back to article Leeds IT bloke pleads guilty to hacking Jet2 CEO's email account

A man has pleaded guilty to hacking low-cost airline Jet2, including an attempt to compromise the CEO's email account. Scott Burns, of Queen Street, Morley, Leeds, had been charged with eight crimes under the Computer Misuse Act (CMA) 1990. The 27-year-old, formerly an IT project manager working for Blue Chip Data Systems, …

  1. BrownishMonstr

    Sounded like he had a chip on the shoulder.


    1. Fungus Bob

      No, you're not.

  2. GnuTzu

    Yet, he either got cocky or lazy, by eventually using his own name. Or, did he finally decide he wanted the fame?

  3. Alister

    One wonders what exactly he got out of the exercise? I see no mention that he was able to access anything other than the email accounts.

  4. Blockchain commentard

    Seems to me he was charged with migrating their email to Office 365. A serious crime indeed!!

    1. Korev Silver badge

      Well that changes the Outlook...

      1. hakuli

        The use of that Virgin Media account seems to have set the Dominos tumbling...

        1. Anonymous Coward
          Anonymous Coward

          bet he's .pst off now

  5. Anonymous Coward
    Anonymous Coward

    If he was involved in setting up the Dart group Office365, then he probably had Admin credentials, and would be able to access any mailbox he wanted. To call that "hacking" is a bit of a stretch, really.

    1. IT Hack

      Setting Up

      Dunno...he was a project manager. An org like Dart would not give a PM that level of access. If they did then I bet it contravenes their ISMS.

      Beer coz well...Beer

      1. Aristotles slow and dimwitted horse Silver badge

        Re: Setting Up

        Agreed. As a PM myself it's highly unlikely that anyone other than the actual techies pushing buttons would get admin level access when doing a migration of sensitive corporate data. That said, different companies do have different protocols and policies.

      2. sal II

        Re: Setting Up

        It's not unusual to use a generic/service high privilege accounts to run scripts etc. for the migration. Easy enough for a PM to get his hands on the credentials, as they are even hard codded in plain text in scripts.

        Bad idea, but I have seen in done plenty of times.

        1. IT Hack

          Re: Setting Up Generic

          Sounds fishy to me....

          1. Steve K Silver badge

            Re: Setting Up Generic

            Yes - a bit of a security haddock too?

            Turbot for the grace of God..

            1. Stevie Silver badge

              Re: Setting Up Generic

              The cost of access on the net.

            2. OssianScotland

              Re: Setting Up Generic

              Cod Almighty, this is not the plaice for such fishy puns

        2. Claptrap314 Silver badge

          Re: Setting Up

          Then get away from those script kiddies & bring in some engineers. Credentials should NEVER be hard coded.

          1. Stevie Silver badge

            Re: Setting Up

            I wish you'd said sooner. Now I'll have to spend weeks redacting "correctbatteryhorsestaple" from about half a hundred webpages.

  6. Flywheel Silver badge

    No physical property was harmed by this crime so he should get a slap on the wrist...

    1. Nick Ryan Silver badge

      99.9999% of money does not exist in anything more than a database. So if someone stole £2,000 from your bank account it would be ok if the perpetrator just got a slap on the wrist? After all, the money never really existed...

  7. Anonymous Coward
    Anonymous Coward

    IT project manager compromised Jet2

    What was his motivation and what did he hope to achieve?

    1. Claptrap314 Silver badge

      Re: IT project manager compromised Jet2

      He was tired of paying for his room and board...

    2. LeahroyNake

      Re: IT project manager compromised Jet2

      I was thinking the same, what was his motivation? It also didn't state if he used any of the information that he accessed for any nefarious means.

      What the hell was he thinking? Or was he just bored lol

    3. Anonymous Coward
      Anonymous Coward

      Re: IT project manager compromised Jet2

      Maybe when someone said "Hack JET Blue" he thought they said Jet2?

  8. Pascal Monett Silver badge

    "statistically speaking, he is unlikely to end up behind bars"

    Maybe, but he's also unlikely to ever work in IT again in a professional capacity. It's time for a career change - whether he wants to or not.

    1. dnicholas

      Re: "statistically speaking, he is unlikely to end up behind bars"

      Nah he can do the infosec speaking circuit for a while. Might even be able to get some cash out of BoJo is he survives

      1. Mark 85 Silver badge

        Re: "statistically speaking, he is unlikely to end up behind bars"

        And then follow up with a career as an IT security consultant as several others have done.

        1. This post has been deleted by its author

        2. John Brown (no body) Silver badge

          Re: "statistically speaking, he is unlikely to end up behind bars"

          "And then follow up with a career as an IT security consultant as several others have done."

          He could end up as a lawyer and/or mayor of New York. He has a background in IT so would never make a good IT security consultant.

  9. SW10

    Question for shareholders

    If no personal data or other customer, supplier or Group data [was] compromised after his in-box was accessed, what was your CEO doing?

    1. robidy

      Re: Question for shareholders

      Not a lot...or perhaps GDPR had been well implemented...

      1. Gordon 10 Silver badge

        Re: Question for shareholders

        Eerr. Fail on your part and Jet2's. I think they meant to say no Customer's personal data was accessed. By definition an email address is personal data, and at a minimum he had that for every account he hacked, and probably a lot more besides from being able to scan the mails in those in-boxes.

        A breach of employee's data privacy is treated in exactly the same way as a breach of customers data privacy under GDPR - it makes no distinction between the two from a regulatory enforcement perspective - there might be different risk mitigations/justifications put forward though...

  10. adam payne

    Leeds IT bloke pleads guilty to hacking Jet2 CEO's email account...and pretty much ends any career that he thought he had in IT.

  11. David Roberts Silver badge

    Someone doing a security audit?

    And found that there were connections to the email account from unexpected sources?

    As others have said, there seems to have been no attemp to exploit the access for gain.

    Just someone making themselves feel special because they have secrets?

    If so, sad rather than dangerous.

  12. Alan J. Wylie

    though statistically speaking, he is unlikely to end up behind bars

    Sentenced: ten months in prison

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021