A KANGAROO Flat man stole the credit card details of 76 members of a Northern Territory political party using hacking techniques he learnt on a YouTube video, a court has heard.
Aaron Warren Camm, 20, pleaded guilty in the Bendigo Magistrates’ Court on Wednesday to three charges from the Australian Federal Police.
From November 6, 2014, Camm used the online hacking programs SQLmap and Havij to gain the personal details of 117 party members, and the credit card details of 76. He then made a number of online purchases.
The programs identified the political party’s website www.countryliberals.org.au as vulnerable to a hacking attack, using a technique called “SQL Injection”.
Camm was 18 and living in Maryborough at the time.
Federal prosecutor Isaac Buckley said Camm made 40 “commands” and obtained unauthorised data 13 times between November 6, 2014 and February 16, 2015 using techniques he learnt on YouTube.
On February 12, he used a credit card from the list to purchase a $119 nine-carat gold elephant pendant from Prouds The Jewellers’ online store.
He attached the message “I love you muffin” to the purchase.
On the same day, he used the same credit card details to make a $39.99 purchase from Steam games. On both occasions, he used his own email address which included his name.
Two days later, the victim noticed the purchases and canceled the card. Camm attempted to make a $12.99 purchase on Skype on February 16, but failed.
The website was taken down soon after and remains down today.
AFP officers traced the purchases back to Camm and raided his Maryborough home on March 11, 2015, seizing a laptop, iPhone and computer tower.
In a police interview on May 26, Camm told officers he wanted to “test if I could do it”. He also admitted he learnt the technique from a YouTube video.
Camm sent an email on May 27 apologising for the crime.
Defence counsel Claire Wilkins said Camm was unemployed and not studying at the time. She said the hacking came out of “boredom”.
“He was quite bored, which led him to participate in this kind of behaviour,” Ms Wilkins said.
“He used his own email details when making the purchases – it was not difficult for the AFP to trace back to him. It was not a sophisticated hacking operation.”
She said Camm was studying a Diploma of IT and had ambitions to enter university, arguing against a recorded conviction.
Mr Buckley said a conviction was necessary given the hacking was “prolonged”, having taken place over the course of three months.
“Entry of someone else’s credit card details is a very serious offence,” he said.
“This sort of offending cannot go unnoticed.”
Magistrate Jennifer Tregent agreed, and said there were 117 potential victims of the hack.
She said internet security was something most people expected.
“We are all very reliant on the internet, we all hope there is security, particularly with banking details,” Ms Tregent said.
“You had to do a bit to achieve this outcome. You had to Google the method and use a particular program.
“You were able to get the membership details, and once you had them, it lead onto other offences.”
Camm was convicted and fined $500, and placed on a 12-month good behaviour bond.