A MAN WHO HACKED the Norwich Airport and Norfolk and Norwich University Hospital websites has been jailed and banned from owning an internet-enabled device unless he follows a strict set of rules.
After pleading guilty, Daniel Devereux, 30, was sentenced at Norwich Magistrates Court after being charged with two counts of Section 1 of the Computer Misuse Act for the two incidents that occurred in September and November 2015.
The Norwich Airport website went down for three days and cost the organisation in excess of £35,000, while his attack on the hospital closed the site down for a day, but did not affect clinical services.
The hacker had posted a video online boasting about the attacks and sent emails to staff at the organisations under the pseudonym ‘His Royal Gingerness'.
The Crown Prosecution Service (CPS) said that he was tracked down by IT experts who found clues about his computer's location, both from his video and his attempts to access the websites.
As well as being jailed for 32 weeks, he was handed a first-of-its-kind criminal behaviour order (CBO), which will last five years and means that he is not allowed to own or use any device capable of accessing the internet, such as a tablet, smartphone or laptop, unless its brand name and model have been given to the police prior to it being used.
The device also has to have the capacity to retain and display the history of internet use and he has to make the device available on request for inspection by a police officer.
The CBO prohibits Devereux from:
- Deleting any internet history on the device;
- Using any device capable of accessing the internet in a way which avoids browsing history being saved;
- Buying, using or obtaining any software programme capable of hiding or deleting any internet history or buying using, or obtaining any software programme that is capable of hiding, concealing or otherwise disguising their internet activity.
This includes the likes of virtual private networks (VPNs), proxy servers and the Tor network on the so-called dark web.
Devereux is also required to volunteer passwords to any and all encrypted files stored on any hard drive or removable media device/any partition of any hard drive or removable media/any virtual drive/any cloud-based storage.
"The CBO gives us, the Norfolk and Suffolk Cybercrime Unit, lawful authority to monitor Deveraux and his activity," said detective sergeant Sam Shevlin from the Norfolk and Suffolk Cybercrime Unit.
"This is an effective way of preventing further offences and robustly dealing with any breaches."
Punam Malhan, from the CPS, said: "Through his attack on these two websites, Devereux caused inconvenience and financial cost. When faced with the weight of evidence against him, he pleaded guilty.
"Hacking is a serious criminal offence and anyone considering such an attack needs to know they are liable to prosecution." µ
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break