A student who made hundreds of thousands of pounds from blackmailing porn users with cyber attacks has been jailed.
Zain Qaiser, from Barking, London, used his programming skills to scam visitors to pornography sites around the world.
Investigators have discovered about £700,000 of his profits – but his network may have made more than £4m.
Qaiser, 24, was jailed for more than six years at Kingston Crown Court. The court heard he is the most prolific cyber criminal to be sentenced in the UK.
Judge Timothy Lamb QC said: “The harm caused by your offending was extensive – so extensive that there does not appear to be a reported case involving anything comparable.”
Initially working from his bedroom at his family home, Qaiser began to make money through “ransomware” attacks when he was only 17 years old. This is a form of attack in which a computer is hijacked and frozen by a small piece of software until the user pays a fee for its release.
Over 18 months, the teenager posed as a legitimate supplier of online promotions and booked advertising space on some of the world’s most popular legal pornography websites. But each of the adverts that was promoted on the websites contained a malicious tool called the “Angler”.
Subscribe to our newsletter and stay updated on the latest news and updates from around the Muslim world!
Any visitor to the adult site who clicked on one of Qaiser’s fake adverts would trigger the download to their own computer of the attack kit. If the home computer was not protected with up-to-date anti-virus software, the Angler would search for vulnerabilities and, if possible, deliver the “ransomware” that seized control of the machine.
It immediately splashed a full screen message to the user, purportedly from the FBI and other law enforcement agencies, accusing the user of breaking the law – warning them they faced up to three years unless they paid an immediate fine equivalent to roughly $200 or £100.
“Out of fear of embarrassment from friends or family members discovering they had accessed pornography, many users paid the ransom,” prosecutor Joel Smith told Kingston Crown Court. “For obvious reasons very few people complained to law enforcement officials.”
To make thing worse, the warning page claimed that police had captured webcam images of the user during their visit to the adult website – and gave a deadline for the payment to be made.
During his offending, Qaiser had no legal income – but he maintained a high-rolling lifestyle.
He spent almost £5,000 on a Rolex watch and £2,000 on a stay in a Chelsea hotel. He regularly spent money on prostitutes, drugs and gambling, including almost £70,000 in a casino in an upmarket shopping centre.
Qaiser initially denied the crimes and claimed he had been hacked, before pleading guilty to 11 charges – including blackmail, fraud, computer offences and possessing criminal property.
The ransomware offences were committed between 2012 and 2014.
