'Courvoisier' Hacker Sold Customer Credentials over Dark Web from 17 Companies Pleaded Guilty to Multiple Offenses
Grant West, a 25-year-old UK hacker who goes under the pseudonym "Courvoisier," was arrested after a two-year long investigation by Scotland Yard for selling stolen customer credentials on the dark web.
According to a May 11, 2018, Weekly Threat Report from the UK's National Cyber Security Centre (NCSC), West was detained and arrested in September 2017 on a train while logging into his dark web marketplace account. Since being brought up on multiple charges, West has pleaded guilty in court to the mounting charges that could land him in prison for a long time.
In the NCSC report it was revealed that The Southwark Crown Court that West was hacked into the online networks that belonged to multiple businesses around the world. Many of the companies that West attacked to pilfer data included Apple, T-Mobile, Uber, Groupon, Argos, Nectar, Sainsbury, Vitality, and many more. The Daily Mail reports that as many as 17 companies in all were under attack by West. The data from the networks belonging to multiple companies was stolen by West, which was comprised of the data from thousands of customers.
Initially, the attack of the websites was due to a brute-force attack that used specialized software to obtain personal information. Additionally, data stolen by West was also acquired through spear-phishing techniques, which is a method of duping customers so that they unknowingly give up their credit card details, which includes their online login credentials, email addresses, and other pertinent information that may later be used against them.
After the theft of the customer data, it was later sold over the dark web, which is a secretive network of hackers and cybercrooks that can only be accessed with the proper authorization and software. Hackers are known to often congregate over the dark web to share their latest malicious activities or sell their latest score of data from an attacked source.
Another day, another hacker attack
Unfortunately, the practices of West are an unfortunate norm in the realm of computer hackers. Aggressive phishing techniques have long been utilized to scour login credentials and other personal data from unsuspecting computer users. In fact, in the case of West, the UK hacker went to new heights to sell off his stolen data to some of the highest bidders found on the dark web.
As suspected, many of West's monetization of his hacking activities were done through cryptocurrency, which is the choice method of fundamentally laundering money in the world of hackers. According to the Daily Mail, much of West's business was carried out using Bitcoins. Moreover, police found about 25,000 in cash and hundreds of grams of cannabis when his property was searched in September of 2017.
Victimized customers of hacked companies urged to use caution
Eventually, due to the actions of West, customers of many high-profile companies may suffer from identity theft, stolen money out of their banking accounts, or exploitation through aggressive spam email campaigns. The possibilities are nearly endless when it comes to personal data being exploited where hackers who purchase the stolen data could then leverage it in a way to spread specialized campaigns to others who may be friends or email acquaintances of the victims. If anyone ever finds themself as a victim of such a hack they should take precautions to at least monitor their accounts, change their passwords, and utilize extra caution when opening emails.
While we don't know the specific outcome of West's sentence after being charged with his actions of stealing personal data and selling it off on the dark web, we can claim a small victory in knowing one more hacker is off the streets and unable to do his/her dirty work. Hopefully, in witnessing to hackers being brought up on charges for their wrongdoings will make an example out of West and a warning to others to get out of the game of stealing data, because, one day, they will eventually get caught.