November 23, 2010, 1:48 PM — The Scottish botnet spammer found guilty last month for orchestrating a malicious Trojan campaign in 2006 has been sentenced to 18 months in prison.
The sentence imposed on 33-year old Matthew Anderson by the Southwark Crown Court judge could be counted as tough or lenient, depending on how the facts around the case are framed.
He was a key member of a gang that distributed software capable of data theft, of hijacking infected PCs for use in botnets, and in performing remote a range of surveillance on victims. Normally, that would considered a serious offence.
With few e-crime precedents to draw on for guidance, two things probably stopped Anderson from receiving a tougher sentence - the fact that the crimes happened some years ago and, at times, their sheer oddity.
He was prosecuted under the Computer Misuse Act 1990 for crimes said to have occurred between September 2005 and his arrest in June 2006. Under the harsher Police and Justice Act, which came into force in November 2006, he would almost certainly have had his sentence increased significantly.
Anderson is also believed to have been motivated by psychological urges different from the modus operandi of modern e-crime, which is maximum profit.
He carried out the crimes from a PC in his mother's living room, using a computer software company as a front, which made him look like more of a mis-adventurous hacker than a criminal mastermind. He is also said to have been fascinated by the ability to hijack webcams, allowing him to take pictures of his victims or steal files from them, neither of which was obviously profitable.
In other words, the impression here was of a man excited by the power of hacking. The modest amounts of money he made out of the operation were a sideline.
Anderson will be up for parole after half his sentence has been served and faces punishment other than a £5,000 ($8,000) fine. By comparison, the US youth who hacked the email account of Sarah Palin in 2008 recently received a year in an open prison for much less serious hacking of a small amount of private data from one person.
"As this case shows, criminals can't hide online and are being held to account for their actions. A complex investigation like this demonstrates what international cooperation can achieve," said Detective Constable Bob Burls of the UK Police Central e-Crime Unit (PCeU), neatly ignoring the fact that few online criminals are ever caught and it has taken over four years to sentence Anderson.
