back to article Brit hacker jailed for strapping ransomware to smut site ad networks

A student hacker who used pornography websites' ad networks to deploy the Angler Exploit Kit onto his marks' devices has been jailed for six years. Zain Qaiser, a 24-year-old Londoner from Barking, used ad networks on smut websites to distribute malware including the Angler Exploit Kit, which the National Crime Agency (NCA) …

  1. Anonymous Coward
    Anonymous Coward

    The Taxman cometh

    Nice earnings, I hope he completed his self assessment forms correctly as the taxman is entitled to a slice.

  2. Alister

    Zain Qaiser

    Good name... Good name. What a waste.

    1. macjules

      Re: Zain Qaiser

      What a despicable individual though. Even when on remand he continued to steal a further £120,000 from his victims. Hopefully 3 years of being careful how you pick up the soap will teach him some lessons.

  3. John Savard

    Has all the data scrambled for which ransoms have not been paid been recovered? Has all the money paid as ransom been recovered?

    Those are the questions the legal system should focus on. Criminal law should be all about the victim. The perpetrator... is just so much meat, to be used however possible to recover money to compensate the victims.

    1. Teiwaz

      Those are the questions the legal system should focus on. Criminal law should be all about the victim. The perpetrator... is just so much meat, to be used however possible to recover money to compensate the victims.

      I was mentioned on the Beeb that he'd ploughed a lot of hid profit back into more advertising, so I guess the Ad networks now have a lot of it as well.

    2. Anonymous Coward
      Anonymous Coward

      "Has all the money paid as ransom been recovered". Apparently he spent quite a lot of it on prostitutes. Refunds are unlikely.

      1. Andy The Hat Silver badge

        £700,000 blown on prostitutes? That's a lot of prostitutes ... last time I heard they were only sixpence down the docks ...

        1. Korev Silver badge
          Pirate

          Really? Mine claimed to take the Queen's Shilling...

        2. JJKing
          Paris Hilton

          I wonder if he cum to his senses?

          £700,000 being blown by prostitutes.

          FTFY

          Damn, did Paris get shot in the eye by an unexpected discharge?

      2. Alan Brown Silver badge

        "Apparently he spent quite a lot of it on prostitutes."

        Given someone else mentioned the taxman:

        Those are not tax deductible as entertainment expenses.

        Use of the Inland Revenue could be an entertaining way to keep fraudsters looking over their shoulders for years, There's very little they're _not_ allowed to do when pursuing the government's money.

    3. czechitout

      "Has all the data scrambled for which ransoms have not been paid been recovered? Has all the money paid as ransom been recovered?"

      Is there any evidence data was actually scrambled - or was it just one of those popups which locks the browser window creating momentary panic?

  4. GnuTzu
    Megaphone

    Site's Responsibility for Reasonable Service -- Or, Who Expects Marketing Services to Have a Heart

    Isn't it still true that advertisement services still take no responsibility for the content they allow through their service? Aren't lawmakers considering addressing issues of this sort in other arenas, like social networking, search engines and such--some of which may be going to far (EU copyright law), others not far enough (social media data gathering)? Would I be shocking anybody if I made a prediction that this hacker will not be the first of this kind, that ad services will again be the vehicle for other major exploits, and eventually that there will then be regulation--putting some responsibility on the ad services--for not being so callously irresponsible towards consumers--that they actually do something to screen or filter ad content--to reduce the chance that they'll be used to spread malware?

    1. Anonymous Coward Silver badge
      Childcatcher

      Re: Site's Responsibility for Reasonable Service ..........

      Why blame the ad services? Surely it's the site owner who is responsible for ensuring that their site stays clean. If they've farmed out some content to unscrupulous bastards (ie ad networks), that's their own fault.

      1. Andy The Hat Silver badge

        Re: Site's Responsibility for Reasonable Service ..........

        Surely it's the site owner and ad flingers who should do things competently, it's not necessarily their fault that they get compromised.

        It's the perpetrators that need proper punishment.

        1. GnuTzu
          Childcatcher

          Re: Site's Responsibility for Reasonable Service ..........

          When I go to buy products, I will be a responsible consumer and make sure that I am both getting products produced by responsible manufacturers and that I am getting that product from a seller that will insure that that I am getting the genuine product unmolested. So, I'm going to also seek out some means of ascertaining the reputation of both. That may be by way of a consumer advocate publication or by way of some manner of certification. So, both Consumer Reports and the Underwriters Laboratories are key resources.

          However, things get weird with advertising services, as the consumer doesn't get to scrutinize them directly. Web sites are entering into a business deal with ad services, who in turn are entering into a deal with sellers who want to advertise their products. And, in this brave new world of the Internet, they have to do so in extreme bulk. That has a distinct affect on the lack of motivation to look out for the consumer, so the consumer is left to look out for themselves.

          At some point, there will have to arise in the market some manner for dealing with the reputation of these delivery mechanisms. Will it be something that arises naturally, by consumer outrage, by regulation, or some combination thereof? But, I can't believe that anyone involved will be able to reasonably claim they have absolutely no responsibility in this. After all, it's a chain of business agreements and all participants are creating market forces that are a part of the cause of the problem.

      2. Alan Brown Silver badge

        Re: Site's Responsibility for Reasonable Service ..........

        You are visiting a site (site owner's responsibilty if you pick up drive-by malware from that site)

        The site owner has a contract with the ad farmer (ad farmer takes liability - but sued by site owner)

        The ad farmer has a contract with the ad placer

        The ad placer has a contract with the advertiser

        etc etc

        But at the end of the day, you are NOT expected to chase the chain down. It's the enduser interaction that matters and any site owner who tries to fob things off is likely to get a very rude awakening if someone is determined enough to take it through the courts. (the new laws will make it clearer too)

  5. Mark 85

    Once upon a time....

    in the US at least, there the concepts of "counts" for charges. For something like this, it would XXX counts of blackmail, XXX counts of fraud, etc. The number of "counts" usually was equal to the number of victims and the base sentence would then be a multiple of the basic sentence times the number of victims. Judges were free to lower the sentence to some level. Maybe it's time to change some laws and enforce this. Make the prison time vary with the number of victims? Currently, the sentences here in the States and abroad just seem to be mere slap on the wrist.

  6. Anonymous Coward
    Anonymous Coward

    The old "Mental Health" routine to avoid justice, must have watched One Flew Over The Cuckoo's Nest.

    1. 's water music

      must have watched One Flew Over The Cuckoo's Nest

      left the cinema before the end surely?

  7. Anonymous Coward
    Anonymous Coward

    Fake ads

    There is another scam that has been running for over 6 years straight that tricks Android users into installing a dodgy "antivirus/cleaner" app by using fake virus warnings that cause the users phone to vibrate and links back to the Google Play store.

    Actual user reviews from this month alone:

    04/08/2019

    Now I know for a fact I have some type of virus because I keep getting ads on my screen that take me to shady websites and Google sends me to this app.

    04/04/2019

    constantly reports viruses that don't exist

    04/03/2019

    so basically i was watching some wacky stuff online, my phone got a virus, and my play store keeps opening up with this app as the first thing i see. so i downloaded it. developers, why is this

    04/03/2019 __

    honestly, if i could give this a zero, i would. stupid ads saying that my phone has two viruses keep popping up with a link that leads to THIS PAGE . an absolute P.O.S.

  8. Matthew 3

    £700,000 ('and probably more') and he'll only serve three years?

    I sincerely hope they've seized every last penny of those ill-gotten gains otherwise it doesn't seem like a bad deal. If I knew I would have £700k in taxfree untraceable funds waiting for me afterwards I might be tempted to risk three years of freedom.

    1. LewisRage

      £700K is just what they know about...

      If I was doing something like this you can be sure that I'd have a bunch of crypto wallets stashed somewhere unlikely/inaccessible to the authorities, leave a large enough chunk somewhere obvious to be found so that it's feasible that they've got all the remaining money, claim a sex/gambling/drug addiction to explain away any discrepancy and then cash it all out once you are a free man again.

  9. Prst. V.Jeltz Silver badge

    Under current sentencing laws, Qaiser will serve no more than half of his six-year-and-five-month sentence

    wtf does that mean? can we just call a spade a 3 year sentence?

    what are these laws? does he have to kill someone to win the full 6.5 ?

    1. PapaD

      My understanding

      From what I know, he will spend 3.25 years locked up, and then a further 3.25 years having to visit a parole officer and meet any other 'requirements' that they deem necessary. At any point, if they deem him to be in breach of those requirements they can send him back to prison to finish his sentence. He may also receive additional sentencing for whatever caused him to breach his parole. (think it's called 'being on license' in the UK)

      Those requirements could include not using a PC outside of specific locations (his place of employment if he has one, etc), meeting a parole officer every day, every week or on some other schedule. It varies, and more restrictions can be applied if they feel he needs it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon