LONDON – The United Kingdom’s National Crime Agency (NCA) announced yesterday that “top level cyber criminal” Zain Qaiser has been sentenced to serve six years and five months in prison for “his role in a global campaign of malware and blackmail.”

“This was one of the most sophisticated, serious and organised cyber crime groups the National Crime Agency has ever investigated,” said Nigel Leary, a senior investigating office with the NCA. “The group owned and operated the Angler Exploit Kit – one of the most successful and closely guarded pieces of malicious software ever developed by the cyber crime community.”

Qaiser reportedly received over £700,000 (a little over $91600.00 USD) while working with “an international, Russian-speaking organised crime group that made massive profits from victims in more than 20 countries.”

According to the NCA, Qaiser “bought masses of advertising traffic from pornographic websites, using the online name K!NG, on behalf of the crime group, using fraudulent identities and bogus companies to pose as legitimate online advertising agencies in a process of social engineering.”

“Once advertising space was secured, the crime group would host and post advertisements laced with malicious software, known as malware,” the NCA added in its statement.

While many headlines related to the case refer to Qaiser as a “hacker,” from the NCA’s description, it sounds more like he worked on behalf of hackers, while his own actions involved little more than purchasing ads and then directing the resulting traffic to websites which contained malware authored by other members of the cybercrime syndicate.

“When users clicked on the ads they were redirected to another website, hosting highly-sophisticated malware strains including the infamous Angler Exploit Kit (AEK) – believed to have been created, managed and marketed by one of Qaiser’s Russian-speaking associates,” the NCA said in its statement.

“Users with any vulnerabilities would subsequently be infected with a malicious payload.”

Infecting users’ computers with malware was just the start of the extortionate scheme. The next step was to contact the users and demand ransom payments.

“Ransom demands were made by Qaiser through a complex process of virtual and crypto-currency money laundering,” the NCA said. “Blackmailed victims would be directed to pay the ransom demand using a prescribed virtual currency, which would then be laundered using a variety of methods and an international network of illegitimate financial service providers.”

While it’s not clear what sort of “hacking” Qaiser may have engaged in, if any, his skill set clearly was of value to the cybercrime syndicate with which he worked.

“Qaiser, a computer science student, was hugely useful to the crime group,” the NCA said in its report. “Using his command of the English language and knowledge of the online advertising industry, in conjunction with basic social engineering techniques, he could convince advertising agencies he was a legitimate customer.”

Some of the advertising networks from which Qaiser purchased advertising were also victims of his extortion, according to the NCA.

“Some online advertising agencies that sold Qaiser the advertising traffic realised what he was doing and tried to stop him,” the NCA said in its statement. “He responded by blackmailing them and their businesses, hitting at least two agencies with DDoS attacks. Qaiser told one company director: ‘I’ll first kill your server, then send child porn spam abuses.’ These attacks resulted in the companies losing at least £500,000 through lost revenue and mitigation costs.”

In its statement, the NCA also detailed some of the items Qaiser on which spent his ill-gotten gains.

“Qaiser spent the proceeds of his criminal activity on stays in high-end hotels, prostitutes, gambling, drugs and luxury items including a £5,000 Rolex watch,” the NCA said. “In just one 10-month period, he spent £68,000 on gambling in a London casino, despite being unemployed and living with his family.”

Qaiser was first arrested in 2014 and was charged in 2017.

Lock screen image via National Crime Agency statement