A UK man living in a caravan park has pleaded guilty last week to cyber-attacks on 17 websites and selling stolen user information on the Dark Web.
Grant West, 25, admitted to carrying out brute-force attacks on Uber, Groupon, T Mobile, Just Eat, Ladbrokes, Asda, Argos, Nectar, Sainsburys, AO.com, Coral Betting, Vitality, RS Feva Class Association 2017, the British Cardiovascular Society, Mighty Deals Limited, M R Porter, and more.
Investigators said West used an account brute-forcing tool called Sentry MBA to detect valid user credentials against the login pages of online websites
West later used the stolen credentials to break into accounts and harvest user information. He assembled the stolen data in "fullz," a term short for "full credentials" and used to describe email, username, and password combos.
Police say West set up a Dark Web shop to sell fullz in exchange for Bitcoin for the 17 sites he managed to successfully attack. West, who used the nickname "Courvoisier," also sold cannabis and cannabis resin.
When police raided his home, located in the Ashcroft Caravan Park in Minster on the Isle of Sheppey, they said they found £25,000 ($33,300) in cash and a significant amount of Bitcoins. They also found the drugs he was selling online.
Authorities arrested West on September 30, and he's now awaiting sentencing after pleading guilty last week.