Prolific Hacker Gets Prison Time

Breached Law Enforcement Agencies, Stole Card Details
Prolific Hacker Gets Prison Time

A Massachusetts man who pleaded guilty to hacking the computer networks of law enforcement agencies across the U.S., as well as obtaining stolen payment card data, has been sentenced to four years in prison.

See Also: Silos: Banking's Silent Menace

Cameron Lacroix of New Bedford, Mass., pleaded guilty in June to two counts of computer intrusion and one count of access device fraud (see: Hacker Pleads Guilty to Breaching Networks). Lacroix was charged on June 2, according to the Federal Bureau of Investigation.

The Massachusetts man also faces charges in California that he hacked Zendesk, a San Francisco company that provides help-desk support to numerous companies, including Twitter (see: Hacker Charged in Twitter Support Hack).

Case Details

Between May 2011 and May 2013, Lacroix obtained payment card data for more than 14,000 account holders, authorities say. For some of these accountholders, Lacroix also obtained other personally identifiable information, including names, addresses, dates of birth, Social Security numbers, e-mail addresses, bank account and routing numbers, and lists of merchandise ordered.

In addition, Lacroix admitted to hacking into a computer server operated by a local Massachusetts police department in September 2012, and then accessing the e-mail account of its police chief. He also admitted to repeatedly hacking into law enforcement computer servers across the country that contained sensitive information, including police reports, arrest warrants and sex offender information, between August and November 2012.

The Massachusetts man also acknowledged he used stolen credentials to access and change information, including his grades, in the servers of Bristol Community College, Fall River, Mass., where he was a student, on multiple occasions between September 2012 and December 2013.

Twitter Support Hack

Lacroix allegedly hacked into Zendesk's website in February 2013 and disabled a security feature designed to limit who can view information pertaining to Zendesk's customers, according to the U.S. Attorney's Office for the Northern District of California, which charged Lacroix on July 2.

Prosecutors allege that Lacroix then exported approximately 1 million Twitter support tickets to computers outside of Zendesk's network and used that information to compromise and deface the Twitter feeds for two companies.

The attacks allegedly resulted in Zendesk and Twitter incurring combined losses of more than $200,000 in responding to the attacks, authorities say.

Lacroix has been charged with intentionally causing damage to a protected computer. If convicted, he faces a maximum sentence of 10 years in prison, a fine of $250,000, plus restitution.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.