A top-level cyber-criminal from Barking who targeted hundreds of millions of computers with locking ransomware has been jailed for six years and five months, for what has been described as the UK’s most serious ever cybercrime.
24-year-old Zain Qaiser was a member of an international, Russian-speaking organised crime group that made massive profits from victims in more than 20 countries.
An investigation by the National Crime Agency identified Qaiser received more than £700,000 for his role, although the total is likely to have been very much higher.
He bought masses of advertising traffic from pornographic websites, using the online name K!NG, on behalf of the crime group, using fraudulent identities and bogus companies to pose as legitimate online advertising agencies in a process of social engineering.
Once advertising space was secured, the crime group would host and post advertisements laced with malicious software, known as malware.
When users clicked on the ads they were redirected to another website hosting highly-sophisticated malware which would infect their computer.
One of the malicious pieces software, known as Reveton, locked, the infected device would display a message purporting to be from a law enforcement or a government agency, which claimed an offence had been committed and the victim had to pay a fine of anything between $300-$1,000 in order to unlock their device.
The campaign infected millions of computers worldwide across multiple jurisdictions.
Ransom demands were made by Qaiser through a complex process of virtual and crypto-currency money laundering. Blackmailed victims would be directed to pay the ransom demand using a virtual currency, which would then be laundered using a variety of methods and an international network of illegitimate financial service providers.
In one example, one of Qaiser’s international accomplices in the US transferred ransom payments onto pre-loaded credit cards in fraudulent identities, withdrew that cash at locations throughout the US, converted it into crypto-currency, and transferred it to Qaiser.
Some online advertising agencies that sold Qaiser the advertising traffic realised what he was doing and tried to stop him but Qaiser responded by blackmailing them and their businesses.
Qaiser told one company director: “I’ll first kill your server, then send child porn spam abuses.” The attacks resulted in the companies losing at least £500,000 through lost revenue and mitigation costs.
He employed a variety of bogus companies and fake identity documents, such as passports procured from his online criminal associates, to persistently acquire new internet traffic and advertising space to conduct his criminal activities.
It’s thought Qaiser first started around September 2012 and continued until he was last remanded in custody in December last year.
He was first arrested in July 2014 and was charged in February 2017 and NCA investigators later identified a series of financial accounts linked to Qaiser, including an overseas crypto-currency account.
These accounts received in excess of £100,000, despite him having no job and declaring no earnings. Qaiser was subsequently arrested in December 2018 on suspicion of money laundering, whilst on bail for the previous offences.
Qaiser admitted 11 offences, including blackmail, fraud, money laundering, and computer misuse, and was jailed at Kingston Crown Court.
NCA Senior Investigating Officer, Nigel Leary said: “This was one of the most sophisticated, serious and organised cybercrime groups the National Crime Agency has ever investigated.
“The group owned and operated the Angler Exploit Kit – one of the most successful and closely guarded pieces of malicious software ever developed by the cybercrime community.
“Zain Qaiser was an integral part of this organised crime group generating millions of pounds in ransom payments by blackmailing countless victims and threatening them with bogus police investigations.
“In addition, when Qaiser’s criminal enterprise was frustrated by diligent members of the online advertising community, he retaliated causing misery and hundreds of thousands of pounds in financial losses.
“This was an extremely long-running, complex cyber-crime investigation in which we worked with partners in the US, Canada, Europe and the Crown Prosecution Service. The FBI and the US Secret Service have both arrested people in relation to this global malware campaign.
“The investigation demonstrates that cyber-criminals cannot operate from behind a veil of anonymity, and that the NCA has the tenacity and specialist skills to catch them and bring them to justice. The international law enforcement community will continue to work together to counter the threat of borderless cyber-crime.”
Qaiser spent the money he stole on stays in high-end hotels, prostitutes, gambling, drugs and luxury items including a £5,000 Rolex watch. In a 10-month period, he spent £68,000 on gambling in a London casino, despite being unemployed and living with his family.
Tags: Barking
