COUNTY NEWS: Man sentenced for cyber attacks on police contact centre
The incident, which happened in October 2014, meant the police’s contact centre was ‘significantly impaired’ for six hours.
A police statement says that Kyoji Mochizuki, 28, of Mansfield Road, Hove, appeared for sentencing at Lewes Crown Court on Friday (August 19) after pleading guilty at Hove Crown Court in July to four counts of unauthorised acts with intent to impair the operation of or prevent/hinder access to a computer, contrary to Section 3 of the Computer Misuse Act 1990.
He was given a ten-month jail sentence, suspended for 18 months.
The statements adds that the court heard how on October 26, 2014, Mochizuki – also known as Tariq Elmughrabi and Taz Rider – sent around 3,000 emails from various domains to the Sussex Police contact centre at 9.25am.
It was to tie up the force’s email system for more than six hours.
During this time Sussex Police said its contact centre and the non-urgent reporting mechanism for the public was hindered.
It took staff a further 11 hours to restore the email inbox to full operation order.
Earlier that year, in February, an email was received from a sender purporting to be from a man working for a company called Uberex, threatening to attack Sussex Police services in revenge for the force seizing electronic property belonging to Mochizuki in connection with another case, for which he was on bail.
Police said Mochizuki was identified as being a director of that company.
On Monday, November 10, at 5.45am, more emails started to arrive in the public contact centre from a ‘hackerforhire’ domain with the subject line ‘Contact UBX Technology’, in what police called ‘a deliberate attempt to flood the system’.
The statement adds that on November 20, the Surrey and Sussex Cyber Crime Unit raided Mochizuki’s home address and seized a number of items including a computer, a CCTV system that covered all rooms in his house, the entrance and the exterior.
When interviewed he claimed to have carried out work for the FBI and the NCA (National Crime Agency).
He stated that he worked for a company called Uberex as an ethical hacker and with the people whose names were used on the attacking emails.
However, he was unable to put police in contact with them.
Detective Constable Paul Constable from the Surrey and Sussex Cyber Crime Unit said: “In addition to Sussex Police, Mochizuki launched an attack on Brighton and Hove City Council’s email system after he had been summonsed for failing to pay his tax. Their system effectively captured the 2,000 emails aimed at the council tax email inbox.
“An Essex-based insurance company insured a company called Xerosec, which made a claim in 2013 for £36.576.11 due to their computer system overheating after a hacker attack. They paid a sum of £10,000 in settlement to Kyoji Mochizuki of Mansfield Drive, Hove. The following year, the company claimed for equipment damaged in a power surge. The insurer asked to examine the equipment, but was told that was not possible and then received correspondence from the managing director of Xerosec complaining about their incompetence.
“The insurer sent a representative to visit the company where he met with a relative of the accused who stated she had no knowledge of the claim and had been appointed as MD without being consulted. The claim was subsequently refused and on November 6 three of the insurer’s email addresses, including that of the person dealing with the claim, were subject to a denial of service attack.”
Detective Inspector Andrew Haslam, also from the Cyber Crime Unit said: “The scale of Mochizuki’s activities and deceit is breath-taking. Behind each of the events mentioned in court lie a complex web of aliases, email addresses, false employees and considerable technological skill, sadly put to criminal use.
“His attacks on Sussex Police cost nearly £4000 in specialist time to resolve, but of far worse consequence was the significant amount of time lost by contact centre staff that should have been devoted to non-emergency callers and others making contact through email.
“However, I would stress that our 999 emergency operation was not affected by his attacks, nor our operational response effectiveness. The security of the emails from the public was not compromised in any way and there was no impact on any other force IT, email address, web or telephony systems.
“Since the attack, a significant amount of work has taken place to improve the resilience and security of all our IT systems, including emails.” Mochizuki, who had been remanded in custody since breaching bail conditions in June last year, was released upon sentencing.