A former Deakin IT student who stole data from teen gamers by tricking them into downloading infected software had been down on his luck romantically and turned to hacking as an “intellectual challenge”.
Thomas Hoogstra, 26, pleaded guilty in Geelong Magistrates Court on Monday to hacking-related offences.
Australian Federal Police said Hoogstra downloaded a remote access trojan (RAT) software, which allowed an attacker to silently monitor and control an infected computer.
This includes access to the webcam, microphone, usernames and passwords, as well as full administrative control of the hacked machine.
Thomas Hoogstra leaves Geelong Magistrates Court. Picture: Brad Fleet
The court was told Hoogstra built computer game modifications for a number of online games and embedded a RAT in those modifications.
Police said users downloaded the modifications without knowing that their computers had been affected.
“Once the RAT was installed on a victim’s computer, the user’s restricted data, including their online credentials and passwords, geolocation data, and files were sent to an online server,” prosecutors said.
Between August 2017 and April 2018, a number of victims’ computers had fallen victim to the malicious software, and as a result their personal restricted data was sent to a server. The court was told one of the victims was 14 at the time.
Another victim, who was 19 at the time of the offence, had 306 key log files and geolocation data, as well as usernames and passwords, sent and stored to an IP server.
Thomas Hoogstra leaves Geelong Magistrates Court. Picture: Brad Fleet
In a victim impact statement read out to the court, the victim said the violation of his privacy had a severe impact on his mental health.
“The invasion of my personal space and private documents has left me feeling vulnerable and emotionally distressed,” the victim said.
“I find it difficult to trust online platforms with personal information and feel unsafe not knowing what information, which was private, could now be public without my consent,” he said.
Hoogstra’s lawyer said none of the information that had been stolen from the victims was in the public domain.
“He could have gone a lot further. He could have changed passwords or corrupted files, or installed malicious programs designed to damage. He did not do those things, nor did he use that data to commit further offences such as identify fraud,” his lawyer said.
“His motive was really an intellectual challenge. At the time of the offending, he was a shy, self-conscious young man.
“He had yet engaged in any romantic relationship and he sought refuge and I suppose some stimulation online and that is where his attention was focused,” he said.
Magistrate Timothy Bourke sentenced Hoogstra to a good behaviour bond for three years. No conviction was recorded.