Anwar Batson, a small-time cyber criminal from Notting Hill, London, has been handed a nine-month prison sentence at Southwark Crown Court after pleading guilty over his role in a November 2016 cyber attack on Camelot, operator of the UK’s National Lottery, which targeted a database containing nine million player records.
Batson exploited a tool called Sentry MBA, an HTTP bot that is widely used in credential stuffing attacks, to create a file that launched the attack. Under the alias Rosegold, Batson told others they could make quick cash by using it against Camelot.
Two other men, Daniel Thompson from Newcastle and Idris Kayode Akinwunmi from Birmingham, have already received sentences of eight and four months, respectively, after using Batson’s application to bombard Camelot’s web domain with thousands of login attempts.
Batson also gave the username and password of one player to Akinwunmi, who stole a total of £13 from the account – of which Batson received £5.
“Even the most basic forms of cyber crime can have a substantial impact on victims,” said Andrew Shorrock, senior investigating officer at the National Crime Agency (NCA).
“No one should think cyber crime is victimless or that they can get away with it. The NCA will pursue and identify offenders, and any conviction can be devastating to their futures.”
Batson had denied any involvement and claimed he had fallen victim to online trolls who had cloned and hacked his devices. However, on inspecting his devices, officers uncovered conversations between Rosegold and others about hacking, buying and selling lists of passwords and usernames, configuration files and other personal details. They also found clothes he had bought online that had been dispatched to Rosegold on the address label.
Batson admitted one offence of fraud, and four offences under the Computer Misuse Act 1990. These were obtaining an article for an offence under sections 1, 3 and 3ZA of the act; offering to supply articles for use in an offence under the same sections; supplying articles for an offence under the same sections; and securing unauthorised access to computer material.