Courvoisier was specialized in phishing attacks and he did it on a number of companies including Uber, JustEat and more until he was arrested and sentenced on the 25th of May, 2018.
A listing from Courvoisier on Alphabay
He amassed a fortune but he never paid anything using his own money. He used his victims' air miles, fuel points and credit card details to fund gambling sprees in Las Vegas, run his £40,000 black Audi A5 coupé, and splurge on luxury household goods.
How they caught a hacker who used an unbreakable encryption on his computer?
Undercover detectives had to follow him onto a train from North Wales to London in September last year. One covert officer sat in a first class carriage next to West, watching him log into his laptop and get onto the dark web to access his passwords and account. Meanwhile, a second team of police sat in a carriage behind waiting to arrest him.
Courvoisier sat stunned as police snatched his computer while he was still logged on before he could encrypt his operations. It was the first time in the UK a cybercriminal has been arrested with his fingers on the keyboard.
Today, the Southwark Crown Court in the U.K has ruled that the 27 year old resident of Kent, accused of hacking corporate companies and selling customer’s financial data on the dark web, compensate victims of his scams with $1.1 million USD in confiscated funds made from his illegal activities. But there's a problem with that. The confiscated bitcoin, which was worth more than $2 million two years ago when the crimes were committed, is now worth half that.
This case sets a precedent concerning Bitcoin in British law. Earlier this week, a UK High Court ruled that Bitcoin now be considered property, a law which will now enable victims of online scams pursue compensation.
The Bitcoins were confiscated under the Proceeds of Crime Act and in case Courvoisier refused the confiscation order, he would serve a further four years in jail.
A statement from MPC says:
The confiscation of the cryptocurrency, which West did not contest, follows a lengthy police investigation, codename ‘Operation Draba’, into the criminal activities of West, who was operating on the Dark Web under the moniker of Courvoisier. The cryptocurrency will now be sold, and the victims will receive compensation for the damage caused by the organised criminality committed by West
Courvoisier File Image.
Grant West (Courvoisier) started email Phishing scams to access customer financial data some of which he then sold for Bitcoin on Alphabay and other forums from 2015 until his arrest.
Led by the Cyber Crime Unit of the Metropolitan Police Service, authorities conducted a two year investigation into West code-named “Operation Draba” during which they discovered that the accused had targeted companies and managed to successfully steal data and in some cases funds from about 17 of them including T. Mobile, Uber, Barclays, British Airways, Sainsbury's, The British Cardiovascular Society, the Finnish Bitcoin Exchange, food delivery service Just Eat and many others.
An interesting detail is that he is also said to have sold instruction manuals to other online scammers on the dark web and he ran a cannabis farm in rented storage containers near his static caravan in the Isle of Sheppey, Kent.
During West’s arrest in 2017, Police confiscated an SD card from his home containing almost 78 million individual usernames, passwords and 63,000 credit and debit card details as well as almost 1.6 million Euros he had racked up in several accounts and crypto-currency wallets; a figure which has since reduced in value to the current 922,978 euros calculated at rate of 8,500 euros per Bitcoin.
A successful phishing email from Courvoisier.
They also seized a laptop he used in his phishing hits, which belonged to his then girlfriend, Rachel Brookes (27). Police say it contained the personal financial information of over 100,000 people in a file saved as "Fullz".
Courvoisier's girlfriend, Rachael Brookes
Judge Michael Gledhill who presided over West’s case and handed down his sentence back in 2018 cautioned the public stating:
This case should be a wake-up call to customers, companies and the computer industry to the very real threat of cybercrime.
Head of MPCCU, Detective Chief Inspector Kirsty Goldsmith addressed the media assuring the public that the cryptocurrency will be sold and the proceeds funneled into compensating victims of West’s crime. He added that:
The MPS is committed to ensuring that individuals who are committing criminality on the Dark Web are identified, prosecuted, and their criminal assets seized.
A Statement from Metropolitan Police Service (MPS):
West was responsible for attacks on more than 100 companies worldwide. He predominately used ‘phishing’ email scams to obtain the financial data of tens of thousands of customers. West would then sell this personal data in different market places on the dark web. He would then convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts.
Courvoisier has been accused to have conducted phishing scams on the websites of 17 major companies including Uber, Sainsbury’s, Nectar, Groupon, T Mobile, AO.com, Argos, the Finnish Bitcoin exchange, the British Cardiovascular Society, Truly Experiences Ltd, and M R Porter.
On the 25th of May, Grant West (Courvoisier) admitted 10 offences including computer hacking, conspiracy to defraud, possession of cannabis with intent to supply, possession of criminal property and money laundering Bitcoins and was sentenced to 10 years and eight months and jailed at the Southwark Crown Court on two counts of possession of criminal property and conspiracy to defraud.
He has since then served a year and 3 months of his sentence.His girlfriend was handed a two-year community order after she pleaded guilty mid-way through her trial to unauthorised use of computer material.