James Jeffery pleads guilty to hacking BPAS website and records
An anti-abortion activist with links to the Anonymous collective has been sentenced to 32 months in prison for hacking into the records and website of the British Pregnancy Advisory Service (BPAS) last month.
Although he acknowledged that James Jeffery had pleaded guilty at the earliest opportunity and that the hacker changed his mind about distributing the information he had accessed, Judge Michael Gledhill QC said while sentencing at Southwark Crown Court that he wanted to deter others tempted to commit similar hacking offences.
The Met Police arrested Jeffery last month after BPAS, which runs a number of abortion clinics and enquiries about contraception, abortion, pregnancy, STI testing and sterilisation, alerted them about the attack. It was said that no details about women who had received treatment had been accessed, but those who had requested information were at risk.
Jeffery had pleaded guilty to two charges, one of causing a computer to perform a function with intent to secure unauthorised access to a programme or data held in a computer – contrary to the Computer Misuse Act – and another of and making unauthorised access to a computer with the intent of impairing the operation of that computer.
He was sentenced to 16 months imprisonment for the first charge and 32 months for the second. Both sentences will run concurrently, meaning that Jeffery will spend two years and eight months in jail.
Judge Gledhill QC said that Jeffery’s strong views on abortion, confirmed in Twitter posts, interviews and the statement posted on the BPAS website, did not execuse his actions.
“Just as many people disagree with the view you held, many do agree,” he said. “However, those who find abortion repugnant do not use this as an excuse to justify deliberately committing criminal offences. That is exactly what you have done.”
“You stole the records of approximately 10,000 women,” he added. “You were proud of what you had done – you boasted about it on Twitter. You said that you intended to publish the personal details of these women – their names, addresses, telephone numbers and email addresses. You put the stolen data in what is known as Pastebin so that anyone could access it. You were able to prove that you could release this highly sensitive data, and would do it, by tweeting the name and log‐on details of one of the BPAS administrators. That act in itself gave anyone access to the BPAS data base.”
The judge accepted that the defendant had changed his mind about distributing the information by the time the police arrived, but by that time it was too late, although there was no evidence to suggest that anyone accessed the information.
Anonymous no more
Jeffery’s denial that he had links to Anonymous was also rejected. The hacker admitted that he knew of the collective, but denied that he was a member, despite having been in contact with its leader, Sabu, since February last year. Jeffery had claimed that the communications were about music, but Judge Gledhill said that he was trying to distance himself from the group. In contrast to this, during the actual hack, Jeffrey had posted an Anonymous logo on the BPAS website.
Judge Gledhill said that only time would tell what impact Jeffrey’s actions would have.
“The fear is that women will have no confidence that their personal details and records are secure and will stop using the service,” he said. “To the women themselves, great anxiety will already have been caused to those who have learned about this case, and no doubt further distress will be caused when others hear of your wrongdoing.”
What do you know about Internet security? Find out with our quiz!