A 26-year old IT expert, who operated an online black market site selling drugs from his Edinburgh flat and who obtained details of customers and their credit card numbers by hacking into the computer system of a company he was working for has been ordered to carry out 200 hours of unpaid work and pay £17,000 compensation to the firm.
David Trail, of Watson Crescent, pled guilty last month to being concerned in the supply of Diazepam between May 1, 2013, and November 6, 2014; and to having, between March 21 and May 9, 2014, hacked into the computer system of Scotweb, while being employed there as a Systems Administrator and Web Application Developer. Sentence was deferred until today for reports.
Trail’s flat was raided on November 6, 2014, on a global day of action organised by the FBI and police forces in Germany and the UK.
In a statement agreed by The Crown and Trail’s defence solicitor, Jennifer Cameron, Fiscal Depute Andrew Richardson told the court that like commercial operators such as Amazon and Ebay there were vendors selling illegal products on the “dark web”, allowing people to browse such websites anonymously and securely without being monitored. One of these “dark web” sites, called Topix2, was identified as run from a server based in Germany which was rented by Trail.
Officers of the Police Scotland Cybercrime Unit raided Trail’s flat and an examination of his computer equipment was described by experts as being “among the more advanced in terms of skill required to use it effectively” and that Trail had constructed and administered the Topix2 website. They also found 244 blue Diazepam tablets, envelopes, jiffy bags and stamps along with packaging and postal receipts for various addresses in Europe. Also found was a file called ‘druggers.txt’ with details of 23 names and addresses. Four persons named on the list admitted purchasing Diazepam from Trail using the website. Mr Richardson said it had not been possible to quantify the amount of the drug dealt with by the accused.
The police also found a list of names and credit card details, including the security codes, of customers of Scotweb. The Fiscal said this had caused the company “a great deal of inconvenience and considerable expense”. They had to employ a firm of professional data auditors at a cost of £7000 and were fined £10,000 by their bank for the data breach. It was also estimated that it cost them thousands of pounds in staff costs to try and identify how the breach had occurred and to rebuild their payment and security systems.
Ms Cameron told Sheriff Frank Crowe that her client had been suffering stress and anxiety while studying at Edinburgh University. He could not get tablets from his doctor and had started purchasing Diazepam on the Internet. To pay for the drug he was using, he started selling small amounts to a few other people. “His position is he made no financial gain” said his solicitor.
Sheriff Crowe said he accepted only small amounts of the drug were involved, and in other cases, that might have resulted in a summary complaint. He added he found the charge involving Scotweb the more serious charge. The company had suffered a loss of reputation by their customers’ bank credit card details being compromised. He ordered Trail to pay the company £17,000 compensation within six months. He added that as The Crown were initiating confiscation proceedings for £26,000, the money might come from that and involve the sale of his flat which had bought with money from his late father.
Sheriff Crowe told Trail, who had no previous convictions: “You had a promising career which has been hurt by these crimes. You pled guilty at an early stage which avoided a trial and the background report is favourable and you are at low risk of re-offending.” He added he had considered a prison sentence, but had decided as a direct alternative, to impose a 12 month Community Payback Order. Trail, he said, had undoubted skills and they could be used for the benefit of the community.