Hacker behind £500k online blackmail campaign jailed

|News, International and organised crime , Fraud and economic crime , Cyber / online crime

A prolific cyber-criminal who made more than £500,000 by infecting victims’ computers with ‘ransomware’ in an internet blackmail campaign has today (9 April) been jailed for six years and five months.

Zain Qaiser
Zain Qaiser

Zain Qaiser, 24, was a member of a sophisticated organised crime group that targeted visitors to pornographic websites with malicious browser-locking software.

After clicking on the hacker’s pop-up adverts, victims were threatened with criminal prosecution and told their devices would remain locked unless they paid a ‘fine’ of hundreds of US dollars.

Millions of computers were targeted with the messages purporting to be from a government agency or police department in their home countries between 2012 and 2014. Despite not having committed a crime, many victims paid up out of embarrassment.

Qaiser also blackmailed advertising companies who took exception to his methods, telling one director “I’ll first kill your server, then send child porn spam abuses” if they refused to allow his pop-ups on the porn sites.

Where they did not comply, Qaiser made good on his threats, subjecting firms to ‘Distributed Denial of Service’ attacks which shut down their systems and cost them thousands of pounds in lost business.

The former City University student worked with top-level cyber criminals based in Eastern Europe, who made huge profits from the distribution of ransomware. 

Russell Tyner, of the CPS Organised Crime Division, said: “This was no amateur operation. Zain Qaiser is a member of a prolific and technically sophisticated international criminal organisation that has terrorised internet users throughout the world.

“While he enjoyed an extravagant lifestyle on the proceeds, Qaiser subjected his victims to a prolonged and relentless campaign of blackmail, which caused them significant financial and emotional harm.”

As well as blackmail and hacking, Qaiser pleaded guilty at Kingston Crown Court to fraud by false representation after using a series of false identities to commit his crimes.

The CPS intends to pursue confiscation proceedings under the Proceeds of Crime Act against Qaiser, who also admitted receiving £115,839 in criminal money while on bail for these offences.

Building the case

A search of Qaiser’s computer after he was arrested in July 2014 found more than 3,000 online chat logs, many under the alias K!NG he used to menace his victims.

The CPS says the defendant’s lifestyle was another giveaway that he was involved in large-scale criminality. Despite being a student with no apparent source of income, he visited prostitutes, gambled nearly £70,000 with his Asper’s casino account and purchased a £4,900 Rolex watch.

Examination of Qaiser’s various accounts showed he received more than £500,000 between September 2012 and the date of his arrest - much of it through online money transfer services. The total amount he was paid is likely to have been far higher, even before the illegal money he received on bail is counted.

Mr Tyner said: “The CPS worked closely with the NCA and colleagues in Canada, the USA and Europe to build such an overwhelming case against Qaiser he eventually concluded he would not fight it at trial. Many cyber-criminals believe they are too clever to be caught by the law but this conviction demonstrates we have the expertise to bring these offenders to justice.”

The ransomware
An example of Qaiser's ransom messages

 

Notes to editors

  • Zain Qaiser (DOB: 20/09/1994), from Barking, pleaded guilty to four counts of unauthorised acts with intent to impair the operation of a computer, three counts of blackmail, three counts of fraud by false representation and one count of possessing criminal property. He was sentenced to 77 months and one day
  • Russell Tyner is a Specialist Prosecutor in the CPS International Justice and Organised Crime Division

Further reading