Kingston Crown Court has ordered a 25-year-old computer science student convicted of cyber crime offences in April 2019 to pay back £270,865.47 and sell assets including a Rolex wristwatch, or risk an extension to his sentence.
Zain Qaiser, of Barking, Essex, known online as K!NG, worked as a key node of a Russia-based cyber crime group that extracted huge profits from victims around the world.
“Zain Qaiser was an integral part of a highly sophisticated cyber crime group,” said Nigel Leary, operations head of the National Crime Agency’s (NCA’s) cyber crime unit. “He assisted the group in generating millions of pounds in ransom payments by blackmailing countless victims, from which he himself profited hugely.”
Qaiser used fake identities and companies to pose as legitimate online advertising agencies to buy advertising traffic on porn sites, which the group then used to plant ads containing malware – including the highly dangerous Angler exploit kit (AEK) – which directed users to another website, where they were infected with malicious payloads.
The payloads included Reveton, which locks browsers before displaying a message claiming to be from law enforcement, informing the victim that they have committed an offence and must pay a fine to unlock their device. The fines, in reality ransoms, range from $300 to $1,000 (£228 to £760 or €271 to €903).
Qaiser’s cut of the ransom money made its way back to him through a complicated virtual and cryptocurrency money-laundering process, directed through an international network of criminal financial service providers.
As an example, one member of the gang transferred money onto pre-loaded credit cards in fraudulent identities in the US, withdrew the money, converted it into cryptocurrency, and transferred it back to Qaiser.
During the investigation, the NCA said it unearthed a series of financial accounts liked to Qaiser, including a cryptocurrency wallet held overseas that, cumulatively, received funds of more than £100,000, even though, at the time, Qaiser was officially unemployed and declared no earnings for tax purposes.
It also emerged that when a few of the targeted ad agencies got wise to Qaiser’s activities and tried to cut him off, he responded by resorting to blackmail tactics, and employed distributed denial of service (DDoS) attacks against them, telling one director: “I’ll first kill your server, then send child porn spam abuses.” These companies lost at least £500,000 in lost sales and incident mitigation.
Qaiser, who was first arrested in 2014 and charged in 2017, admitted 11 offences, including blackmail, fraud, money laundering and computer misuse. He spent the proceeds of his crime spree on high-end hotel stays, drugs and prostitutes, in addition to a £5,000 Rolex timepiece. In one 10-month period, said the NCA, Qaiser also spent £68,000 on gambling in a London casino.
“Confiscation orders are a key tool in allowing us to pursue illegally-obtained assets and preventing convicted criminals from funding luxury lifestyles on their release,” said Leary.
“This was an extremely long-running and complex investigation, which proves that we will use all the tools at our disposal to ensure cyber criminals are brought to justice and cannot continue to benefit from their illicit earnings.”
The NCA has asked it be made clear that Qaiser’s activities, and the wider activities of the criminal gang he was part of, were not related to those of Evil Corp, the ringleaders of which were indicted earlier in December.