Teen who hacked and downloaded 280,000 customer details avoids jail

Court: The teen hacker was just 17 at the time
Court: The teen hacker was just 17 at the time

A Latvian teenager who hacked into the website over four years ago and downloaded details of 280,000 users from their database has avoided a jail term.

The court heard it was Aleksejs Ivanvos’s (23) hobby at the time, that he didn’t gain financially and he just wanted the satisfaction of a successful hacking.

The then teenager told investigators that he gained access to internet forum by using the Twitter password of the website’s administrator.

Ivanvos of Saldus, Latvia,  pleaded guilty at Dublin Circuit Criminal Court to criminal damage of data at based in Blanchardstown, Dublin on December 21, 2010. He was aged 17 at the time.

Colm O’Briain BL, prosecuting confirmed that under legislation,  criminal damage to computer data can include, as it does in this case, altering or inserting files into pre-existing computer systems.

Ivanvos was brought to Ireland from England by an extradition warrant which was granted in February 2011. He spent just over two months on remand before he was released on bail and allowed to return to the UK.

Judge Martin Nolan said Ivanvos was “a bit of an expert breaking into computer systems” who spent a lot of time in his room playing on his computer.

He said the then teenager believed he had been “playing a game rather than causing damage” and hadn’t intended the problems caused to

Judge Nolan noted that Ivanvos had not distributed the information nor had he made any profit from it. He sentenced him to one year in prison which he suspended in full after commenting that there was “no justification for a term of imprisonment”.

Detective Garda Colm Gallagher of the garda’s Computer Crime Unit told Colm O’Briain BL, prosecuting, that a software developer for noticed that there were two files on the website’s server that didn’t belong there.

He investigated it further and found that the system had been accessed by an unauthorised person who had uploaded two programmes to the server which allowed him to gain privileged access and download the details of 280,000 users.

It was discovered that the hacking had been carried out by someone using a Latvian IP address.

A garda investigation was then launched and officers worked directly with police in Latvia to trace back the IP address to Ivanvos’s family home.

Det Gda Gallagher said he was present with Latvian police when the house was raided after a warrant was successfully obtained. 

Ivanvos was in the house and took full responsibility. He said he spent all his free time on the computer, using information he had, to try and get access to other accounts.

He told officers he was attracted to because he saw it had a high number of users. He found the administrator of the site through that person’s Twitter account and was able to decrypt their password for Twitter.

The person used the same password for their administrative work with which Ivanvos used to gain access into the website’s server.

He told gardaí that he never passed on the information he got from the database.

Det Gda Gallagher said the hacking cost €30,000 between time lost when the site was offline to fix the system and the costs involved to carry out the repairs.

Det Gda Gallagher agreed with Paul Greene SC, defending, that his client initially didn’t take the case “particularly seriously” but the “penny dropped” following his extradition and jail time in two different jurisdictions.

Mr Greene told Judge Nolan that his client has no previous convictions and has remained out of trouble since his arrest. He described him as “an intelligent person who over-stepped the mark”.