A British hacker racked up a prolific reputation – with law enforcement, at least – after orchestrating a Ransomware campaign deemed “so extensive that there does not appear to be a reported case involving anything comparable."
Zain Qaiser, of Barking, helped to distribute the ‘Angler’ exploit with the aid of its Russian co-developers. Zain would buy advertising space on… ‘adult’ websites, which redirected users to the malicious code if they were clicked on.
The code infected the victims’ operating system, freezing their computer and claiming it had been locked by law enforcement following ‘illegal activity’. Ingeniously, the software had both British and American variants depending on the user’s location, making the infection that little more believable.
Slightly less believable was the ransomware’s insistence that all illegal activities recorded by law enforcement would be stricken from the victim’s record following a hefty donation (internet police are completely absolved of bribery charges, apparently). Nonetheless, Zain amassed £700,000 in ransom money, with the National Crime Agency suspecting the operation’s true total in the region of £4million.
It was ultimately Zain’s own confidence that tipped the scales against him. Blowing the cash on such luxuries as Rolex watches, casinos and luxury hotels was hardly inconspicuous, but it was his own threats against the advertising networks that raised eyebrows. When ad networks grew wise to Zain’s deeds, he responded with Distributed Denial of Service attacks and threats to spam their servers with illegal material.
Imaginably, that got the law’s attention, and following a successful investigation Zain now faces charges of blackmail, fraud, money laundering and computer misuse.
The investigation and subsequent conviction have been quite the storied process. With the attacks first reported in 2012, Zain was arrested in 2014, sectioned under the mental health act in late 2017, subsequently had a planned court date of February 2018 delayed, and was remanded in custody until December of last year. In April of this year, he was finally convicted and sent down for 6 years.
The scale and ingenuity of this crime is testament to the ever-expanding methods of ransomware ab7users everywhere. By targeting a less-than-savoury market, threatening the victims and hiding within the innocuous realm of online advertising, this operation amassed an exceptional amount of wealth; further proof, if any were needed, that not everyone spots the tell-tale signs of extortion.