LONDON, U.K., NOVEMBER 25, 2010 A computer hacker who posed as a student to access a university computer room and steal the passwords of hundreds of students' email accounts was sentenced yesterday.
Daniel Woo, a 23-year-old man from Bulgaria, was ordered to pay £21,000 (US$33,090) in costs and compensation at Southwark Crown Court for offences under the Misuse of Computers Act. He was also given a suspended sentence of 36 weeks imprisonment.
The police arrested Woo on November 1, 2006 at the University of London's School of Oriental and African Studies (SOAS) after he was caught installing password-stealing software in a computer room on campus. He was spotted by IT staff who were investigating anomalies in the computer network.
The Metropolitan Police Service's Police Central e-Crime Unit found that Woo had claimed to be a student in order to access the computer room on at least 10 occasions in October and November 2006.
He used various hacking techniques to break a number of students' passwords and gain access to their email accounts, before installing a password-capturing software known as 'Cain and Able' onto a number of machines. This enabled him to collect more student passwords and covertly gather traffic passing through the university's computer network.
Woo accessed hundreds of private emails containing personal identification and financial information, and the police found that fraud had occurred on a number of compromised payment accounts.
On further investigation, officers have also been able to link Woo to similar crimes at the University of Coventry, and they also found that he had stolen an ID card from a student at the University of Northampton.
Woo has also been given a two-year supervision order, and 200 hours unpaid work on top of his prison sentence.
He has also been banned from entering any college, university or place of higher education without the police consent for 12 months.
Sign up for Computerworld eNewsletters.