Gamer sentenced for stealing Steam passwords

Gamer sentenced for stealing Steam passwords

Summary: A former University of Salford student has received an eight-month suspended sentence for harvesting details to play on the Steam platform, in a rare conviction under the Computer Misuse Act

SHARE:
TOPICS: Security
0

A former University of Salford student has been given a suspended sentence for stealing online gaming credentials, in a rare conviction under anti-hacking laws.

Read this

Metropolitan Police trials GeoTime tracking software

Campaigners have expressed concerns over tracking software being tested by the Met that correlates disparate pieces of digital information to track the whereabouts of suspects

Read more+

Paul McLoughlin, 22, was given a sentence of eight months — suspended for 12 months — at Southwark Crown Court on Monday. The Liverpool man pleaded guilty in April to harvesting usernames and passwords from at least 100 people, according to the Metropolitan Police.

"A prosecution and conviction for this particular offence is rare," detective inspector Colin Wetherill of the Police Central eCrime Unit (PCeU) said in a statement on Tuesday.

McLoughlin was charged under section 3A of the Computer Misuse Act 1990, which forbids the adaptation of a program to gain unauthorised access to computers.

The University of Salford contacted the police after it received a complaint from a US resident regarding the theft of personal details. The police worked with the academic institution and with security company McAfee to gather evidence.

"The PCeU worked very closely with McAfee and acknowledge their contribution in gathering evidence that enabled an early arrest to be made and a successful conviction," said Wetherill.

The police asked McAfee to perform analysis on the malware, Alex Hinchliffe, a malware research manager in the security company's European division, told ZDNet UK.

Istealer software

McLoughlin wrapped password-stealing software called Istealer in various progams, including a game called Prototype, according to Hinchliffe. He also piggybacked the malware on programs promising to crack copyright protection on some gaming platforms.

ZDNet UK app

ZDNet UK app for iPhone and Android devices

It's small, it's simple, it's multi-platform. The ZDNet UK app is now available for download from the App Store and Android Market.

Read blog +

The Istealer tool is a Trojan-creation kit with a wizard that let users select the particular types of password they want to steal. McLoughlin specified the details he wanted to grab, including passwords for the Steam online gaming platform, so he could play games logged in as another user and avoid payment.

McLoughlin also kept some of the default settings. These aimed to steal passwords for Google Talk, MSN IM and AIM. They also logged Firefox profiles and Internet Explorer intelliforms, which store personal details to allow the autofilling of web forms.

McLoughlin seeded the poisoned programs on different websites, including the RapidShare file-hosting site, Hinchliffe added.

Once people downloaded the programs, the Istealer program harvested usernames and passwords. The data was sent to an FTP server set up by McLoughlin to receive and manage the passwords, which he used to access 20 accounts.


Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion