back to article UK student hacker sentenced over gaming Trojan

A UK university student has avoided jail over a malware-based scam that allowed him to break into the personal computers and webmail accounts of an estimated 100 victims. Paul McLouglin, 22, a Salford University student from Liverpool, tricked victims into downloading password-stealing software, called Istealer, which he had …

COMMENTS

This topic is closed for new posts.
  1. relentless
    Joke

    Missed the matrix...

    He clearly took the blue pill.

  2. doperative
    Alien

    how to stay safe online

    Never ever download and run apps from unknown sources. If you have to run malware.exe to get access to a site then it is almost certainly a scam.

    > McLouglin is reckoned to have accessed at least 20 individual accounts belonging to the estimated 100 victims hit by the scam.

    How were the other 80 victems not affected ?

    1. Bumpy Cat

      Infected but not abused?

      I'm guessing the other 80 victims, although infected with the malware, didn't pass on usable login credentials.

      Or, maybe they were playing games that the malware author dude wasn't interested in.

    2. This post has been deleted by its author

      1. Anonymous Coward
        Happy

        I should imagine...

        ... they felt that posting simplistic call-centre-level advice on a forum fairly well known for the technical expertise of its contributors was patronising enough to warrant a thumbs down.

        Here, have another.

        1. Anonymous Coward
          Coat

          Yup...

          Especially that downloading unknown executables from the net, particularly those containing malware, is part of job description of some people here. Together with running them through debuggers, disassemblers et al. to see what exactly they do, and whether they should be added to the next release of AV databases. Capiche, comrade?

          Mine's the one with a HIEW install disk in the pocket.

  3. Anonymous Coward
    Anonymous Coward

    Can't say that...

    ...I have much sympathy for the users of keygens

    1. Anonymous Coward
      Anonymous Coward

      sandboxie is your friend

      that is all.

  4. Anonymous Coward
    WTF?

    "disguised as a code-generation key for online games"

    Why were the criminals who downloaded illegal, cracking software also not prosecuted.

    You play with fire, expect to get burnt.

    1. Anonymous Coward
      Anonymous Coward

      Because it wasn't cracking software.

      Even if you can describe a keygen as cracking software and even if just possessing said software was illegal they didn't download any such thing, they downloaded spyware.

      You can't prosecute someone who buys milk powder from a drug dealer for possession, even if they did believe they were getting cocaine and the same applies here.

      1. Anonymous Coward
        Anonymous Coward

        Move to the U.S.

        It's called conspiracy (as in to commit a crime). It's used when they can't bust someone on a normal charge. RICO allows the govt. to take the property used in the crime before a conviction is obtained. Nice racket. We also bust people for drug paraphenilia, even if they have no drugs on them and there is no residue on the items.

      2. dssf

        You can't prosecute someone who buys milk powder from a drug dealer ...

        You can't? I seem to recall (maybe faultily) FBI and undercover police arresting people for buying what they thought were drugs when they were no buying drugs. (Again, my memory could be faulty)...

        That is almost the same as arresting someone for solicitation. The undercover cop/fake sex offeror has no duty nor any likely intent to actually give his/her body for sex to cite or arrest a person for solicitation, intent, and agreeing to consort. In the name of keeping the public safe, the charges for solicitation tend to stick. Wouldn't the charges apply if a person is arrested for intent to purchase cocaine even if holding out cash that only obtains mashed-potato-power-mix subtitutes?

        1. Matt Bryant Silver badge
          Boffin

          RE: You can't prosecute someone who buys milk powder from a drug dealer ...

          IANAL, but laws on drugs possession seem to diffe between states, let alone countries, and are very different to those around software crime. In some areas of the World, possession of even the tiniest amount of some narcotics is illegal, and therefore your intent to commit the crime is shown by your attempting to purchase it, whether it actually is the drugs or powdered milk. In other areas, possession of small amounts for personal use is tolerated, in which cases the sting has to get you to buy more than the "personal use" amount so they can infer you are going to sell it on, i.e. be a dealer.

          In this case, the key-gen software is itself not illegal, you could always claim you downloaded it out of curiosity, because you wanted to send it on to the game's manufacturer to allow them to tighten security, or because you wanted to study it. Because it would be very hard for the coppers to prove you had an intent to commit a criminal act, they'd probably not prosecute. It's like going to the hardware store and buying a crowbar - it doesn't make you a burglar until you take it out and use it to break into someone else's property.

      3. Anonymous Coward
        Thumb Down

        re: Because it wasn't cracking software

        You must have been asleep during the Labour years. Under thought crime legislation (brought in with the help of the Tories), INTENT is the only thing that matters now.

        Anyway, no honour amongst thieves - who'd have thought it.

    2. tom 24
      Pirate

      All users of software are crims

      If you've never downloaded a no-CD (or no-dongle) hack to use with software you legally purchased, you're a square. Illegal does not necessarily mean immoral. And it doesn't always mean stealing.

      Granted, it's getting hard to find clean wares these days. Trojans everywhere. Where is the love?

    3. Anonymous Coward
      Anonymous Coward

      umm

      cracks may be a copyright issue as they are often modified versions of copyrighted files (they chop out the checking code from the games exe file for example), but a keygen is not illegal, there is nothing at all illegal about writing your own program and releasing it - well unless you are in the US and they patent the key generation algorithm of course!

    4. Maxson
      Stop

      Most likely because...

      It's not illegal to own cracking software, It's pretty much only illegal to successfully use it. In the days of digital downloads, owning the files to some software without a license key is a very grey area.

      Most cases of software "theft" aren't criminal offences, they're civil offences, which means that a case is only brought forward if the software's Intellectual Property owner brings a case forward, to successfully win a civil case you need a "balance of probabilities" which essentially means you need to prove your property rights have been trodden on, if someone unsuccessfully tries to steal software, but causes no further damage (to the software owner, in this case they damaged themselves but can't sue themselves) then there's no reasonable grounds for a civil offence case.

  5. Anonymous Coward
    Black Helicopters

    the victims were freetards

    What the police have learned is that they can publish sting software (not malware, no sirree!) which purports to be keygen software but actually just uploads the identity of freetards to the Big Computer.

  6. Anonymous Coward
    WTF?

    Money well spent

    Nice to see cyber crime policing money so well spent.

    So, to sum up; we just have illegal access to accounts of 20 people, who by the sound of it were online software thieves anyway.

    And how much did this investigation and prosecution cost us all then?

    1. Anonymous Coward
      FAIL

      re: Money well spent

      "And how much did this investigation and prosecution cost us all then?"

      Not as much as the vast sums they waste on the likes of CSC. And no one is accountable. EVER. Not even the NAO.

      Continuous improvement - they've heard of it...

  7. Bumpy Cat

    Rare conviction

    Parts of the internet are a hive of scum and villainy, aren't they? I have to wonder how many thousands of people are hit by this sort of thing. The bad guy in this case was just exceptionally unlucky to have been caught.

  8. Anonymous Coward
    WTF?

    A US victim complained?

    Am totally shocked he was tried in the UK.

    I thought the new standard operating procedure was to extradite the bugger to the US so they can be sentenced to 80 odd years...

    1. Domus
      Black Helicopters

      lucky escape

      Nope, it's war now.

      http://www.theregister.co.uk/2011/05/17/white_house_cyberspace_strategy/

      There are probably lots of helicopters flying around right now. But they're very stealthy. And they've crashed one.

    2. nyelvmark
      Black Helicopters

      Extradition is SO last season...

      These days the US just send a team of navy seals to eliminate the problem.

      Can you hear the black helicopters coming? There's no point trying to hide unless you switched your smartphone off 100km away.

  9. kain preacher

    @14:05 GMT

    Am totally shocked he was tried in the UK.

    So am instead of them declining to prosecute and saying no crime was committed on our soil.

  10. tom 24
    FAIL

    Not so bright, was he?

    So the FTP account was easily traced to him? What would we do if there were smart criminals?

  11. Anonymous Coward
    Big Brother

    Section 3A of the Computer Misuse Act

    I just read the text of section 3A and it does make interesting reading. So, if someone approaches me and asks me to supply a keylogger for what ever purpose, then I could be liable for two years in the slammer.

    "A person is guilty of an offence if he makes, adapts, supplies or offers to supply any article intending .. believing that .. obtains any article .. its being supplied" ...

    http://www.legislation.gov.uk/ukpga/2006/48/section/37

    1. A handle is required
      Happy

      I don't think so...

      You were only asked, not offering. I don't see anything about that.

  12. David Leigh 1

    What a complete waste of taxpayers' money!!

    The title says it all - how much do you think that little farce cost, and all to protect some dumbos who were trying to break the law themselves!

  13. Dr Patrick J R Harkin

    US resident. University of Salford.

    How long is that keyboard cable? (Or do you mean "US citizen"?)

    Where's the pedantic icon - apologies, where's the icon for use by pedants? (The icon itself cannot be pedantic, after all.)

This topic is closed for new posts.

Other stories you might like