National Crime Agency
Hacker from Russian crime group jailed for multi-million pound global blackmail conspiracy
A top level cyber criminal who targeted hundreds of millions of computers with locking ransomware has been jailed for six years and five months after a National Crime Agency investigation.
Zain Qaiser, 24, of Barking in Essex, was a member of an international, Russian-speaking organised crime group that made massive profits from victims in more than 20 countries.
The investigation identified that Qaiser received more than £700,000 through his financial accounts for his role in this global campaign of malware and blackmail. However, the total is likely to have been very much higher.
Qaiser spent the proceeds of his criminal activity on stays in high-end hotels, prostitutes, gambling, drugs and luxury items including a £5,000 Rolex watch.
In just one 10-month period, he spent £68,000 on gambling in a London casino, despite being unemployed and living with his family.
He bought masses of advertising traffic from pornographic websites, using the online name K!NG, on behalf of the crime group, using fraudulent identities and bogus companies to pose as legitimate online advertising agencies in a process of social engineering. Once advertising space was secured, the crime group would host and post advertisements laced with malicious software, known as malware.
When users clicked on the ads they were redirected to another website, hosting highly-sophisticated malware strains including the infamous Angler Exploit Kit (AEK) – believed to have been created, managed and marketed by one of Qaiser’s Russian-speaking associates. Users with any vulnerabilities would subsequently be infected with a malicious payload.
One of those malicious payloads was a piece of software called Reveton – a type of malware that would lock a user’s browser. Once locked, the infected device would display a message purporting to be from a law enforcement or a government agency, which claimed an offence had been committed and the victim had to pay a fine of anything between $300-$1,000 in order to unlock their device.
The campaign infected millions of computers worldwide across multiple jurisdictions.
Ransom demands were made by Qaiser through a complex process of virtual and crypto-currency money laundering. Blackmailed victims would be directed to pay the ransom demand using a prescribed virtual currency, which would then be laundered using a variety of methods and an international network of illegitimate financial service providers.
For example, one of Qaiser’s international accomplices in the US transferred ransom payments onto pre-loaded credit cards in fraudulent identities, withdrew that cash at locations throughout the US, converted it into crypto-currency, and transferred it to Qaiser.
Some online advertising agencies that sold Qaiser the advertising traffic realised what he was doing and tried to stop him. He responded by blackmailing them and their businesses, hitting at least two agencies with DDoS attacks (distributed denial of service). Qaiser told one company director: “I’ll first kill your server, then send child porn spam abuses.” These attacks resulted in the companies losing at least £500,000 through lost revenue and mitigation costs.
Qaiser, a computer science student, was hugely useful to the crime group. Using his command of the English language and knowledge of the online advertising industry, in conjunction with basic social engineering techniques, he could convince advertising agencies he was a legitimate customer.
He employed a variety of bogus companies and fake identity documents, such as passports procured from his online criminal associates, to persistently acquire new internet traffic and advertising space to conduct his criminal activities.
Qaiser’s offending is thought to have started in at least September 2012 and lasted until he was remanded in custody in December 2018.
He was first arrested in July 2014 and was charged in February 2017.
NCA investigators later identified a series of financial accounts linked to Qaiser, including an overseas crypto-currency account. Cumulatively, these accounts received in excess of £100,000, despite him having no job and declaring no earnings. Qaiser was subsequently arrested in December 2018 on suspicion of money laundering, whilst on bail for the previous offences.
Qaiser admitted 11 offences, including blackmail, fraud, money laundering and computer misuse, and was jailed at Kingston Crown Court.
Nigel Leary, NCA Senior Investigating Officer, said:
“This was one of the most sophisticated, serious and organised cyber crime groups the National Crime Agency has ever investigated.
“The group owned and operated the Angler Exploit Kit – one of the most successful and closely guarded pieces of malicious software ever developed by the cyber crime community.
“Zain Qaiser was an integral part of this organised crime group generating millions of pounds in ransom payments by blackmailing countless victims and threatening them with bogus police investigations.
“In addition, when Qaiser’s criminal enterprise was frustrated by diligent members of the online advertising community, he retaliated causing misery and hundreds of thousands of pounds in financial losses.
“This was an extremely long-running, complex cyber-crime investigation in which we worked with partners in the US, Canada, Europe and the Crown Prosecution Service. The FBI and the US Secret Service have both arrested people in relation to this global malware campaign.
“The investigation demonstrates that cyber-criminals cannot operate from behind a veil of anonymity, and that the NCA has the tenacity and specialist skills to catch them and bring them to justice. The international law enforcement community will continue to work together to counter the threat of borderless cyber-crime.”
Latest News from
National Crime Agency
Pensioner had more than 50,000 child abuse images11/10/2019 11:33:00
A pensioner has been given a suspended sentence after making more than 50,000 child abuse images.
Thirteen men charged over UK's biggest ever drugs racket10/10/2019 16:15:00
Suspected members of an international organised crime group – arrested as part of a National Crime Agency investigation into the importation of cocaine, heroin and cannabis worth billions of pounds – have been charged with conspiracies to import class A and B drugs.
Man charged as part of NCA human trafficking investigation10/10/2019 13:28:00
A man arrested in Bristol on Tuesday as part of a National Crime Agency investigation into human trafficking has been charged.
Alleged trafficking network ringleader held in Bristol as part of NCA investigation10/10/2019 11:15:00
A man and woman from Bristol have been arrested as part of a National Crime Agency investigation into the trafficking of Slovakian nationals into the UK for labour exploitation.
Nineteen arrested over UK’s biggest ever drugs racket09/10/2019 16:15:00
Suspected members of an international organised crime group responsible for importing in excess of 50 tonnes of drugs worth billions of pounds into the UK from the Netherlands have been arrested, as part of a National Crime Agency investigation.
Four men arrested in joint UK/French investigation into people smuggling attempt that left woman dead09/10/2019 11:15:00
Four men have been arrested as part of an ongoing investigation into an attempt to smuggle migrants into the UK which resulted in the death of an Iranian woman.
Chinese national used false identities to source hundreds of properties for organised crime08/10/2019 17:15:00
A Chinese national who was responsible for operating a network of properties used by organised crime groups for prostitution or cannabis farms has pleaded guilty to 22 fraud, false ID and money laundering offences.
Man admits paying two women to sexually abuse children online08/10/2019 16:20:00
An automotive engineer has admitted paying two women to sexually abuse children online, after a National Crime Agency investigation.