday, 25 May at Southwark Crown Court for 10 years’ and eight months’.
Officers from the Met’s Police Cyber Crime Unit (MPCCU) arrested and charged West in September 2017 following a two-year investigation. He was identified as the head of an Organised Crime Network (OCN) which predominantly targeted London-based organisations.
Throughout the course of the investigation detectives discovered evidence of West conducting cyber attacks on the websites of 17 major firms including Sainsbury’s, Nectar, Groupon, AO.com, Ladbrokes, Coral Betting, Uber, Vitality, RS Feva Class Association 2017, Asda, the British Cardiovascular Society, Mighty Deals Limited, Truly Experiences Ltd, T Mobile, M R Porter, the Finnish Bitcoin exchange, and Argos.
Following West’s arrest, approximately £1 million worth of cryptocurrency was seized from a number of his accounts. Taking currency fluctuations into account the currency is today valued at £922, 978.14.
West started trading on the dark web in March 2015 and completed more than 47,000 sales from an online "store". As well as financial data, he also sold cannabis which he shipped to customers, and ‘how to’ guides instructing others how to carry out cyber attacks.
Between July and December 2015, West perpetrated a phishing scam masquerading as online takeaway service Just Eat, in an attempt to obtain the personal details of 165,000 people. Although no financial information was obtained, his actions cost the firm approximately £200,000.
West carried out the attacks from a laptop belonging to his girlfriend, Rachael Brookes. He also stored personal financial information, also known as "fullz", belonging to more than 100,000 people on the device.
Officers also recovered an SD card from West’s home address in Kent and discovered approximately 78 million individual usernames and passwords as well as 63,000 credit and debit card details stored on it.
As well as selling information online, West also regularly used stolen credit card details to pay for items for himself, including holidays, food, shopping and household goods.
Throughout the course of the investigation £25,000 cash and half a kilogram of cannabis was seized from storage units rented by West across Kent.
Grant West, 26 (15.02.1992) of Ashcroft Caravan Park, Sheerness, Kent, pleaded guilty to the following offences at Southwark Crown Court on 14 December 2017.
2 x conspiracy to defraud;
2 x possession of criminal property;
1 x unauthorised modification of computer material;
1 x possession of a Class B drug with intent to supply;
1 x possession of Class B drug
1 x attempting to supply a controlled drug;
1 x offering to supply a Class B drug, and;
1 x concealing/removing criminal property from England and Wales, Scotland or Northern Ireland.
Head of the Met’s Cyber Crime Unit, Detective Chief Inspector Kirsty Goldsmith, said: “The MPS is committed to ensuring that individuals who are committing criminality on the Dark Web are identified, prosecuted and their criminal assets are seized.
"I wish to thank our partners within the MPS and in both public and private industry who have all assisted with this investigation which was incredibly complex and lengthy. I am very proud of my team for bringing this offender to justice and ensuring we have secured this order.”
To reduce your chances of being a victim of cybercrime, it is important to use strong passwords, preferably three different words and numbers and symbols. Tips on how to create a strong password are available at https://www.met.police.uk/advice-and-information/fraud/personal-fraud/cyber-crime/
Alternatively, you can get advice from Action Fraud, GetSafeOnline or Cyber Aware.