A man who bombarded Sussex Police’s contact centre with 3,000 emails in just six hours has been sentenced to ten months in jail, suspended for 18 months.
Kyoji Mochizuki, 28, of Mansfield Road, Hove, appeared for sentencing at Lewes Crown Court on Friday (August 19) after pleading guilty at Hove Crown Court in July to four counts of unauthorised acts with intent to impair the operation of or prevent/hinder access to a computer, contrary to Section 3 of the Computer Misuse Act 1990.
The court heard how on October 26, 2014, Mochizuki – also known as Tariq Elmughrabi and Taz Rider – sent approximately 3,000 emails from various domains to the Sussex Police contact centre at 9.25am. It was to tie up the force’s email system for more than six hours.
During this time Sussex Police contact centre staff’s ability to respond to genuine emails was significantly impaired, and the non-urgent reporting mechanism for the public was hindered. It took staff a further 11 hours to restore the email inbox to full operation order.
Earlier that year, in February, an email was received from a sender purporting to be from a man working for a company called Uberex, threatening to attack Sussex Police services in revenge for the force seizing electronic property belonging to Mochizuki in connection with another case, for which he was on bail. Mochizuki was identified as being a director of that company.
On Monday, November 10, at 5.45am, more emails started to arrive in the public contact centre from a ‘hackerforhire’ domain with the subject line ‘Contact UBX Technology’, in a deliberate attempt to flood the system in what is known as a deliberate denial of service (DOS) attack.
On November 20, the Surrey and Sussex Cyber Crime Unit raided Mochizuki’s home address and seized a number of items including a computer a CTTV system that covered all rooms in his house, the entrance and the exterior. When interviewed he claimed to have carried out work for the FBI and the NCA (National Crime Agency). He stated that he worked for a company called Uberex as an ethical hacker and with the people whose names were used on the attacking emails. However, he was unable to put police in contact with them.
Detective Constable Paul Constable from the Surrey and Sussex Cyber Crime Unit said: “In addition to Sussex Police, Mochizuki launched an attack on Brighton and Hove City Council’s email system after he had been summonsed for failing to pay his tax. Their system effectively captured the 2,000 emails aimed at the council tax email inbox.
“An Essex-based insurance company insured a company called Xerosec, which made a claim in 2013 for £36.576.11 due to their computer system overheating after a hacker attack. They paid a sum of £10,000 in settlement to Kyoji Mochizuki of Mansfield Drive, Hove. The following year, the company claimed for equipment damaged in a power surge. The insurer asked to examine the equipment, but was told that was not possible and then received correspondence from the managing director of Xerosec complaining about their incompetence.
“The insurer sent a representative to visit the company where he met with a relative of the accused who stated she had no knowledge of the claim and had been appointed as MD without being consulted. The claim was subsequently refused and on November 6 three of the insurer’s email addresses, including that of the person dealing with the claim, were subject to a denial of service attack.”
Detective Inspector Andrew Haslam, also from the Cyber Crime Unit said: “The scale of Mochizuki’s activities and deceit is breath-taking. Behind each of the events mentioned in court lie a complex web of aliases, email addresses, false employees and considerable technological skill, sadly put to criminal use.
“His attacks on Sussex Police cost nearly £4000 in specialist time to resolve, but of far worse consequence was the significant amount of time lost by contact centre staff that should have been devoted to non-emergency callers and others making contact through email.
“However, I would stress that our 999 emergency operation was not affected by his attacks, nor our operational response effectiveness. The security of the emails from the public was not compromised in any way and there was no impact on any other force IT, email address, web or telephony systems.
“Since the attack, a significant amount of work has taken place to improve the resilience and security of all our IT systems, including emails.”
Mochizuki, who had been remanded in custody since breaching bail conditions in June last year, was released upon sentencing.