A Londoner named Zain Qaiser has been jailed for blackmailing porn users worldwide.
His jail sentence of six years and five months is a major success for the National Crime Agency and the court heard he is the most prolific cyber criminal to be sentenced in the UK.
Investigators have discovered about £700,000 of his profits – but his network may have made more than £4m.
Working from his bedroom at his family home in Barking, Qaiser began to make money through “ransomware” attacks when he was only 17 years old.
This is a form of attack in which a computer is hijacked (and often the files are encrypted) and frozen by downloaded software until the user pays a fee for its release.
Qaiser contacted the Russian controller of one of the most potent attack tools and agreed a split of his profits.
Over 18 months, the teenager posed as a legitimate supplier of online promotions and booked advertising space on some of the world’s most popular legal pornography websites. But each of the adverts that was promoted on the websites contained a malicious tool called the “Angler”.
Any visitor to the adult site who clicked on one of Qaiser’s fake adverts would trigger the download to their own computer of the attack kit.
The software would search for vulnerabilities and If the home computer was not protected with up-to-date anti-virus software, would deliver the ransomware that seized control of the device.
The ransomware then splashes a full screen message to the user, claiming to be from the FBI or Metropolitan Police or other law enforcement agency, accusing the user of breaking the law – warning them they faced up to three years unless they paid a fine of hundreds of dollars immediately in Bitcoin.
It was calculated that one of the fake adverts appeared on 21 million web browsers every month.
Quaiser spent almost £5,000 on a Rolex watch and £2,000 on a stay in a Chelsea hotel. He regularly spent money on prostitutes, drugs and gambling, including almost £70,000 in a casino.
When a Canadian company selling advertising space asked Qaiser to stop, he launched a massive cyber attack against it, causing hundreds of thousands of pounds worth of damage to the business.
Qaiser initially denied the crimes and claimed he had been hacked, before pleading guilty to 11 charges – including blackmail, fraud, computer offences and possessing criminal property.
If you have any experiences with scammers, spammers or time-waster do let me know, by email.