A hacker who pretended to be a student in order to gain access to emails of real students has been told pay over 20,000 in costs and compensation.
Daniel Woo, a 23-year-old living in London, was also given a 36 week suspended prison sentence, a two-year supervision order and 200 hours of unpaid work.
He used the passwords in order to gain valuable data, including financial information and personal identification details.
The police learned fraudulent activity had occurred on a number of the victims' payment accounts.
Woo was caught installing password-thieving software at the University of London's School of Oriental and African Studies, popularly known as Soas.
IT staff discovered some anomalies in the university's network and after the alarm was raised Metropolitan Police Service's Police Central e-Crime Unit detectives found Woo had faked being a student to access a computer room on the campus.
He then placed an easily downloadable password recovery tool called Cain and Able on university computers to collect further login credentials.
Woo was believed to have accessed the computer room on at least ten occasions between October and November 2006.
Officers later discovered Woo had committed other similar offences at the University of Coventry and had stolen an ID card from a student from the University of Northampton.
Earlier this month, IT PRO attended an event where an ethical hacker showed how simple it is to steal passwords.
When showing a method for thieving passwords, CRYPTOCard's senior vice president in Europe Jason Hart also used the Cain and Abel tool. In that case he used the software to gather passwords of people using a Wi-Fi network.
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto NetworksCase study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
-
Putting small language models under the microscopeITPro Podcast The benefits of small language models are undeniable – but they're no silver bullet
-
I love magic links – why aren’t more services using them?Opinion Using magic links instead of passwords is safe and easy but they’re still infuriatingly underused by businesses
-
Password management startup Passbolt secures $8 million to shake up credential securityNews Password management startup Passbolt has secured $8 million in funding as part of a Series A investment round.
-
LastPass breach comes back to haunt users as hackers steal $12 million in cryptocurrencyNews The hackers behind the LastPass breach are on a rampage two years after their initial attack
-
GitHub launches passkeys beta for passwordless authenticationNews Users can now opt-in to using passkeys, replacing their password and 2FA method
-
Microsoft SQL password-guessing attacks rising as hackers pivot from OneNote vectorsNews Database admins are advised to enforce better controls as attacks ending in ransomware are being observed
-
No, Microsoft SharePoint isn’t cracking users’ passwordsNews The discovery sparked concerns over potentially invasive antivirus scanning practices by Microsoft
-
Microsoft Authenticator mandates number matching to counter MFA fatigue attacksNews The added layer of complexity aims to keep social engineering at bay
-
As Google launches passwordless authentication for all, what are the business benefits of passkeys?News Google follows Apple in its latest shift to passwordless authentication, but what are the benefits?
