Alleged Just Eat hackers back in court

A woman has appeared in a London court facing charges for her alleged role in a major hacking operation targeting the customers of numerous high-profile websites—including Uber, Sainsbury and Just Eat—whose payment details were stolen and sold on the dark web.

Rachael Brookes, 26, is facing a single charge of conspiracy to defraud at Southwark Crown Court, specifically related to a phishing scam targeting Just Eat customers.

However Brookes’s boyfriend, 25-year-old Grant West, admitted 10 mainly fraud-related charges at trial in December after apparently presiding over a wide-ranging operation. West launched brute force attacks using Sentry MBA on 17 websites, including high street shops and bookmakers, as well as the Finnish Bitcoin Exchange.

West attacked all of Asda, Ladbrokes, Coral, Argos, T-Mobile, Nectar and Groupon, stealing the personal information of hundreds of thousands of customers. Kent Online reported that West touted the personal details—known as “Fullz”, meaning “full credentials”—online and converted payments into bitcoin to avoid detection.

He also admitted selling cannabis, and conducted much of his business with bitcoin, Metro reported. DeepDotWeb says Grant used the name “Courvoisier” for transactions on the AlphaBay Market, before it was closed in July 2017.

West admitted two counts of conspiracy to defraud, one charge of computer hacking, four charges relating to the possession and supply of cannabis, two counts of possessing criminal property and one count of money laundering bitcoins.

Brookes’s trial, which continues, focuses on her alleged role in a phishing scam in 2015 targeting the online food delivery service Just Eat. The couple is alleged to have sent bogus surveys to Just Eat customers promising a £10 reward to people providing confidential information.

“Many of these emails were crafted to look like they were made by Just Eat and had offers of a cash reward,” prosecutor Kevin Barry said at the trial. “The customers were asked to complete a survey, but the emails were never sent back to Just Eat. They went to the fraudsters. This data was then used to get more information about the Just Eat customers.”

Just Eat is reported to have paid out more than £200,000 in mitigation costs, though a spokesman said in December: “At no point were Just Eat systems compromised or breached.”