Hacker Who Blackmailed Porn Website Users: One Of UK’s Most Serious Cybercrime Case

10/04/2019

There are hundreds of millions of active websites on the internet, if not billions. And among them, adult-related websites are those that deliver a huge chuck of traffic.

For this reason, there are practically many people who browse the web for porn. It's a fact that probably no one wants to expose to others.

Here, a hacker with the name Zain Qaiser, has blackmailed users of pornography websites in what investigators say is the UK’s most serious cybercrime case.

The National Crime Agency (NCA) worked with its partners in the US, Canada and Europe in this “extremely long-running, complex cyber-crime investigation,” with Nigel Leary, NCA's Senior Investigating Officer, calling Qaiser's case as "one of the most sophisticated, serious and organized cyber crime groups the National Crime Agency has ever investigated.”

Qaiser has been jailed for six years and five months for targeting millions of computers with malicious browser-locking software that demanded payment of up to $1,000 (£765) to unfreeze screens, Kingston crown court heard.

The hacker that is 24-year-old when the police caught him, worked with an international, Russian-speaking crime group, and has received more than £500,000 through the multimillion-pound global scam, which he spent on luxury hotel stays, gambling and a Rolex watch.

Zain Qaiser
Zain Qaiser when he was freed on bail until his trial back in February 2018

What Qaiser did, was buying advertising spaces on porn websites using 'K!NG' as his online name. He also disguised his real identity using fake identities and made-up companies.

From there, he uploaded malicious links to the ads. When the ads are clicked, they will expose the porn website visitors to a highly-sophisticated malware strains, including the 'Angler Exploit Kit (AEK)'.

After infecting users' system, one of the malware, called ‘reveton’ would lock users' web browser.

And once locked, the infected device would display a message pretending to be from law enforcement or a government agency, which claimed an offense had been committed and the victim had to pay a fine of between $300-$1,000 to unlock their device.

This particular message has hit millions of computers worldwide.

While the exact number of scammed victims is unknown, it is said that the criminal group Qaiser is working with, has collected millions of pounds from victims in more than 20 countries.

Qaiser was able to deliver his malicious schemes because advertisers were “happy to turn a blind eye” to his actions. But to those who tried to stop him, they “became the subject of the defendant’s anger”, as Qaiser blackmailed them and tried to flood their servers with DDoS (Distributed Denial of Service) attacks, putting those sites offline.

He also threatened to spam their sites with child pornography, the court heard.

The National Crime Agency (NCA) considers Qaiser's case as one of the most serious cybercrime investigated, because according to the judge, Timothy Lamb QC:

“The harm caused by your offending was extensive – so extensive that there does not appear to be a reported case involving anything comparable."

“Whatever your motivation for mounting these attacks on the internet you took the opportunity to spend large sums of ill-gotten money in casinos, on an expensive watch and luxury hotel services."

“All the constituent offences were part and parcel of your role as the self-styled ‘K!NG’ of the internet. It has been asserted on your behalf you are remorseful. I have seen no outward expression of that.”

In court, Qaiser that is a former computer science student, was said to have committed most of his crimes when he was between 18 to 19 years of age.

Qaiser was initially charged in February 2017, but a trial set for February 2018 was abandoned because he was sectioned under the Mental Health Act. Detained in Goodmayes hospital in London, he still used the hospital's Wi-Fi to access the sites he had his ads running, the court heard.

In December, he was arrested and accused of laundering about £120,000 while on bail. He was then charged and remanded in custody.

Qaise initially denied his crimes and claimed that he had been hacked.

But later, he admitted three counts of blackmail; three counts of fraud by false representation; four counts of doing an unauthorized acts with intent to impair the operation of a computer; and one count of possessing criminal property.