This article is more than 1 year old

Software engineer jailed for 2 years after using RATs and crypters to steal underage victims' intimate pics

Another one who pleaded autism in mitigation

A software engineer was this week jailed in the UK for two years after pleading guilty to accessing women and children's webcams, Skype accounts and iCloud backups for more than a decade.

Robert Davies, of Byron Close, Colwick, Nottinghamshire, catfished many victims through a web of fake social media accounts, Nottingham Crown Court was told on Monday.

The 32-year-old, who had no previous criminal record, tricked women and children alike into exposing themselves to his fake social media profiles. He only came to the attention of the National Crime Agency in 2019 after buying cyber crime tools, the NCA said. His details were also found in the WeLeakInfo bust, with a multinational police operation taking down the stolen-credentials-resale site the following year.

Investigators discovered he'd purchased crypters (encryption suites designed to disguise malware) and remote administration trojans (RATs), with the NCA later saying it visited more than 30 victims.

Once he was in contact with his victims Davies would infect their devices with malware he had disguised with crypters. This let his spyware evade detection by common antivirus suites. By deploying the RATs he was then able to steal "any sexual images" from their devices.

Her Honour Judge Julie Warburton told Davies at Monday's sentencing hearing that his behaviour was "utterly disgraceful", the Nottingham Post reported. The NCA said in a statement that Davies was arrested three times between November 2019 (pre-dating the WeLeakInfo takedown) and August last year, with investigators seizing and analysing his devices.

On 2 September Davies pleaded guilty to 24 Computer Misuse Act charges, three counts of possessing indecent images of children, making indecent images of children and possessing extreme pornography.

He was sentenced to 26 months in prison, handed a 10 year sexual harm prevention order, placed on the sex offenders' register and a restraining order was made banning him from contacting five of his victims. Current sentencing laws mean his prison term will be automatically halved, with up to a third of the remaining 13 months discounted by prison authorities for good behaviour inside.

Simon Stevens, Davies' barrister, told the court in mitigation that his client accepted his guilt and had been recently diagnosed with autism.

Andrew Shorrock, operations manager of the NCA's National Cyber Crime Unit, said in a prepared statement: "Davies had amassed what can only be described as a cyber criminal's toolkit. Not only was he using these tools to break into people's devices, he was using them to spy on his unsuspecting victims and to steal naked images of them for his own sexual gratification."

Davies doesn't quite fit the archetype of a Computer Misuse Act offender. Research published last year found that on average, CMA crims are overwhelmingly male – but tend to be in their 20s and are not highly skilled.

The Computer Misuse Act is rarely used in UK prosecutions but has featured in cases similar to this one in the past, when a Brighton offender illegally accessed various women's Facebook accounts to steal private images of them. ®

More about

TIP US OFF

Send us news


Other stories you might like