A teenage hacker who rose to fame for hacking into the online accounts of former CIA director John Brennan, former director of intelligence James Clapper, and other high-profile US government employees, got sentenced to two years of prison on Friday.
For a few months in late 2015 and early 2016, Kane Gamble, who went by the alias Cracka at the time, was the alleged 15-year-old leader of a hacking group calling themselves Crackas With Attitude or CWA. The group targeted and broke into Brennan’s AOL email account, Clapper’s internet provider account, and others, including a White House official.
Gamble was arrested in February of 2016 and he pleaded guilty to ten hacking charges in October of last year. Now 18 years old, he was finally sentenced on Friday afternoon local time in the Old Bailey, the central criminal court in London after his first sentencing hearing in January was postponed. The judge ruled that he will have to spend two years at a youth detention center, according to reports from the court.
During the hearing, the judge said Gamble was the leader of “a cyber gang” that carried out “an extremely nasty campaign of politically-motivated cyber terrorism,” according to a BBC reporter who was in court.
The hacking group’s modus operandi was to use social engineering to convince support workers of internet and phone providers to reset the victim’s passwords and give the hackers access to their accounts. Then the hackers would sometimes prank and harass the victims, and subsequently brag about the hacks on Twitter and with reporters.
The hackers also targeted FBI’s then executive assistant Amy Hess, getting into her ISP’s account. At that point, the Cracka and his associates downloaded the movie Hackers, V for Vendetta and a porn film onto Hess’s digital recorder, the prosecutor said during the first sentencing hearing on January 19, according to the Leicester Mercury.
Other than hacking and pranking high-profile government employees, CWA also obtained sensitive documents and even accessed and then published the contact information of thousands of federal and local law enforcement agents.
Read more: The Motherboard Guide To Not Getting Hacked
In the months leading up to his sentencing, Gamble told me he was busy with school, spending time with his mom, and working to find and report vulnerabilities in websites as a white hat hacker. In February, Gamble reported a bug on a T-Mobile website that could have allowed hackers to gain control of customers’ accounts. The company rewarded him with a bug bounty of $5,000 for alerting it of the flaw.
Gamble has also been active on Twitter, sharing his feelings about his legal ordeal.
“Let’s hope I don’t die today,” Gamble wrote in a Tweet in January, before the first sentencing hearing.
On Wednesday of this week, he wrote: “I honestly can’t wait for my entire court situation to be over with so I can finally put everything behind me.”
British security researchers criticized the judge’s decision on Twitter.
Mustafa Al-Bassam, a former hacker for the group LulzSec, said this was “an unprecedented ruling, considering that no under 18 has ever served a custodial sentence in the UK for hacking.”
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Get six of our favorite Motherboard stories every day by signing up for our newsletter.