Prison Break by Email - Cybercrime with a Twist

In these digital times, cyber criminals normally exploit IT security vulnerabilities to penetrate the systems of companies or private individuals. For once, the opposite is the case here. The criminal didn't want to get into the system, he wanted to get out! On remand in a south-west London prison, one inmate didn't think much of staying behind bars until his sentence and even less of the traditional escape routes. Building an escape tunnel with tools he made himself from a toothbrush and razor blade or sawing through the bars on the window with a file he had smuggled in and abseiling himself down with a sheet was far too strenuous for him. Instead, he used his IT skills and calmly walked out of the prison in broad daylight, undisturbed - and, believe it or not, three whole days passed before his escape was even noticed. How did he do it? Let's turn back time and go back to the beginning of the story.

The protagonist

Neil Moore 28 years old, a more or less successful fraudster and impostor by profession and on remand for eight previously confessed fraud offenses.
Let's take a brief look at his background: Neil Moore had grown up in Trinidad and Tobago where, after receiving an inheritance, he lived a lavish and extravagant lifestyle until the money ran out. As he was neither willing to give up his standard of living nor to work for his money, he left the island and from then on financed his usual luxury in the style of a «Great Gatsby» as a conman. When he was finally caught, he admitted to eight cases of fraud in which he pretended to be an employee (male or female) of the banks Barclays, Lloyds and Santander, among others, in order to obtain transfers totaling 1,818,000 pounds (!) from large companies such as Thomas Exchange Global. He was on remand for these eight fraud offenses when he decided to leave prison. And this is how it happened...

How on earth...?

In retrospect, the 28-year-old's plan was actually quite simple, but clever enough to fool the people in charge at the prison... And his actions once again show how important it is to pay close attention to the originator of an email!
Moore's plan was to get himself released from prison on bail. And this is how he went about it - quite cleverly, we think...
  • Target: The prison officers are to receive a message from the Southwalk Crown Court clerk, known to the prison officers by name, informing them that Neil Moore has been granted the necessary bail for his temporary release and instructing them to implement this immediately.
  • Step 1: In order to set up a suitable email address from which he could send the email, Moore used the name of the police officer investigating him as well as the address and telephone number of the Royal Courts of Justice in London. To do this, he used a so-called illegal cell phone, which are often used in prisons.
  • Step 2: So he set up an email that had an ending, or domain name, that corresponded almost 1:1 to that of the court service. But only almost. However, it was similar enough to mislead the prison officers.
  • Step 3: In his message, the fake court employee instructs the officers to release Moore immediately on bail, whereupon he walks out of prison comfortably and unmolested on March 10, 2023.
It was frighteningly simple - or «a piece of cake», as they would say in London. Moore may not have been a violent offender, but he was still an individual best not let loose on humanity. It wasn't until a full three days later that Moore's lawyers, who came to the prison for a meeting with him, realized that Moore had disappeared. Unbelievable, but true!
Moore was eventually arrested again and sentenced to seven years in prison for the eight fraud cases plus one escape.

Was lernen wir aus der Geschichte? Lügen haben kurze Beine und der Teufel liegt im Detail!

As we strongly recommend in our blog article on cyber attacks via email, you should always look very carefully at the sender addresses of messages, especially if they contain requests to take action or download documents. For example, Moore used exactly the same letters for his domain as the real email address, but hyphens instead of dots - so .hmcts-gsi-gov-uk instead of hmcts.gsi.gov.uk.
It is certain that the prison IT is not safe and that the prison officers have certainly not passed the IT security awareness test and need to be better trained immediately! Because who knows who will be the next person to walk out of this prison!
For all of us, this story is another reminder that we can and must all do our bit to make it less easy for cyber criminals: So keep an eye out for emails, even if they come from seemingly familiar senders!
Not sure whether your company is sufficiently well positioned in terms of cybersecurity? Simply take our free assessment or talk to our IT Security Consultant right away:
Marius Dubach

IT Security Consultant
+41 61 500 16 15
marius.dubach@primetrack.ch

icon_datalynxgroup_colored-1png
Ergänzende Services der Datalynx Gruppe