back to article National Lottery Sentry MBA hacker given nine months in jail after swiping just £5

A Londoner who hacked the National Lottery using Sentry MBA and made off with just £5 will spend up to nine months in prison for his crimes. Anwar Batson, 29, of Lancaster Road in London's Notting Hill, was part of a group of miscreants who hacked into the National Lottery website in 2016. Batson, Crown prosecutor Suki Dhadda …

  1. alain williams Silver badge

    This seems out of proportion to the offense

    The cost of keeping him in chokey for that long will be much, much more than £5. Many weekends doing community service, or similar, will be cheaper, not cost him his job and enable him to care for his child.

    1. Steve Todd Silver badge

      Re: This seems out of proportion to the offense

      The problem wasn't that he got away with £5, but rather that it cost a charitable organisation £230K to respond to the attacks, and lost them 250 customers. THATS the expensive bit.

      1. Anonymous Coward
        Anonymous Coward

        Re: This seems out of proportion to the offense

        it cost a charitable organisation £230K to respond to the attacks

        They would say that, wouldn't they. Like the US DoD, which claimed that Gary McKinnon had caused $700,000 worth of damage to their computer systems by deleting files that should have been easily restorable from backups in a few minutes.

        1. Wellyboot Silver badge

          Re: This seems out of proportion to the offense

          IT security operation involving a large number of staff working to fix the holes - £230k probably isn't far off the mark. DoD would have also had to conduct a similar hole plugging exercise.

          His crime wasn't 'Stealing £5' He was instructing others how to perform criminal acts and accepting proceeds of their crimes as payment, The law (and most people) take a very dim view of this.

          1. Vector

            Re: This seems out of proportion to the offense

            Yes, but as far as I can see from the article, he didn't create the security holes, he exploited existing vulnerabilities. So pinning those costs on him seems rather specious.

            Kinda like saying the rain caused your roof to leak.

            1. FlamingDeath

              Re: This seems out of proportion to the offense

              "Kinda like saying the rain caused your roof to leak."

              Finally, a voice of reason

              The crazies are invading this space, help

              1. d3vy Silver badge

                Re: This seems out of proportion to the offense

                "Kinda like saying the rain caused your roof to leak"

                Actually what they were doing was credential stuffing*

                So in your analogy this would me more akin to complaining that someone is hosing your house with a high pressure hose looking to see if they can cause a leak... Or more accurately standing at your front door with 20k keys trying each one until they gain access...

                * Using credentials exposed elsewhere online to attempt to log into other sites.

              2. ATeal

                Re: This seems out of proportion to the offense

                Yeah I was just trying to think of a way to explain that the £230k or whatever they spent bringing everyone back wasn't ... his fault? And how dubious that is for securing anything: "I'm only paid to write code that assumes 'normal' input" is the next step?

                If they couldn't stop brute force IP attempts that's a really really bad sign.

                "blaming the rain for the leak in the roof" really is apt.

                (Why am I on a moderation queue?)

                Also I thought it was "Camelot lotteries LLC" or something? I don't gamble outside of the bedroom (also: charity that raises money via gambling....?)

              3. I ain't Spartacus Gold badge

                Re: This seems out of proportion to the offense

                That's the old "his front door just fell open officer - so I nicked his telly" - defence. Just because someone does something stupid / negligent / makes a mistake, doesn't give other people the right to steal their stuff. And it's not "reason" or "common sense" to think that it does.

        2. Flocke Kroes Silver badge

          Re: This seems out of proportion to the offense

          The world + dogfish were logged into US DoD because of default passwords and easily guessed passwords. One of Gary McKinnon's mistakes was to log in from a country with (usually simple) extradition to the US. Perhaps it really costs $10,000 to generate a few hundred random passwords, write them on post-it notes, stick them to monitors and change the passwd file to match. Add another $690,000 for staff training to not read those passwords aloud to anyone who phones up and the DoD would have plugged the hole.

          It was unreasonable of the DoD to assign the entire bill to Mr McKinnon. Likewise assigning the full £230K to Batson is unreasonable when much of that money prevented a thousand other leeches doing the exact same thing.

          9 months in prison seems reasonable under the circumstances but he does deserve big thank you for the incompetence required to be detected so quickly.

      2. Khaptain Silver badge

        Re: This seems out of proportion to the offense

        He was involved in a database hack that could have netted them a couple of million had they been clever. Except they only managed to get a fiver, now that's their problem not the judge's.

        Had they got the million or so would it somehow have been a more justifiable sentence, if so why ?

        This is not the same thing as stealing a MacDonalds because you are hungry... Nothing about what they did is acceptable, they got caught stealing other people's money, now they pay the price.

      3. Anonymous Coward
        Anonymous Coward

        Re: This seems out of proportion to the offense

        Personally I would have said that your £230K is part of their administration costs and nothing to do with the third of their business that could be said to have anything to do with Charity work.

        For my part, people take a big cut from gambling and then give some money they got paid to collect to some other group that will also take an "administrative cut" before it going to whomever is presented as being in need of "charity" are not that altruistic on my scale.

      4. Cynic_999 Silver badge

        Re: This seems out of proportion to the offense

        "

        ... cost a charitable organisation £230K to respond to the attacks

        "

        I don't agree. If you have not had a lock on your front door for years, and one day a burglar enters and steals £13, are you justified in saying that the burglary cost you the price of fitting a new lock and burglar alarm in addition to the £13?

        1. Venerable and Fragrant Wind of Change

          Re: This seems out of proportion to the offense

          and one day a burglar enters and steals £13

          ... or one day an intruder enters and takes nothing of more value than a much-needed glass of water from your tap, despite seeing your wallet and other easy-to-filch valuables ...

          are you justified in saying

          Of course you are! It's classic shoot-the-messenger.

      5. jockmcthingiemibobb

        Re: This seems out of proportion to the offense

        Cumalot makes around 75M a year. To call them a charitable organisation is outrageous.

      6. Robert Grant Silver badge

        Re: This seems out of proportion to the offense

        it cost a charitable organisation £230K to respond to the attacks

        This will be nonsense, unless they're paying £230 per minute. In which case their procurement is at fault.

      7. FlamingDeath

        Re: This seems out of proportion to the offense

        "cost a charitable organisation £230K"

        It's not a fucking charity, jesus fucking H christ!!

      8. The First Dave

        Re: This seems out of proportion to the offense

        Sorry, but in what way is Camelot a "charitable organisation"? Does it not have any shareholders?

    2. SuperGeek

      Re: This seems out of proportion to the offense

      "Many weekends doing community service, or similar, will be cheaper, not cost him his job and enable him to care for his child."

      So you want to effectively reward him for being a thieving hacking so and so? Letting him keep his job and still be a father? Sorry, but no. It'll teach the weasel a lesson. He should have thought about that before committing the crime. People like you are the reason the "justice" system in this country is so goddamn soft and unjust.

      And tell his child when they're older, "Your dad wasn't around because he stole from someone. Actions have consequences, little one".

      1. John Robson Silver badge

        Re: This seems out of proportion to the offense

        The issue with that approach is that it very expensive, both in the short term (housing/feeding the convicted and their family, who will likely end up on more benefits)), but also in the long term (children from said environment are not renowned for staying out of trouble for the rest of their live).

        Community service however is much less costly, and still deprives the convicted of significant time - that no doubt they’d want to spend with family.

        I’m not saying two weekends litter picking, but think what this country could do with hundreds of people doing community work every weekend for years...

        “Why was dad never around on Saturdays” is possibly a more powerful question given the prevalence of single parent families.

      2. werdsmith Silver badge

        Re: This seems out of proportion to the offense

        Yes consequences born by the little one.

        Many weekends doing community service is so obviously not an "effective reward".

      3. FlamingDeath

        Re: This seems out of proportion to the offense

        "SuperGeek"

        Thank fuck you are not in charge, you'd be suggesting he has his hands chopped off

        You're definitely super something, it aint geek

        1. Cynic_999 Silver badge

          Re: This seems out of proportion to the offense

          There are many people who endorse the "justice" systems practised by many countries whereby when a criminal is convicted, the entire family is punished for the crime. In the UK we do not intend to do that, but it is very often the result. Quite often the punishment effectively meted out to the family is worse than that suffered by the criminal.

    3. Version 1.0 Silver badge

      Re: This seems out of proportion to the offense

      It's totally out of proportion.

      Does anyone think that if the sysadmin had noticed the security issue one day that they would not have spent even more than that fixing the issues and buying new gear? And then probably missed a hole somewhere and had to repeat the process.

  2. Anonymous Coward
    Anonymous Coward

    The National lottery is a charity?

    I know they have to use some of the gambler's money for things other than their administration costs and the lottery prize but they are 2/3 bookie and at most 1/3 anything to do with charity.

    1. Khaptain Silver badge
      1. Anonymous Coward
        Anonymous Coward

        Re: The National lottery is a charity?

        @Khaptain, you are right charities get less than a third of that doesn't go as a prize

      2. katrinab Silver badge
        Megaphone

        Re: The National lottery is a charity?

        Some of the money goes to charity, but the National Lottery (Camelot UK Lotteries Limited) is not a charity.

      3. JetSetJim Silver badge

        Re: The National lottery is a charity?

        So, out of £7.2Bn in sales, £1.7Bn went to "Lottery Projects", of which 40% (£662m) were "Health, education, environment and charitable causes", the remainder being Sport, Arts & Heritage projects. Assume the 40% is divided equally between the 4 categories listed, that's £165.5m for charitable causes which each have their own overhead.

        On the face of it, it would seem that the when you spend £1 on the lottery, approximately 2.3p goes to a charitable cause (not to disparage at least some of the other causes supported, although one might question why govmt isn't funding health, environment and education properly so that funding via the lottery is needed, but that's a whole nother discussion)

    2. Anonymous Coward
      Anonymous Coward

      Re: The [Maffia]

      Also do a lot of charitable work.

  3. Aaiieeee
    Joke

    The real crime here

    ..is that poor chap being publically exposed as playing the National Lottery. The shame!

    Also, he lost £13, not £5??

    1. Velv Silver badge
      Coat

      Re: The real crime here

      Presumably the other perpetrator is repaying the remaining £8

  4. Anonymous Coward
    Anonymous Coward

    Whatever next?

    Soon we'll be back to hanging people for stealing a loaf of bread.

    1. Anonymous Coward
      Anonymous Coward

      Re: Whatever next?

      Yeah, Camelot "the charity organisation" are not exactly starving to death are they

      https://www.companysearchesmadesimple.com/company/uk/02822203/camelot-uk-lotteries-limited/

      1. katrinab Silver badge
        Coat

        Re: Whatever next?

        Highest paid director Nigel Renton was paid £1.9m in the year to March 2019.

        I think he can cope with the "loss" of £230k in doing security patching that probably needed to be done anyway.

        1. Anonymous Coward
          Anonymous Coward

          Re: Whatever next?

          But is he paid in cash or lucky dips?

      2. Anonymous Coward
        Anonymous Coward

        Re: Whatever next?

        Yeah, Camelot "the charity organisation" are not exactly starving to death are they

        So it's OK to steal from people as long as they have enough money not to miss it?

    2. Aristotles slow and dimwitted horse Silver badge

      Re: Whatever next?

      Ummm, no. I don't think "we" will. But I also don't necessarily see why harsher punishment for crime should be seen as an unreasonable expectation by the public when taking into account for example, the number of people that were knifed in London last year due gangs competing in the drugs trade. A drugs trade I might add, is partially but directly fuelled by recreational demand from rich finance and media bods et al who should actually have more social awareness.

      I would concede however that firmer punishment (i.e. tougher prison sentences in this case) should also be delivered in concert with realistic rehabilitation, and post-release review / support. None of which seems to be working, and seemingly hasn't done for a long time. Although again, I would add that there are probably a lot of career criminals that can't, or don't want to be rehabilitated.

      1. Anonymous Coward
        Anonymous Coward

        Re: Whatever next?

        @ Aristotles slow and dimwitted horse

        For my part I can see the return to hanging for bread theft from the wrong person as being very near on the horizon.

        "Harsher punishment" actually only means something if the guilty are arrested, go though court and are convicted of a crime they commited.

        "Harsher punishment" i.e. longer prison sentences instead of police actually making crime not pay (quantity beats quality here, the more than know that the police deal deal with crime the fewer will attempt it) is not money well spent, neither is it money well spent if the people they punish are not guilty.

        From my own experience and that of people I know the police are just not that interested, you ring them up and attempt to they fix the "customer" rather than the customer's problem, the guilty literally walk past them and are identified by eye-witnesses and they are not interested, even video of dangerous driving complete with number plate that appears on the "paid road tax" is a vehicle they cannot find, they say. I would say that they are choosing who to punish based upon who is complaining

        For my part getting the police to do the job they are paid for would be a better investment than "harsher punishment". They used to hang people for all sorts of things and that did not prevent the crimes. "Harsher punishment" and "fix the client" are just cheap alternatives to actual crime prevention.

        If you actually want to prevent crime then there are a few things that have been proven to actually work.

        Remove poverty, isolation, disenfrancisement and allow a route for all your citizens to obtain what they reasonably desire without having to break the law.

        Include everyone in the task of preventing crime, an isolated group alone like the police can do nothing useful if they are not supported by society on the whole. This means that the police need to be accessible, approachable and overtly effective to everyone not just those that "matter" and the police should stay out of politics which is both not part of their job and marks them as supporting only a percentage of the people who pay for them.

        You may cheer when someone who deserves it recieves what you may call a fitting punishment but what about all the others who got away to repeat their crimes because they were not the people the police were interested in punishing that week

        1. Anonymous Coward
          Anonymous Coward

          Re: Whatever next?

          allow a route for all your citizens to obtain what they reasonably desire without having to break the law.

          I believe that's commonly known as "work".

          1. Cynic_999 Silver badge

            Re: Whatever next?

            "

            I believe that's commonly known as "work".

            "

            Which is not something that is in practise available to everyone equally.

      2. Khaptain Silver badge

        Re: Whatever next?

        Although again, I would add that there are probably a lot of career criminals that can't, or don't want to be rehabilitated

        You mean like bankers, politicians and lawyers...

  5. Anonymous Coward
    Anonymous Coward

    Charity ?

    Last time I looked Camelot was a business.

    1. FlamingDeath

      Re: Charity ?

      The Institute for Statecraft is listed as a charity, just saying

      But I agree with you, the lottery is not a charity

  6. sbt Silver badge
    Flame

    Justice delayed is justice denied

    I'm appalled that it's taken over three and a half years from the arrest to conviction. That's not fair on the guilty or innocent, let alone the victims.

    1. JetSetJim Silver badge

      Re: Justice delayed is justice denied

      Guess who you can blame for that! Tories have been chopping away at the courst for quite some time, leading to this lengthy pause between initial arrest and trial (if it gets there at all).

  7. Scott Pedigo
    Terminator

    Might be worth investing £5

    for the fun of seeing some hacker get a vacation in the slammer.

    I could imagine getting some debit type credit cards, loading them up with £5 each, setting up some e-mail accounts under various usernames, setting up some Amazon or other on-line vendor accounts using those same usernames, and deliberately using the same username / e-mail and password on some other crap websites, and then waiting.

    When some skript-kiddie get the credentials from the inevitable breach, he/she can order a maximum of £5 worth of stuff.

    Chance of skript-kiddie being identified and getting caught? No idea, so don't know if this would pay off versus just losing the £5 quite often.

    But if the chance of getting caught were high, it would be worth the £5 to see them get busted.

    Does it count as entrapment if it is not the police doing it?

    1. Alan Brown Silver badge

      Re: Might be worth investing £5

      "Does it count as entrapment if it is not the police doing it?"

      No such thing under UK law.

      And in any case, setting up bait isn't entrapment. Under US law, entrapment kicks in when the LEOs are encouraging the perpetrator to do the deed.

      1. Cynic_999 Silver badge

        Re: Might be worth investing £5

        "

        ... entrapment kicks in when the LEOs are encouraging the perpetrator to do the deed

        "

        Something many people do not understand. Leaving out "bait" is not entrapment. Leaving "bait" and then hinting to someone specific that they should take it, is.

  8. GrapeBunch
    Coat

    He got one day for stealing 13 quid, 8 months 29 days for wasting police time by stealing such a paltry amount of money.

    Mine's the one with Lancelock in the pockence.

  9. Anonymous Coward
    Anonymous Coward

    I trust MPs who were caught fiddling their expenses

    Will receive pro-rata Jail Terms scaled on the basis of 9 months for every £5 they took.

  10. Pascal Monett Silver badge

    So this guy gets 9 months and a criminal record . .

    . . while the guy who threatened thousands of people gets . . a slap on the wrist ?

    Where's the justice in that system ?

  11. Alan Brown Silver badge

    It seems to me

    That Camelot need some pretty severe GDPR fines for having such pitiful security that customer details (and money) were able to be expropiated.

    And that we still have problems with social biases of the judiciary.

    1. David Hicklin

      Re: It seems to me

      According to the article the tool he was using relied on credentials stolen from other websites - so not reusing passwords would have stopped him in his tracks.

    2. d3vy Silver badge

      Re: It seems to me

      They accessed the accounts by using valid user credentials, not exploiting any security holes.

      Its incredibly hard to defend against - impossible in some instances.

  12. FlamingDeath

    The Institute of statecraft was listed as a charity, not sure if it is anymore, I'm bored of that particular research

    https://www.oscr.org.uk/news/inquiry-report-the-institute-for-statecraft/

  13. FlippingGerman

    Proportional sentences

    It bothers me that seemingly petty crime like this gets a fairly heavy sentence, but crimes that to me seem to have caused far more harm get far less, or are simply not prosecuted at all.

    And sure, Camelot spent 230k on dealing with it, but that doesn't at all mean that it was actually necessary. And perhaps they could and should have spent rather less had they fixed the holes beforehand.

  14. FlamingDeath
    IT Angle

    Oh pull the other one

    The National Lottery is not a charity, it's a fucking scam

    That's like saying corporations aren't sociopaths

    Why are there so many fucking muppets in this world?

    Oh I remember, Idioracy

    Cant wait for the Trash avalanche of 2040

    1. BinkyTheMagicPaperclip

      Re: Oh pull the other one

      I don't see how it's a scam. You can call it a tax on the ignorant or preying on the weak but it delivers large prizes at very high odds, or very low prizes at low odds.

      The question is whether the opportunity cost of the lottery is significant.

      I do play the lottery, I know the chance of being hit by an asteroid is higher, but it's a bit of fun and things I could do with the ticket money wouldn't be terribly significant.

      Where I'm less happy is with the instant win games - the chance of winning is high, so it encourages gambling. At one point I was playing a few a week but decided this was stupid so stopped (and have never gone back), the bastards sent me a letter asking why I wasn't playing any more. Responsible gambling...?

      1. d3vy Silver badge

        Re: Oh pull the other one

        "Responsible gambling"

        As weird as it sounds... Yes.

        If you had responded to say that you stopped because you were struggling financially because of it, or that you were becoming addicted (Or one of a number of other indicators) - you would be at least blacklisted from their service, have your account closed and given information about help providers.

        We are not as yet required to add you to the GAMSTOP database blackisting you elsewhere (not in the instance you described anyway) - but you could refer yourself if you thought you were developing a problem. After that it would be very difficult to gamble anywhere in the UK which does proper identity verification.

        1. BinkyTheMagicPaperclip

          Re: Oh pull the other one

          It was a scrappy little letter not even printed on proper paper from years ago, and from what I can remember was more of the ilk of 'you should really log on and play again', there wasn't a way to respond.

          The ability to blacklist yourself seems not to work very well for problem gamblers spending large amounts of money, if the accounts in Private Eye and elsewhere are to be believed. I suppose at least there is a system now, and fixed odds betting terminals have been severely curtailed.

      2. JetSetJim Silver badge

        Re: Oh pull the other one

        > I don't see how it's a scam. You can call it a tax on the ignorant or preying on the weak but it delivers large prizes at very high odds, or very low prizes at low odds.

        If I place a £1 bet with odds of 14m:1, I'd prefer to get £14m in winnings if it paid off (or at least close to it if I discounted the charitable bit)

        > I do play the lottery, I know the chance of being hit by an asteroid is higher, but it's a bit of fun and things I could do with the ticket money wouldn't be terribly significant.

        You may well find it a bit of fun, but it's the poorest, generally, who spend the most on lottery tickets, yet their communities are overlooked in lottery projects

        https://www.telegraph.co.uk/news/uknews/5911581/National-Lottery-is-tax-on-the-poor.html

        https://www.lottoland.co.uk/magazine/lottery-demographics.html

        https://www.bloomberg.com/news/articles/2018-09-12/the-poorest-americans-risk-the-most-in-hopes-of-striking-it-rich

        Pretty much all gambling is a scam to shift money from the punter to the pocket of the betting shop

        1. BinkyTheMagicPaperclip

          Re: Oh pull the other one

          Certainly don't disagree that in the end the bookie wins. Still, the lottery *does* pay out, and although the way the odds are calculated is hardly in large print it is all listed, and isn't dishonest.

          Whilst the lottery don't spend as much on funding charities as I'd like, they do fund a lot of Sport England, and I've seen sizeable grants from them first hand that really made a difference.

  15. Jamie Jones Silver badge

    Emotive headline

    Without commenting specifically on this case, the amount he earnt isn't relevent.

    If he hadn't have earnt the £5 does that mean he should have been let off scot-free?

  16. Danny 2 Silver badge

    I heart the comments here

    It's life affirming that not everyone is as irrational as other forums suggest.

    My first love is now a small business owner who recently told me she'd sacked an employee for stealing from her till and stealing a charity box. I think she expected me to side with the thief but I told her the sacking was just and I would have called the cops for the charity box. My first loves complaint is she pays twenty times more in local taxes than the shops across the road.

    It's worth bearing in mind that a year in prison costs tax payers circa £45k.

    I have a funny anecdote about a Spanish girl who was taken to court for eating a policeman's sandwich after he arrested her for shop lifting a sandwich. She got off after calling him 'a fat peeg' in court, partly because he was portly. I got her benefits in the UK after a year of her sleeping rough and being wrongly told by the DWP that she didn't qualify for benefits here.

    We live in an irrational society full of irrational systems. It's your job to fix that.

  17. IGotOut Silver badge

    Many are missing the point.

    He wasn't sentenced for stealing £5. He was involved in a group of people aiming to take out a huge chunk of money, not just from Camelot but others. The "others" have already been convicted and sentenced for the same crime, regardless of the amount they stole.

    Here is it a bit clear of an explanation.

    https://nationalcrimeagency.gov.uk/news/cyber-criminal-jailed-over-national-lottery-hack

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020