Hacker Who Targeted Porn Site Users with Fake FBI Notices Jailed for Six Years

A British blackmailer who used fake FBI notices to scam porn site visitors out of more than $5 million has been jailed.

The sentencing of Zain Qaiser from London marks the conclusion of a case against England's most prolific cyber criminal, who used his programming skills to frighten porn site users into parting with hard cash.

The BBC reported that investigators were able to pin down £700,000 ($916,135) of Qaiser's personal profits. However, in total, the 24-year-old's criminal network may have made in excess of £4 million.

It took five years following Qaiser's arrest for police and lawyers to untangle his intricate criminal enterprise, with further delays to the case caused by concerns for the defendant's mental health.

From the bedroom of his family home in the East London suburb of Barking, the cyber blackmailer used ransomware to hijack unwitting victims' computers and then extort them for cash to give back control.

Starting the scam when he was just 17, Qaiser contacted a Russian controller who provided the ransomware, agreeing to split the proceeds of the planned scam. As the initiative grew, the cyber mastermind extended his network to the U.S. and China, to online criminals who would help him move the vast sums of money rolling in.

Over a period of 18 months, he booked advertising space on a number of the world's most popular legal porn sites. Contained within the link to the fake ads he provided, however, was malware known as an "Angler" tool.

Clicking on the malicious adverts downloaded software that would search for vulnerabilities and deliver the ransomware. Then a message would appear on the screen of the unsuspecting internet user, claiming to be from law enforcement agencies like the FBI.

The fake messages would accuse individuals of having broken the law and demand they pay an immediate fine of roughly $200 or face three years in jail. Many users paid the ransom to avoid embarrassment.

Qaiser used the money, partially funneled through Gibraltar and Belize, to fund a lavish lifestyle. He bought a $6,500 Rolex watch, spent $2,600 to stay in an upmarket London hotel, and splashed cash on sex workers, drugs and gambling. In one casino visit, he spent a sum of almost $90,000.

The scam eventually unraveled when advertisers spotted what was happening. Otherwise, no victim of the con, believed to have been downloaded on to 165,000 PCs around the world, ever alerted authorities.

The U.K. judge prosecuting the case said the case was without parallel in British legal history. "The harm caused by your offending was extensive—so extensive that there does not appear to be a reported case involving anything comparable," Judge Timothy Lamb QC said during sentencing.