A Sydney “computer nerd” has avoided jail time for a sophisticated bootlegging scheme that provided people with cheap access to Netflix, Spotify, Hulu and other streaming services using large troves of stolen login details.
Evan McMahon, 23, received a discounted sentence of two years and two months to be served under an intensive corrections order in the community, with NSW District Court judge John Pickering urging the man to use his valuable technical skills to achieve great things for society.
Evan McMahon, 23, pleaded guilty to two offences over his online bootlegging scheme. Credit:Linkedin
McMahon, from Sydney’s northern beaches, made about $680,000 from the pirate subscription services, winnings that have gone on to generate an unexpectedly large windfall for authorities. Cryptocurrency held by McMahon was worth $460,000 when it was transferred to Australian Federal Police control in June 2020 but, thanks to a boom in the digital assets, grew to over $1.3 million.
McMahon, a graduate of Mosman High School, worked as a web developer at Finder.com.au until his arrest in March 2019.
Across four account generator platforms he established between 2015 and 2019, McMahon had at least 152,863 registered users and provided at least 85,925 subscriptions that gave access to a range of streaming services using stolen or leaked login credentials.
McMahon used a process called “credential stuffing” to conduct large-scale, automated tests of the login details to check if they were current. Throughout the administration of his scheme, McMahon used false identities with various accounts and services to cover his tracks.
Users paid fees as little as $US10.97 for “lifetime access” to a number of streaming services, a fraction of the legitimate prices charged by the subscription services. The fee revenue was channelled through a large number of PayPal accounts, some of which McMahon verified using fake NSW driver licences and Australian passports.
Following a tip-off from the US Federal Bureau of Investigation, the AFP launched an investigation and arrested McMahon in March 2019 and searched his Dee Why home, seizing a computer and cryptocurrency.
AFP cybercrime operations commander Chris Goldsmid said the operation relied upon hacked credentials of millions of people worldwide.
“The harvesting and selling of personal details online was not a ‘victimless crime’ – these were the personal details of everyday people being used for someone’s greed,” Commander Goldsmid said.
In his sentencing remarks on Friday, Judge Pickering said McMahon’s conduct was equivalent to selling pirated DVDs on the street and allowed “greedy” people to access services without paying the full price.
He said an unusual element of the case was figuring out the scale of financial harm caused by the offending, because it was impossible to know how many people using McMahon’s platforms would otherwise subscribe legitimately.
“Undoubtedly, some would have. In those cases, Netflix was clearly losing a potential customer,” he said.
He warned that content providers like Netflix needed revenue because they invested, took risks and created jobs and the sector would “fall apart” if everyone stole the product.
McMahon pleaded guilty to a copyright offence and dealing with the proceeds of crime and Judge Pickering praised the man’s remorse and conduct since being caught.
Judge Pickering said McMahon was not motivated by greed or criminality but rather an obsession with the technical challenge of pulling off his sophisticated scheme.
This was consistent, the judge said, with the autism spectrum disorder that psychologists had observed in McMahon, noting the effect of the condition on the ability of the self-described “computer nerd” to maintain social connections and appreciate the consequences of his actions.
“This was almost like a game,” Judge Pickering said.
He said McMahon had a form of intelligence that could be used for good and, addressing the offender directly, wished him well.
McMahon will have to perform 200 hours of community service and any offending during the term of the intensive corrections order will result in immediate imprisonment.
People can protect their accounts from breaches by using long and difficult to guess passwords and employing different passwords across accounts. Password manager software can help. People can check if their data has been compromised using websites like Have I Been Pwned?.
Start your day informed
Our Morning Edition newsletter is a curated guide to the most important and interesting stories, analysis and insights. Sign up to The Sydney Morning Herald’s newsletter here, The Age’s here, Brisbane Times’ here, and WAtoday’s here.
Most Viewed in National
From our partners
Source: Read Full Article