Scottish Hacker Faces Jail Following Malware Probe

Matthew Broersma,

An Aberdeenshire man has admitted to using spam messages to infect millions of PCs with malware

A Scottish man is likely to face a jail term after pleading guilty on Friday to charges of using spam messages to distribute malware.

Matthew Anderson, a franchise manager from Drummuir, Aberdeenshire, used his security firm Optom Security as a front for the distribution of malicious software capable of stealing personal data and even spying on users via their webcams, according to the Metropolitan Police Service’s Police Central e-Crime Unit (PCeU).

Dawn raids

The PCeU arrested Anderson in a dawn raid in June 2006, following an investigation into a hacking crew called “m00p”. Police allege that Anderson led the group under aliases including “warpigs” and “aobuluz”.

Anderson’s computers were found to contain wills, medical reports, CVs, photographs and other personal documents transferred from users’ systems. The computers also contained images of users in their homes, obtained by the remote control of users’ webcams.

“This organised online criminal network infected huge numbers of computers around the world, especially targeting UK businesses and individuals,” said DC Bob Burls, of the PCeU, in a statement.

“Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes. As this case shows, criminals can’t hide online and are being held to account for their actions,” Burls stated.

Anderson pleaded guilty at Southwark Crown Court to one count of causing unauthorised modification to the content of computers, contrary to section 3 of the Computer Misuse Act.

Financial gain

“This malware group produced several different malware families over several years. They were created for financial gain,” stated Mikko Hyppönen, chief research officer at F-Secure, which aided in the m00p investigation.

Finnish citizen Artturi Alm was also arrested by Finnish authorities as part of the investigation, and in 2008 was sentenced to 18 days in prison, followed by a community service term.

A Suffolk man was also arrested as a result of the investigation but was released without charge.