Hacker who stole millions of people's data jailed

A cyber-criminal who hacked into the websites of international organisations and stole the login details of millions of people has been jailed for 20 months.

Al-Tahery Al-Mashriky, 25, from Rotherham, was arrested by cyber-crime officers in August 2022, after they received intelligence from US law enforcement about extremist hacker groups, according to the National Crime Agency (NCA).

He had stolen personal data that "could have enabled him to target and defraud millions of people," according to an NCA spokesperson.

Al-Mashriky, of St Leonards Lane, pleaded guilty to nine offences under the Computer Misuse Act 1990 and was jailed at Sheffield Crown Court on 15 August.

NCA investigators who seized Al-Mashriky's laptop found he was in possession of personal data for more than four million Facebook users and had several documents containing usernames and passwords for services such as Netflix and PayPal.

The officers were able to link him to hacker group the Yemen Cyber Army through social media and email accounts.

The court heard forensic analysis of Al-Mashriky's laptop and several phones found he had infiltrated a number of websites, including the Yemen Ministry of Foreign Affairs, the Yemen Ministry of Security Media and an Israeli news outlet.

He gained unauthorised access to the websites, created hidden webpages containing his online monikers and messaging that furthered his religious and political ideology, according to the NCA.

Al-Mashriky would often target websites with low security, gaining recognition in the hacking community for the large number of pages he infiltrated, the NCA said.

Using one of his many online aliases, he claimed on one cyber-crime forum that he had hacked into more than 3,000 websites during a three-month period in 2022.

Investigators found that in February 2022, after hacking into the website for Israeli Live News, he accessed admin pages and downloaded the entire website.

He had also hacked into two Yemeni government websites, deploying tools to scan for usernames and vulnerabilities.

Other websites targeted by Al-Mashriky included faith websites in Canada and the USA, as well as the website for the California State Water Board.

Deputy director Paul Foster, head of the NCA's National Cyber Crime Unit, said: "Al-Mashriky's attacks crippled the websites targeted, causing significant disruption to their users and the organisations, just so that he could push the political and ideological views of the Yemen Cyber Army.

"He had also stolen personal data that could have enabled him to target and defraud millions of people.

"Cyber-crime can often appear faceless, with the belief that perpetrators hide in the shadows and can avoid detection.

"However, as this investigation shows, the NCA has the technical capability to pursue and identify offenders like Al-Mashriky and bring them to justice."

Listen to highlights from South Yorkshire on BBC Sounds, catch up with the latest episode of Look North