Security Experts:

UK Hacker Sentenced to 20 Months in Prison

Hacker Elliot Gunton has been sentenced to 20 months in prison by Norwich (UK) County Court, but released immediately because of time already served in custody.

Local police made a routine visit to Gunton's home in April 2018 to ensure he was complying with a Sexual Harm Prevention Order (SHPO) previously imposed in June 2016. When they examined his laptop, they found evidence of software tools to enable cybercrime. The laptop was seized and examined by the police.

The examination found evidence of Gunton's offer to sell compromised personal information that would allow criminals to intercept mobile phone calls and texts. It also found evidence of Gunton advertising hacking services for $3,000 in Bitcoin.

"However," says a statement from the Norfolk (UK) Constabulary, "despite Gunton taking complex and sophisticated measures to conceal and delete his activity, he had left behind clues of his offending -- fragments of conversations with others online where he discussed criminal activity, as well as officers tracing and seizing £275,000 worth of 'cryptocurrency' including Bitcoin under his control."

Gunton was one of the teenagers arrested for the 2015 Talk Talk hack

The SHPO was separately imposed in June 2016 after indecent images of children were found on his laptop. The police made regular visits to ensure he was complying with the terms of the order. They found evidence that he was talking on hacker forums, and that he had installed CCleaner (which includes secure file deletion capabilities which would be in contravention of the SHPO).

When the police learned that Gunton was planning to appeal the SHPO, they paid another visit, examined his laptop, and found sufficient reason to confiscate it for deeper investigation. He was charged with five counts including charges under the Computer Misuse Act 1990. Although he initially denied all charges, he later pleaded guilty, and was sentenced on Friday, August 15, 2019. He was sentenced to 20 months in prison, but was released immediately since he has already spent this time on remand.

He was ordered to pay back £407,359. The police found and seized £275,000 of cryptocurrency, including Bitcoin, under his control. He was also issued a three-and-a-half-year Community Behavior Order that prohibits ownership or use (unless supervised) of any device capable of accessing the internet without making it available for inspection and provided it retains the history of internet usage without modification. 

Other conditions include no use of incognito surfing, no use of cloud storage without declaring it and making the storage available for inspection, no installation of additional encryption or deletion software, and no use of any cryptocurrency wallet without providing a "verifiable explanation as to the lawful origin of any cryptocurrency identified to be under your control."

"Today’s sentence," said a police spokesperson, "will ensure he cannot continue with this kind of criminal activity and the team remain committed to pursuing and identifying anyone involved in this kind of crime."

It should be asked, however, whether zero prison time and relatively easily avoidable behavior conditions will be an adequate deterrent for a young man who seems to have been engaged in hacking activities for at least the last four years and is still only 20 years old.

Related: TalkTalk Hack Suspect Arrested for Blackmail 

Related: Prosecutors Seek 3-Year Sentence in 'Celebgate' Hacking Case 

Related: Hacktivist Gets 10-Year Prison Sentence for DDoS Attack on Hospitals 

Related: California Man Gets 26-Month Prison Sentence for DDoS Attacks 

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.