An IT support bod who reportedly stole more than £30,000 in Bitcoin, Litecoin and Ethereum has been jailed.
Mark Andrews of St Helens, northwest England, was sentenced to prison by Liverpool Crown Court after pleading guilty to one charge of theft and one charge under the Computer Misuse Act.
By day 38-year-old Andrews was a self-employed IT support specialist, and a business enquiry in April 2019 led to him spotting a folder on a new customer's network containing Bitcoin, Litecoin and Ethereum.
Local newspaper the St Helens Star reported from Andrews' sentencing hearing that the associated cryptocurrencies were worth £31,244.07 when Andrews made his move.
Crown prosecutor Jonathan Duffy told Liverpool Crown Court: "The victim employed Mark Andrews to sort out his business's IT software and paid him £1,320 for the job. Andrews had access to the business's system and all aspects of the network. But he secured unauthorised access to the victim's private folder and stole all of the cryptocurrency."
The victim spotted what happened about a fortnight later, traced the cryptocurrency's movements and called Cheshire Police, who seized Andrews' laptop and found that the digital dosh had passed through his fingers, allowing him to clear £14,000 of his own debts. Some £17,000 worth was said to have been recovered.
His Honour Judge Simon Berkson told Andrews: "You were put in a high degree of trust at this man's business, you breached that trust by stealing all of the money you could. It was an easy thing for you to do."
Andrews, of Woodlands Road, St Helens, was sentenced to 20 months' imprisonment for theft and 10 months, to run concurrently, under the Computer Misuse Act. The St Helens Star reported that he has four previous convictions, including obtaining property by deception.
Detective Sergeant David MacFarlane of Cheshire Police said in a statement: "The Cheshire Constabulary Cyber Crime Team with the assistance of the Digital Forensics Unit and the Economic Crime Unit were able to piece together crucial data and we were able to successfully apprehend Andrews and bring him to justice."
The case has some rough similarities with that of Jet2 hacker Scott Burns, who also abused trusted credentials to do things he wasn't allowed to do. Rather than steal, however, Burns deliberately tried to knock out the entire company's Active Directory domain – and was jailed for five months.
There is no specific Computer Misuse Act sentencing guideline for judges to use when sending down digital perps, meaning sentences can vary widely. ®