Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response

Hacker Jailed for Gold Robbery Campaign

London Cops Busted Gang that Intercepted Shipments of Gold
Hacker Jailed for Gold Robbery Campaign
Adam Penny, 25, admitted to masterminding a hacking scheme designed to help steal gold bullion. (Source: Met Police)

A man who pleaded guilty to hacking into a gold bullion trading company's computers so his associates could intercept their gold shipments has been sentenced to serve five years and four months in jail. London's Metropolitan Police said they were able to launch the case thanks to the breached business having come forward.

See Also: On Demand | The Dark Side of AI: Unmasking its Threats and Navigating the Shadows of Cybersecurity in the Digital Age

On Sept. 12, Adam Penny, 25, was sentenced at Kingston Crown Court in London. He'd been charged with conspiracy to steal, unauthorized access to a computer and blackmail. On April 1, he pleaded guilty to the first two charges, and not guilty to blackmail. But he was convicted of the blackmail charge in July.

Police say that Penny and three other individuals, who have also been sentenced, plotted to steal nearly £90,000 ($120,000) by physically intercepting shipments of gold to the customers of an unnamed metal-trading firm.

Penny was first arrested at his home in London in June 2015 as part of an investigation led by detectives from the Met's Cyber Crime Unit. The Met is responsible for policing greater London, with the exception of the city's financial district, which is the responsibility of City of London police.

At the time of Penny's arrest, investigators say, they seized six iPhones and two MacBooks - one secreted in a toilet cistern - from his house. They say that after conducting a digital forensic examination of the systems, they recovered "evidence of Penny's blackmail demands to the company and instructions for his interceptors."

Intercepting Postal Deliveries

In court, prosecutors detailed a criminal campaign that involved Penny hacking into the systems of a firm that sells bullion - referring to any bulk quantity of a precious metal - to steal details of customers and impending gold shipments. Penny then shared that information with his associates so they could attempt to physically intercept the deliveries.

"Penny hacked into the computers of the company and got others to intercept the gold packages for him," Detective Constable Matt Burke, who's part of the Met's Cyber Crime Unit, says in a statement. "When even this wasn't enough for his lavish lifestyle, he blackmailed the company for £50,000 ($66,000). At the time of his arrest, Penny was living in a luxury apartment in the Canary Wharf area, despite having no paid employment that we could identify."

A LinkedIn profile registered in Penny's name lists Penny as being a dealer in precious metals as well as the founder and managing director of a company called GB & Coins Limited, founded in November 2014. "The business is totally focused on delivering exceptional service to private investors looking to buy gold and silver coins or bars. At U.K.'s cheapest prices," the profile states.

Penny's previous job, according to the LinkedIn profile, was delivering newspapers for three years for a corner shop.

In 2011, Penny - then age 19 - had faced one charge of fraud and two charges of money laundering after he allegedly defrauded gold bullion buyers on eBay, local newspaper Western Morning News reported. In particular, three separate buyers had reported losing between £4,400 ($5,800) and £6,850 ($9,100) each. Penny denied the allegations, and the Crown Prosecution Service said that it lacked sufficient evidence to pursue the case, leading to it being dismissed.

Gang of Four

In the case of the gold-interception scheme, three others have also been convicted of conspiracy to steal and were sentenced Sept. 12:

  • Joshua Wilkins, 25, who was sentenced to 22 months' imprisonment;
  • Nour Mansouri, 24, who was sentenced to 200 hours community service and ordered to pay £1,000 ($1,325) in costs;
  • Daniel William Rabbitte, 25, who was sentenced to 18 months' imprisonment, which has been suspended for two years, meaning that if he doesn't commit any further offenses for two years, he'll stay out of jail.

"The defendants stole, or attempted to steal, six packages with an estimated value of over £88,000 ($117,000)," according to the Met. "The stolen gold was then sold to an unsuspecting jeweler in London."

Also sentenced (from left): Joshua Wilkins, Nour Mansouri and Daniel William Rabbitte. (Source: Met Police)

Prosecutors told the court that Penny provided relevant customer details and shipment-tracking numbers to Wilkins, Mansouri and Rabbitte, who would then go to the designated address and wait for the delivery. In one case, the defendants traveled to Newcastle - 300 miles north of London - where they attempted to take receipt of a delivery but failed "because the postman knew the victim and refused to hand over the parcel," according to the Met police.

Victim Came Forward

Police said they were able to launch the case after the business that was targeted alerted authorities (see Cybercrime Victims: Please Come Forward).

"This case highlights the importance of robust cybersecurity systems for businesses and particularly those with an online presence," Sanjiv Gohil, a detective inspector with the Met's Cyber Crime Unit, says in a statement. "In this case, the breach was reported to the police and we were able to investigate and bring Penny to justice, without further compromise to the company and their customers."


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.