His name is Kevin, he is 27 years old and he is a computer genius. But his multiple recidivism earned him the FBI’s attention. He was tried in Belgium and sentenced to 3 years in prison.
Kevin D., a gifted computer kid
That’s exactly what he is. Kevin hacks for fun. He hacks to make small profits, kid’s profits that allow him to have fun and maybe also to shine in the eyes of his friends.
At 12 years old, Kevin hacks the reservation system of the Utopolis cinema. The goal? To make the system believe that all the seats in the theater are reserved and to be able to watch a movie for free with a friend. Nothing really bad but it will remain a passion that Kevin will not be able to get rid of.
He will therefore be convicted several times for similar acts against Mobistar, SN Brussels Airlines, Lufthansa… because the young man does not even bother to hide his tracks. He operates from his home computer or even his work computer.
Until the fateful days of August 7 to 12, 2017, when the young hacker, then 22 years old makes no less than 21 fraudulent reservations of airline tickets on the system of American Airlines for a loss estimated at more than $ 200,000. He also stole personal data about the company’s customers, employees and internal procedures about American Airlines and the airports where the company operates.
It is important to note that Kevin did not use any of these tickets and offered 2 of them to strangers on the internet in the hope of making friends with them.
Arrest, trial and conviction of Kevin D., Belgian hacker
Identified by the FBI, the American Airlines company asked for an extradition which will be transmitted to all European countries without Kevin’s parents being aware of it. Indeed, the national authorities usually warn people before answering these requests.
In October 2021, Kevin’s father paid for him to fly to Milan to attend a soccer game. Kevin is arrested when he gets off the plane by the Italian authorities who respond favorably to the request of the FBI of the United States of America.
A legal drama followed. Belgium, defending Kevin, firmly opposes this extradition procedure and claims its national to be able to judge him on Belgian soil. Indeed, in the United States, Kevin faces a prison sentence ranging from 22 to 45 years. Kevin will stay 10 months in an Italian prison and will lose 25 kilos. His father, gnawed by the worries caused by this situation and worrying to an extent that is hard to imagine, died of a heart attack while his son was in prison.
Kevin was therefore judged by a court in Belgium to be sentenced to 3 years in prison for these offences. They will now try to have the extradition cancelled on the basis of European law, which stipulates that the same person cannot be tried twice for the same facts.
If we consider this case, companies with such “security holes” have a good reason to ask for extradition as well as convictions without the real responsible parties (incompetent system administrators, subcontracted software development companies having insufficiently secured their systems…) being worried.
It is more than time that mentalities change. Recently, a hacker (still Belgian, what a coincidence) who broke into Elon Musk’s Starlink system received a 12 000 dollars reward for having found a flaw…