Take a hacker seriously: the story of Raphael Grey

You will take a hacker seriously after reading the story of Raphael Grey.

Raphael Grey managed to hack several e-commerce sites, accessing the customers’ credit card data for a month in 2000 at the age of 18.

This hack allowed him to steal several million dollars before he was arrested by the British police and the American FBI at his home in rural Wales on March 23, 2000.

Prior to his arrest, Grey posted thousands of payment data on the web to highlight the inherent weaknesses of the e-commerce sites of the time.

Today we explore the activities of the best known hackers in the history of computer science, known as “Curador”, “Custodian”, or “The Saint”.


The attack

What was Grey’s hacking activity?

Grey hacked several store sites via a computer, that he paid  £800 for, from his home in Clynderwen, Pembrokeshire, Wales.

According to the investigations, “Curador” had got its hands on a total of 26,000 payment records from 9 e-commerce sites across the UK, Canada, US, Japan and Thailand.

There, he later posted on blogs and consumer sites around the world.

Grey exploited an inherent weakness in the merchants’ computer systems.

The gateway was in fact a software that allowed anyone remotely to access the information contained in the computers that used it.

This flaw also affected payment information.

Prior to the breach, Grey reportedly notified these sites, highlighting this security flaw in their platforms. Gray also contacted Bill Gates. But everyone ignored him.


The hunt and arrest of Grey

Did he get away with it?

The publication of the payment information took place on a site created by Grey himself. The aim was to inform the public about the non-security of payment systems.

However, we don’t know if Grey’s intentions were genuine or not.

In any case, the notoriety and the belief that he would never be taken for his crimes put him under the lens of the police.

Investigators enlisted the services of a former hacker, Chris Davis, who felt insulted by Grey’s arrogance. Gray believed, in fact, to be impregnable thanks to the Internet.

However, he turned out differently. Davis tracked down Grey in less than a day and passed the information to the FBI who, along with the British police, arrested Grey.

Here you can find an interview from Davis about Grey’s tracking.


Conclusions: the story of Raphael Grey

What did this story teach us?

First and foremost, Grey was certainly a talented young man. It is not uncommon to read similar stories to him.

We recently talked about “Kirk”, the teenager who hacked Twitter on our blog.

You may be wondering if it’s easy to steal sensitive information like this Welsh guy did.

Do not worry!

Indeed, the protection of payment data has improved over time and today the security standards are very high.

Finally, what is the moral of this story?

When it comes to cybersecurity, information exchange is valuable. “Whitehat” or “ethical” hackers are confronted every day to study and anticipate the most subtle threats.

In conclusion, alarms such as those of Grey must be taken seriously, even if they do not justify the thefts of millions and the publication of sensitive data to the public, of course.