Cybercrime , Fraud Management & Cybercrime , Social Engineering

UK Teen Sentenced for 'Cyber Terrorizing' US Officials

Kane Gamble Receives Two-Year Sentence for Targeting CIA, FBI, DHS Officials
UK Teen Sentenced for 'Cyber Terrorizing' US Officials
At a hearing at London's Old Bailey courthouse, Kane Gamble received a two-year sentence. (Photo: Dun.can, via Flickr/CC)

A British teenager has been sentenced to serve two years in a youth detention center after he admitted to targeting U.S. officials and information via a social engineering and hacking spree when he was age 15 and 16.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

Kane Gamble, 18, of Coalville, Leicestershire in England, also admitted to founding the online nuisance group known as Crackas With Attitude, or CWA.

Authorities say Gamble's victims included a trio of now-former U.S. officials: CIA Director John Brennan, whose family was harassed with voicemail messages; FBI Deputy Director Mark Giuliano; and Secretary of the Department of Homeland Security Jeh Johnson, whose home television was hacked to read "I own you" and whose wife received a threatening voicemail message.

Police say Gamble used social engineering tactics to gain access to accounts, after researching targets and identifying answers to security questions, which allowed him to trick service providers into resetting account passwords to ones that he then controlled.

On Friday, Gamble appeared at the Central Criminal Court of England and Wales in London - better known as the Old Bailey - to be sentenced. Prosecutors told the court that Gamble impersonated his victims, tricking call centers run by Comcast, Verizon and the U.S. government to obtain access to individuals' personal accounts as well as confidential personal information and details of extremely sensitive military and intelligence operations in Afghanistan and Iraq.

Prosecutors told the court that Gamble's victims also included James Clapper, the former U.S. director of national intelligence, plus two other Obama administration officials - Avril Haines and John Holdren - and FBI Special Agent Amy Hess, the Guardian reported.

Gamble was charged last July after an investigation by the U.K.'s South East Regional Organized Crime Unit, known as SEROCU.

On Oct. 6, 2017, at Leicester crown court, Gamble pleaded guilty to eight charges of intent to secure unauthorized access to computers as well as two charges of unauthorized modification of computer material, for attacks he carried out between June 2015 and February 2016 using the online handles "Cracka" and "DotGovs" (see UK Police Arrest Suspect Over CIA Director's Email Hack).

Last week, Judge Charles Haddon-Cave gave Gamble a two-year deterrent sentence, meaning it's designed to send a message to anyone else who might consider committing similar crimes (see The Myth of Cybercrime Deterrence).

The judge, the Guardian reported, said the defendant had "reveled" in his attacks, adding: "This was an extremely nasty campaign of politically motivated cyber terrorism. The victims would have felt seriously violated."

Judge Haddon-Cave also ordered all of Gamble's computers to be seized.

DHS Employees' Personal Details Dumped

Gamble admitted to being behind the theft of contact information for 9,000 U.S. DHS and 20,000 FBI employees, which was dumped online with the message: "This is for Palestine."

Prosecutor John Lloyd-Jones, the Guardian reported, last week told the court: "So many of the American witnesses attest to a drop in confidence in the use of portals, many of the agencies withdrawing their contributions, reducing the effectiveness in the wider law enforcement community in America."

That DHS dox - aka data dump - had been previewed by the Twitter accountholder "@DotGovs," who then took credit for the information release (see Dox Files: DHS Probes Information Dump).

At various times, the @DotGovs account included a call to "free Palestine," and added such hash tags as "FreePalestine," "FreeGaza" and "Anonymous" to messages.

A spreadsheet of information compiled by "Cracka" and posted to Twitter, containing excerpts of stolen data.

Gamble's attorney, William Harbage, last week argued before the court that his client should be given a suspended sentence, saying he'd never meant to "harm and traumatize people on an individual basis" and that he was due to sit for university entrance exams in June and wanted to pursue computer science studies and a "useful" career, the Guardian reported.

Harbage told the court that his client is on the autistic spectrum, the BBC reported.

Self-Described 'Teen Stoner'

Gamble also admitted to being the self-described "teen stoner" who called himself "Cracka" and who obtained access to the personal AOL email account of now former CIA Director Brennan's personal AOL email account. At the time, Cracka claimed that Brennan's personal email account had included contact information for some for top U.S. national security and intelligence officials, as well as attachments with sensitive information, such as Brennan's application for a top secret security clearance.

In at least one media interview, "Cracka" claimed to be a male U.S. high school student.

But in fact, the defendant was a British teenager. "This investigation has been carried out by our Cyber Crime Unit who have worked hard to ensure that the evidence against Kane Gamble was plain for all to see," says Detective Inspector Nick Bell, from SEROCU's Cyber Crime Unit.

"We have worked with our partners nationally in the National Crime Agency as well as working closely internationally with the FBI and U.S. Secret Service, to ensure cybercriminals do not have any safe haven to operate and are brought to justice," Bell adds.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.