Security Experts:

Connect with us

Hi, what are you looking for?



UK Hacker Sentenced to 20 Months in Prison

Hacker Elliot Gunton has been sentenced to 20 months in prison by Norwich (UK) County Court, but released immediately because of time already served in custody.

Hacker Elliot Gunton has been sentenced to 20 months in prison by Norwich (UK) County Court, but released immediately because of time already served in custody.

Local police made a routine visit to Gunton’s home in April 2018 to ensure he was complying with a Sexual Harm Prevention Order (SHPO) previously imposed in June 2016. When they examined his laptop, they found evidence of software tools to enable cybercrime. The laptop was seized and examined by the police.

The examination found evidence of Gunton’s offer to sell compromised personal information that would allow criminals to intercept mobile phone calls and texts. It also found evidence of Gunton advertising hacking services for $3,000 in Bitcoin.

“However,” says a statement from the Norfolk (UK) Constabulary, “despite Gunton taking complex and sophisticated measures to conceal and delete his activity, he had left behind clues of his offending — fragments of conversations with others online where he discussed criminal activity, as well as officers tracing and seizing £275,000 worth of ‘cryptocurrency’ including Bitcoin under his control.”

Gunton was one of the teenagers arrested for the 2015 Talk Talk hack

The SHPO was separately imposed in June 2016 after indecent images of children were found on his laptop. The police made regular visits to ensure he was complying with the terms of the order. They found evidence that he was talking on hacker forums, and that he had installed CCleaner (which includes secure file deletion capabilities which would be in contravention of the SHPO).

When the police learned that Gunton was planning to appeal the SHPO, they paid another visit, examined his laptop, and found sufficient reason to confiscate it for deeper investigation. He was charged with five counts including charges under the Computer Misuse Act 1990. Although he initially denied all charges, he later pleaded guilty, and was sentenced on Friday, August 15, 2019. He was sentenced to 20 months in prison, but was released immediately since he has already spent this time on remand.

He was ordered to pay back £407,359. The police found and seized £275,000 of cryptocurrency, including Bitcoin, under his control. He was also issued a three-and-a-half-year Community Behavior Order that prohibits ownership or use (unless supervised) of any device capable of accessing the internet without making it available for inspection and provided it retains the history of internet usage without modification. 

Other conditions include no use of incognito surfing, no use of cloud storage without declaring it and making the storage available for inspection, no installation of additional encryption or deletion software, and no use of any cryptocurrency wallet without providing a “verifiable explanation as to the lawful origin of any cryptocurrency identified to be under your control.”

“Today’s sentence,” said a police spokesperson, “will ensure he cannot continue with this kind of criminal activity and the team remain committed to pursuing and identifying anyone involved in this kind of crime.”

It should be asked, however, whether zero prison time and relatively easily avoidable behavior conditions will be an adequate deterrent for a young man who seems to have been engaged in hacking activities for at least the last four years and is still only 20 years old.

Related: TalkTalk Hack Suspect Arrested for Blackmail 

Related: Prosecutors Seek 3-Year Sentence in ‘Celebgate’ Hacking Case 

Related: Hacktivist Gets 10-Year Prison Sentence for DDoS Attack on Hospitals 

Related: California Man Gets 26-Month Prison Sentence for DDoS Attacks 

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.