‘Rosegold’ National Lottery hacker steals £5, lands prison sentence

The Sentry MBA brute-force account cracking tool was used to compromise user accounts.
Written by Charlie Osborne, Contributing Writer

A man who participated in a scheme to break into the UK's National Lottery website and hijack customer accounts has been jailed for nine months. 

Anwar Batson, from Notting Hill, London, provided others with help and tuition to compromise the lottery's operator, Camelot, the UK's National Crime Agency (NCA) said last week

The 29-year-old, together with Daniel Thompson, Idris Kayode Akinwunmi, and others schemed over ways to make quick cash from the lottery and Batson suggested the use of Sentry MBA to crack and access user accounts.

Sentry MBA is an automated cracking tool that is widely available online. The software suite can be used in credential stuffing attacks when there is a lack of anti-automation protections, taking the need to have any technical knowledge out of the equation to slam an online service with lists of weak password and user combinations, as well as compromised account combinations leaked through data dumps and paste websites. 

According to Verizon's 2019 data breach report, 71 percent of data breaches today are financially motivated, and over 70 percent involve weak or compromised passwords. 

See also: Feds arrest alleged members of international ATM skimmer ring

Under the name "Rosegold," the 29-year-old "told others they could make quick cash" using Sentry MBA and held conversations "about hacking, buying and selling of username and password lists, configuration files, and personal details," UK prosecutors said. 

In 2016, the NCA was made aware that a cyberattack had taken place against the National Lottery. The organization emphasized that core systems responsible for draws were not impacted, but a database containing millions of records was in the line of fire. 

At the time, the National Lottery said approximately 27,000 player accounts were accessed due to "suspicious activity" and information including names, contact details, dates of birth, and limited payment card data may have been exposed. 

In Batson's case, the tool was used to grab credentials -- including those of one lottery player who had £13 stolen from his account by Akinwunmi, £5 of which was sent to Baston.  

The payout was small, but it still counts as fraud and an offense under the UK's 1990 Computer Misuse Act. The National Lottery's operator, however, had to pay £230,000 responding to the attacks and 250 customers closed their accounts in response to the publicity surrounding the incident, according to The Register

CNET: Android phone in Lifeline program allegedly comes with malware preinstalled

After pleading guilty to four offenses under the act and one count of fraud in Southwark Crown Court, Batson has been ordered to spend nine months behind bars. Originally, Batson denied any involvement. 

Thompson and Akinwunmi were jailed in 2018 for eight months and four months respectively after being accused of bombarding the National Lottery website with brute-force cracking attempts.  

"Even the most basic forms of cybercrime can have a substantial impact on victims," said NCA senior investigating officer Andrew Shorrock. "No one should think cybercrime is victimless or that they can get away with it."

TechRepublic: CES 2020 roundup: All the business tech news you need to know

Last week, a US citizen was jailed for four years by the US Department of Justice (DoJ) for widespread identity theft. Babatunde Olusegun Taiwo participated in a scam in which the personal identifying information (PII) of individuals, leaked through a prior data breach, was harnessed to file fraudulent tax returns and refund claims with the US Internal Revenue Service (IRS). 

In total, Taiwo and co-defendants filed for over $12 million in refunds. The IRS paid out $800,000 before law enforcement became involved. 

Europol’s top hacking ring takedowns

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards