Matthew Anderson, 33 (17.10.77), of Drummuir, Aberdeenshire was sentenced today at Southwark Crown Court for causing unauthorised modification to the content of computers, contrary to Section 3 of the Computer Misuse Act 1990.
A complex e-crime investigation by Metropolitan Police Service (MPS) and the Finnish authorities was launched in 2006 into a highly organised group who were writing new computer viruses in order to avoid detection by anti-virus products.
They had been primarily targeting hundreds of UK businesses since 2005, and during this time tens of thousands of computers were infected across the globe.
The international conspiracy by members of the online m00p group (M – zero – zero – P) was to infect computers using viruses attached to unsolicited commercial e-mail (spam). Anderson was a key player in this, distributing millions of spam messages.
An operation was mounted by the MPS Police Central e-Crime Unit together with the Finnish National Bureau of Investigation (NBI Finland) and the Finnish Pori Police Department resulting in the arrest of three men on the 27 June 2006 in Suffolk, Scotland and Finland.
One of these men was franchise manager Anderson. His role in the conspiracy was to manage the operation by composing the emails and distributing them with virus attachments.
A number of computers were seized at residential addresses in both countries in addition to the suspects’ servers as part of the investigation.
The computer viruses were found to run in the background on an infected computer without the knowledge of the computer’s owner, but allowed Anderson to access private and commercial data stored on the computers.
He was able to use the control he had on his victims’ computers to activate their webcams, effectively spying on them in their home environment, normally without their knowledge. Police established this during the investigation when they found screen grabs on Anderson’s computers taken from other people’s webcams as well as copies of private documents such as wills, medical reports, CVs, password lists and private photographs.
Online Anderson used the profile names of aobuluz and warpigs. He operated his illegal enterprise behind the front of an online business offering computer security software called Optom Security.
Detective Constable Bob Burls, from the MPS Central e-Crime Unit, said: "This organised online criminal network infected huge numbers of computers around the world, especially targeting UK businesses and individuals. Matthew Anderson methodically exploited computer users not only for his own financial gain but also violating their privacy. They used sophisticated computer code to commit their crimes.
"The internet means criminals have increased opportunities to commit crime internationally, however I’d like to reassure the public that the international law enforcement and anti-virus companies response is increasingly sophisticated. As this case shows, criminals can’t hide online and are being held to account for their actions. A complex investigation like this demonstrates what international cooperation can achieve."
Counts of acquiring criminal property and money laundering were left to lie on file.