Cybercriminal Jailed for Nine Months Over National Lottery Hack
A 29-year-old man from Notting Hill, London, has been sentenced to nine months in prison for his role in a cyberattack targeting the National Lottery. Anwar Batson was convicted on four charges under the Computer Misuse Act 1990 and one fraud charge following an investigation by the National Crime Agency (NCA).
The attack, reported in November 2016, compromised a database containing nine million customer records. Batson used the hacking tool Sentry MBA to orchestrate the breach, providing others with a configuration file to launch credential-stuffing attacks against Camelot, the operator of the National Lottery. He also shared a victim’s login details with Idris Kayode Akinwunmi, 21, of Birmingham, who stole £13 from the account and sent £5 to Batson.
Two other accomplices Daniel Thompson, 27, of Newcastle, and Akinwunmi were previously jailed in July 2018 for their involvement. Thompson received an eight-month sentence, while Akinwunmi was jailed for four months after using an online tool to bombard lottery accounts with thousands of login attempts.
Batson was arrested in May 2017 and initially denied involvement, but investigators found evidence on his computer, including conversations about hacking, buying and selling credentials, and discussions with Akinwunmi about the theft.
NCA senior investigating officer Andrew Shorrock emphasized that even basic cybercrime has serious consequences, stating that offenders will be pursued and prosecuted. The case highlights the risks of credential-stuffing attacks and the legal repercussions for those involved in cyber fraud.
Source: https://www.infosecurity-magazine.com/news/national-lottery-hacker-jailed/
Camelot cybersecurity rating report: https://www.rankiteo.com/company/camelot
"id": "CAM1769571508",
"linkid": "camelot",
"type": "Breach",
"date": "1/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Nine million',
'industry': 'Gambling/Lottery',
'location': 'United Kingdom',
'name': 'Camelot (National Lottery)',
'type': 'Organization'}],
'attack_vector': 'Credential Stuffing',
'data_breach': {'number_of_records_exposed': '9,000,000',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'Personally Identifiable Information '
'(PII)',
'type_of_data_compromised': 'Customer records'},
'date_detected': '2016-11',
'description': 'A 29-year-old man from Notting Hill, London, was sentenced to '
'nine months in prison for his role in a cyberattack targeting '
'the National Lottery. The attack compromised a database '
'containing nine million customer records using the hacking '
'tool Sentry MBA to launch credential-stuffing attacks against '
'Camelot, the operator of the National Lottery.',
'impact': {'data_compromised': 'Nine million customer records',
'financial_loss': '£13 stolen from one account, £5 shared with '
'Batson',
'identity_theft_risk': 'High',
'systems_affected': 'National Lottery customer database'},
'initial_access_broker': {'entry_point': 'Credential Stuffing via Sentry MBA'},
'investigation_status': 'Completed (convictions secured)',
'lessons_learned': 'Even basic cybercrime has serious consequences, and '
'offenders will be pursued and prosecuted. Highlights '
'risks of credential-stuffing attacks.',
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Use of hacking tool (Sentry MBA) '
'for credential-stuffing attacks, '
'weak account security'},
'references': [{'source': 'National Crime Agency (NCA)'}],
'regulatory_compliance': {'legal_actions': 'Criminal prosecution (nine-month '
'prison sentence for Anwar Batson)',
'regulations_violated': 'Computer Misuse Act 1990, '
'Fraud'},
'response': {'law_enforcement_notified': 'National Crime Agency (NCA)'},
'threat_actor': 'Anwar Batson, Idris Kayode Akinwunmi, Daniel Thompson',
'title': 'Cybercriminal Jailed for Nine Months Over National Lottery Hack',
'type': 'Data Breach'}