The hacker who sent Viagra to Bill Gates

Convicted teenage hacker Raphael Gray harvested thousands of credit card numbers from the net. Then the FBI turned up in his Welsh village knocking on his door, as he explains in our weekly Real Time series.

I was introduced to the internet six years ago the same way most teenagers are - by surfing for porn.

I heard about hacking in net chatrooms and I'd seen the film Wargames [in which a teenager breaks into a military computer] and it seemed like a lot of fun.

I messed around with all kinds of stuff, military stuff. You'd be surprised what they leave laying around. Budgets. Minutes. It can't be that "top secret" if they can't be bothered to lock it up.

A hunt for Jamiroquai CDs began Gray's spree

I heard of a guy who attacked a site selling CDs and tried to extort money from the owner. So, while I was on a website buying some Jamiroquai merchandise, I checked it out, and it was secure.

Then I tapped in a search for sites that sell things, and went to a site in Thailand. I found a two-year-old program on the web to attack it, and hey presto, 5,500 credit card numbers came shifting to my PC.

Brag rights

That was my first site and I thought: "There's brag rights on this." I put up a website and dumped the numbers on there. It really got noticed and loads of people visited it.

I wrote my own program to hunt out vulnerable sites, of which there were thousands, and then manually "did" each one - posting the credit card numbers on the web.

I was offered $15 per credit card number by an American guy ... I had 23,000

Raphael Gray

I was offered $15 per card number by an American guy, if I wrote them on to a CD for him. He could easily have put $100 or $200 on a card.

That was a tempting offer. I had 23,000 numbers to sell, but I thought it wasn't a good idea. I like hacking into sites, I'm curious, but I was definitely on a crusade.

Wake-up call

By doing it, I'd get the brag rights and a lot of people would be forced to wake up. People don't know what can be done to their computer if it's not secure.

Only two of the sites I hacked at random stopped trading. The vulnerability problem had been known about for two years and there was a patch already available for it, but the rest of the sites still kept going.

"I'd go for a pint with Bill Gates"

I was on one site and decided to send Viagra to Bill Gates using one of the credit card numbers [Gray was targeting sites using Microsoft software]. I'd go for a pint with the guy, but I don't like Microsoft. I was working for a Microsoft partner in the UK when I had my first breakdown.

I was interviewed by an internet news site over the phone and said: "Law enforcement couldn't hack its way out of a wet paper bag." The Canadian security consultant who traced me told me it was broadcast on some radio station, that's why they came after me.

Mounties get their man

The FBI and the Royal Canadian Mounted Police - I'd hacked a site in Canada - were on my trail. I'd started in January 2000 and in March they came knocking on my door.

The mounties had contacted my UK ISP, who'd handed things over to the Dyfed Powys police. Four uniforms, two CID and an FBI agent from the US embassy (he gave me his Hotmail address, would you believe?) turned up at 8am.

I was severely worried [when the police arrived], thinking back to the military systems I'd hacked

Raphael Gray

I was severely worried, thinking back to the military systems I'd hacked. They arrested me and my friend who was staying over. They searched my room, but their computer "expert" didn't even seem to know what some of my hardware even was.

I'm on three year's probation and I have to see a psychiatrist weekly - he's going to have a job on his hands [Gray has been diagnosed with schizophrenia].

Script kiddie

A lot of crackers don't like what I did. They consider me to be a script kiddie, someone who can't program in any language, because I used an old exploit instead of creating a new one. But I've been programming since I was 11.

Cracker Kevin Mitnick topped the FBI wanted list

I still spend all day hunched over my computer until I'm exhausted and go to sleep. The famous American hacker Kevin Mitnick was stopped from going near computers, even from working a cash register, but they can't do that in this country.

I've had two job offers - one from the guy who tracked me down - but there's a lot of companies who'd never consider employing me - mental illness still has a stigma attached to it.

But I did some checking around and didn't find anyone vulnerable to the old problem I did so much to highlight - which is a nice feeling.

---

Real Time gives people a chance to tell their own stories in their own words. If you've got something to say, click here.