Prolific London-Based Ransomware Blackmailer Jailed

Police have jailed a London man described by authorities as an unrepentant cyber-criminal whose malicious advertising network extorted money from the users of millions of infected computers.

Zain Qaiser of Barking, London, 24, is the most prolific cyber-criminal yet to be sentenced in the UK, Kingston Crown Court heard.

“The harm caused by your offending was extensive – so extensive that there does not appear to be a reported case involving anything comparable,” said Judge Timothy Lamb QC in sentencing him.

Lamb noted that Qaiser had spent large sums of ill-gotten gains on casinos, a £5,000 Rolex watch and luxury hotel services, and added: “It has been asserted on your behalf you are remorseful. I have seen no outward expression of that.”

Spending spree

In one 10-month period alone, Qaiser was found to have spent £68,000 on gambling in a London casino, whilst living as an unemployed student in the Barking family home.

The network launched by Qaiser is thought to have made more than £4 million in ransomware payments, of which only about £700,000 in profits has currently been traced.

Qaiser is thought to have launched his hacking activities as far back as September 2012, when he was ony 17 years old, and they ceased only when he was remanded in custody in December 2018 – continuing even whilst he was on bail, after having initially been arrested in 2014.

In February of last year, when Qaiser was sanctioned under the Mental Health Act and detained Goodmayes Hospital in north London, investigators found that he used the hospital Wi-Fi to access the online advertising accounts he used for offending.

Russian crime group

Qaiser worked with the Russian-speaking “sophisticated organised crime group” behind the notorious Angler Exploit Kit, which he implanted in his online adverts along with other malware, police said.

As an English-speaker he was valuable to the group in convincing advertising networks he represented a legitimate company.

Through false identities and front companies, Qaiser was successful in purchasing large amounts of advertising traffic from legal pornographic websites, with users who clicked on his malicious adverts being targeted for malware.

Qaiser typically used ransomware such as Reveton to block access to users’ systems and demand a payment of up to $1,000 (£760) to unlock them.

The ransomware’s lock screen posed as a notice from the FBI or other law enforcement agency local to the system targeted, police said, and this, combined with embarassment, caused users to pay the “fine” without attempting to contact police.

People in more than 20 countries were affected by the campaign.

Qaiser’s network of contacts then laundered the funds through complex networks of virtual and standard currencies and transferred the profits to him.

Qaiser’s activities were finally reported to police by the online advertising agencies he bought traffic from, and whom he carried out distributed denial-of-service attacks when they attempted to cut off his access.

Jail

Nigel Leary, senior investigating officer at the National Crime Agency, said the NCA worked with authorities in the US, Canada and Europe in the resulting investigation.

He said the FBI and the US Secret Service have both arrested people in relation to the campaign.

“This was no amateur operation,” said Russell Tyner of the Crown Prosecution Service Organised Crime Division. “Zain Qaiser is a member of a prolific and technically sophisticated international criminal organisation that has terrorised internet users throughout the world.

“While he enjoyed an extravagant lifestyle on the proceeds, Qaiser subjected his victims to a prolonged and relentless campaign of blackmail, which caused them significant financial and emotional harm.”

Qaiser admitted to 11 offences, including blackmail, fraud, money laundering and computer misuse, and has been jailed for six years and five months.

Earlier this year thee NCA jailed Daniel Kaye, a British man who admitted to having inadvertently knocked Liberia’s entire internet network offline after attacking a phone company in 2016.