Saturday 23 March 2013

'Black Dragon' Cyber Criminal Jailed For £6.5m UN Carbon Credits Hack

Matthew Beddoes & one of his online profile pics

A cyber-criminal nicknamed the 'Black Dragon',  who masterminded an audacious attempt to hack into the United Nations computer systems to steal £6.5m worth of carbon credits, has been jailed for three-and-a-half years.

Matthew Beddoes, 32, created a rogue 'Trojan' programme he called Zeus to transfer 426,108 Certified Emission Reduction credits from an account on the U.N's Clean Development Mechanism Registry in Bonn, Germany - thwarted when an incorrect account number was used. 

Beddoes then targeted the Spanish Carbon Credit Registry and 350,000 European Union Allowances were transferred to a UK broker, who sold €89,000 worth to BP before the remainder were frozen.

He pleaded guilty at Kingston-upon-Thames Crown Court to six counts of conspiring to do unauthorised acts, with intent to impair computer programmes, four counts of unauthorised access to business computers, three counts of possessing electronic files containing credit card information and one count of acquiring criminal property on or before November 17, 2011.

He was recruited by Jasdeep Randhawa, 38, of Aber Road, Leicester, who received twenty-one months imprisonment and his friend Jandeep Sangha, 28, of New Street, Leicester, who laundered the stolen money, received twelve months, suspended for two years, was fined £1,000 and ordered to complete 120 hours community service.

Shrewsbury-born Beddoes, (pictured) of Jubilee Avenue, Donnington, Telford, who also nicknamed himself 'Cyber Commander' and 'Secret Squirrel' boasted of his hacking skills online, with his Facebook name 'Matty Net Jackal Beddoes' an 'Old Skool Hacker.'

He spent a short time living in South Tidworth, Wiltshire after setting up Alladin Technologies, a computer security company, specialising in removing malicious software and viruses.

His lawyer Mr. Mark Cotter told the court: "He has had an itinerant lifestyle, bouncing from place to place, but always with the company of his laptop.

"He first became interested in computers at the age of five and if circumstances were different his skills may have been channelled into more lawful use.

"He started his first steps in hacking at the age of sixteen  and is in some ways addicted. He has immersed himself into online computing and hacking and it became a challenge.

"It appear to have been a highly-addictive hobby, a hobby that has ended with him breaking the law. There is a culture of bragging within this community and it has a fantasy element to it.

"You get the feeling with the names Black Dragon and Cyber Commander you are dealing with a James Bond-style secret organisation when in reality it is a bloke on his laptop in a friend's house living an itinerant lifestyle.

"You could describe him as a master online locksmith and he advertised his services to find new challenges and was approached by Mr. Randhawa on the internet.

"The proposal that was put forward in relation to carbon credits was a new challenge for him and he formulated an effective way of putting the operation into effect.

"It came as an enormous surprise to him that it ultimately did work. He did not think in a million years that anyone would open the email and the attachment, particularly in an organisation like the United Nations."

Beddoes received £6,250 for the smaller sale of carbon credits to BP.

"I am sure he would be an extremely valuable asset to any company, telling them where their weaknesses lie and how to stop people getting in," added Mr. Cotter.

Coalminer's son Beddoes, who left school after failing all his GCSE's has been in custody  since his arrest on November 17. 2011. "He has found his time in prison difficult and feels he does not belong there, that he doesn't fit in there."

On Twitter in November 2010 he boasted: "I'm a web/network hacker that is looking to sell my excess data or trade for services. Here is a list of data I am selling for now and more.

"On a mission to code these apps, hack three sites, make some dolla on da forex and debug some router firmwares. Virtually unstoppable."

Randhawa pleaded guilty to two counts of conspiring to secure unauthorised access to computers and two counts of conspiring to impair computer programmes between June 4 and November 17, 2011.

Sangha pleaded guilty to conspiring to disguise criminal property and acquiring criminal property on or before November 17, 2011.

Judge Nicholas Price told Beddoes:  "From a career, which started with no promise academically, your interest in computers started at an extraordinarily young age.

"You possess considerable IT skills that if harnessed legitimately should have provided you with a rewarding job and a substantial salary.

"You would have been an asset to any company, to point out potential abuses in their computer systems and it is a tragedy that you abused those skills in such a criminal way."

When arrested Beddoes was in possession of 3,000 credit card numbers, 500 email addresses of potential 'phishing' scam victims and he had accessed the computers of HSBC, Virgin, LloydsTSB and other companies.

"You adopted a number of cyber tools to attack websites and to obtain carbon credits as well as usernames, passwords, email addresses and bank details.

"The powerful malware you employed was a so-called Trojan called 'Zeus' which when injected into computer systems was highly-efficient at stealing information."

No comments: