Jailed cybercriminal hacked into his own prison’s computer system after being put in IT class

Here’s a piece of advice for those running classes training prisoners about information technology.

It’s probably not a good idea to let notorious hackers join the course – or, if you do, to keep a very close eye on what they’re up to.

Teenager Nicholas Webber ran the infamous GhostMarket.Net cybercrime website, which sold stolen credit card details and offered tutorials to budding criminals about how to commit identity theft and online scams.

Nicholas Webber

Sign up to our free newsletter.
Security news, advice, and tips.

With 8,500 members, GhostMarket was the biggest criminal website ever uncovered by the British authorities.

It’s said that GhostMarket’s activities can be linked to frauds around the world which saw £8 million stolen from 65,000 bank accounts.

Media reports have detailed the playboy lifestyle enjoyed by Nicholas Webber, GhostMarket’s founder, who had only just turned 18 at the time of his arrest in October 2009.

Webber was sentenced to five years imprisonment in May 2011, and found himself at HM Prison Isis, a Category C male Young Offenders Institution, in South East London.

Cells at HM Prison Isis

Normally you would expect (and hope) a hacker’s criminal career to end there, but sadly that wasn’t to be.

As the Daily Mail reports, Webber somehow managed to sign-up for the prison’s IT class, and from there managed to hack into the prison’s mainframe computer.

According to the report, a spokesman for the prison service has confirmed that Webber was involved in the hack, but has downplayed the significance of the hack:

"At the time of this incident in 2011 the educational computer system at HMP Isis was a closed network. No access to personal information or wider access to the internet or other prison systems would have been possible."

The story of the 2011 prison hack has only come to light now because Michael Fox, the IT class’s teacher, is claiming unfair dismissal. Fox says that it was not his decision to admit Webber to the class, and that he was not aware of Webber’s history of cybercrime.

Earlier this year, an official report claimed that HM Prison Isis was “bedevilled” by technological problems, including a breakdown in its biometric thumbprint security system.

Let’s hope that they didn’t ask Webber to help them fix that…

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.