Man discovers passwords of 30 customers
A COMPUTER hacker who found out the usernames and passwords of 30 website customers spent more than $70,000 of their money on assorted goods.
Lim Jun Quan, 23, was jailed for 28 months yesterday after pleading guilty to 20 charges such as computer misuse, conspiracy to dishonestly receive stolen property and cheating by personation. Another 154 charges were taken into consideration during his sentencing.
A district court heard that Lim researched hacking tools online and used one particular program to attack four vulnerable Singapore-based websites, which cannot be named.
His complex modus operandi involved him using trial and error to painstakingly work out which of the websites' users had the same username-password combinations for their e-mail accounts as they did for marketplace websites.
He would use them to buy items like mobile phones, Samsung tablets, watches and wallets.
The items were delivered to the home of an accomplice, Gabriel Tan Li Qun, 20. They were sold and the proceeds were split.
This was to avoid detection as Lim and another accomplice, Leong Jia Hao, 20, did not want to have items bought using compromised Groupon accounts delivered to their homes.
Deputy Public Prosecutor Suhas Malhotra said Lim was able to charge the payments for unauthorised transactions to the credit cards of the victims.
"Jun Quan primarily exploited not human naivete but a technical vulnerability in a computer system," he said. "If left unchecked, offences like those committed by Jun Quan would immediately damage not only Singapore's burgeoning e-commerce industry, but also our reputation in the field of cybersecurity.
"He taught himself the skills and performed the function. This is not just an offender who is self-taught. This is an offender whose criminality is evolving over time... becoming more and more cunning."
Lim had been placed on probation in January 2014 for computer misuse but re-offended shortly after that.
He committed three separate tranches of offences while on probation, under police investigation and on court bail respectively.
District Judge Shawn Ho, who backdated Lim's sentence to his remand on March 31 this year, said the Internet is a new crime scene, and this case is a reminder for all to take cybersecurity seriously.
DPP Suhas, who had sought a sentence of 30 to 36 months' jail to be imposed, said Lim's offences were unprecedented, highly aggravated, deliberate with a high degree of pre-meditation and planning.
Lim's lawyer Alice Tan said her client, who had been addicted to gambling since he was 14 , had cooperated with police even though he had taken steps to evade detection.
She asked the court to give him a chance to prove himself again, not in this realm, but using the intelligence that he has for a good cause.
"We are dealing with a high intelligence person before us. He has realised since March 31 that if he had used his knowledge elsewhere, he would excel,'' she said.
Both Tan and Leong have been given 27 months' probation for their roles in the crime.
The maximum punishment under the Computer Misuse and Cybersecurity Act is a $10,000 fine and three years' jail.