In the latest Tales of the Cyber Underground instalment, Tom Brewster ponders the effect that jail time has on convicted hackers, and talks to cybercriminals who have served prison sentences about their experiences....
Tony Colston-Hayter, one of the chief organizers of acid house raves in the late 1980s, was this April sentenced to five and a half years in prison for his involvement in attempts to hack Barclays and Santader banks. When I went to a court hearing ahead of the trial earlier this year, I spoke briefly with Colston-Hayter’s sister. She said the arrest might have been the best thing for him, given the troubles with drugs he was believed to have had.
After the sentencing, she declined to comment further. That’s unsurprising, given the negative press her brother has attracted over the years, from the partying days to the life of cybercrime he went on to. Little of the coverage focused on what occurred in between those two phases of Colston-Hayter’s life, on the human element of what happened.
But her comments at that initial trial were surprising. They spawned further questions: what’s life like in prison for hackers? And, despite the obvious negative connotations jail time has, can it be positive for those sentenced for digital crimes? They’re prickly questions to answer.
The convicted hackers I’ve spoken to over the past three months all came out of prison with many positives, despite some memories they’d rather delete. Admittedly, it’s considerably harder to find willing interviewees who had a particularly distressing time during and after prison, but it’s clear from conversations with the hackers that being punished for computer-based crimes isn’t always entirely negative.
Opening the Doors to a New Life of Crime
Andrew Auernheimer, better known as Weev, who served a total of 13 months for his part in a hack of an AT&T website, is looking remarkably upbeat when we speak over Skype. Weev did have some distressing experiences in jail. He says he was kept in solitary confinement for much of his time in Allenwood Federal Correctional Center in Pennsylvania, and went on hunger strike towards the end of his term.
Yet Auernheimer says he made numerous friends who were serving time due to gang-related crimes. And he is as cantankerous and facetious as ever. “Prison basically gave me a bunch of gang connections, which is great”, he tells me. “They're actually pretty cool dudes and now I can get good deals on crack cocaine, which is pretty urgent considering how much I like to smoke it.
“I got treated pretty well by the other inmates, except for the pedophiles, who we did our best to [beat up]. It was pretty good, the treatment from the other inmates.”
He’s now pursuing a new line of business: he’ll be taking up small positions in companies, selling the shares quickly, finding security vulnerabilities across that organization’s digital estate and then buying the same shares as soon as they cost less due to his findings. Called TRO LLC, or Troll Corporation, it will essentially bet on the potential reputational damage of disclosing a vulnerability. It’s a twist on the classic short position tactic used by finance types.
It’s possibly illegal, but Weev thinks he is going to make a lot of money. “[The AT&T event] was not the first time I've caused a multi-billion dollar shift in a corporate market cap... being able to move the market off of some sort of security or privacy or cultural issue involving software bugs”, Auernheimer says.
“There's literally a billion dollars in this. A three percent downward shift in a public company can give an 80 per cent return on leverage auctions in a day. I could do this three or four times a year... the numbers are great. Surely there are enough security people who are incompetent enough on security for me to get filthy rich.
“There are lots of people that do security disclosures but very few move markets. I've found that the spectacle of my personal presence in any given issue actually increases my ability to [affect share prices].”
From Crook to Fresh Enterprise
Cal Leeming, a hacker who served jail time in the UK for using stolen credit card data to buy items and then sell them on eBay, says his prison experience was ultimately positive, but only because he had a good support network. Like Weev, Leeming’s time inside was fairly typical, there was no special treatment for hackers, he wasn’t bullied because his crimes were “geekier” than most. Not that it was a good time behind bars.
“Prison itself is not a fun place to be, the boredom and negative influences can make people worse than they were before. But worst of all is the lack of freedom, knowing that you cannot get up and leave, something I still have nightmares about”, he tells me.
“Prison worked for me, but only because of my individual circumstances and support network, it could have very easily gone the other way. I've stayed in contact with one other guy I met in prison, he's stayed legit too and now works as an IT engineer, and is yet further proof that people can change.”
Unlike Weev, Leeming felt the full reforming force of prison, due to his frustrations at being incarcerated. He now runs his own IT support firm Simplicity Media and is considerably happier with life.
“At no point during that time did I have any temptation to turn back to crime, it wasn't an option as far as I was concerned. I remembered exactly how I felt being sat in that prison cell, away from the people and things closest to me, and there was no way I would go back to that again.”
Whilst Leeming’s and Weev’s experiences were seemingly rather different, both had a lot of support when doing time. In Leeming’s case that came from family, in Weev’s from the hacker community who were worried about Auernheimer’s contentious conviction over the release of the breach of AT&T, which some saw as a piece of security research.
The same likely goes for anyone who commits crime: with the right level of support they can come out of prison in one piece and ready to begin fresh enterprises. So-called ‘virtual’ criminals really aren’t that different from their ‘real world’ counterparts. Too often we separate the cyber and non-digital worlds. We’re all human after all.