Software engineer jailed for 2 years after using RATs and crypters to steal underage victims' intimate pics

Another one who pleaded autism in mitigation


A software engineer was this week jailed in the UK for two years after pleading guilty to accessing women and children's webcams, Skype accounts and iCloud backups for more than a decade.

Robert Davies, of Byron Close, Colwick, Nottinghamshire, catfished many victims through a web of fake social media accounts, Nottingham Crown Court was told on Monday.

The 32-year-old, who had no previous criminal record, tricked women and children alike into exposing themselves to his fake social media profiles. He only came to the attention of the National Crime Agency in 2019 after buying cyber crime tools, the NCA said. His details were also found in the WeLeakInfo bust, with a multinational police operation taking down the stolen-credentials-resale site the following year.

Investigators discovered he'd purchased crypters (encryption suites designed to disguise malware) and remote administration trojans (RATs), with the NCA later saying it visited more than 30 victims.

Once he was in contact with his victims Davies would infect their devices with malware he had disguised with crypters. This let his spyware evade detection by common antivirus suites. By deploying the RATs he was then able to steal "any sexual images" from their devices.

Her Honour Judge Julie Warburton told Davies at Monday's sentencing hearing that his behaviour was "utterly disgraceful", the Nottingham Post reported. The NCA said in a statement that Davies was arrested three times between November 2019 (pre-dating the WeLeakInfo takedown) and August last year, with investigators seizing and analysing his devices.

On 2 September Davies pleaded guilty to 24 Computer Misuse Act charges, three counts of possessing indecent images of children, making indecent images of children and possessing extreme pornography.

He was sentenced to 26 months in prison, handed a 10 year sexual harm prevention order, placed on the sex offenders' register and a restraining order was made banning him from contacting five of his victims. Current sentencing laws mean his prison term will be automatically halved, with up to a third of the remaining 13 months discounted by prison authorities for good behaviour inside.

Simon Stevens, Davies' barrister, told the court in mitigation that his client accepted his guilt and had been recently diagnosed with autism.

Andrew Shorrock, operations manager of the NCA's National Cyber Crime Unit, said in a prepared statement: "Davies had amassed what can only be described as a cyber criminal's toolkit. Not only was he using these tools to break into people's devices, he was using them to spy on his unsuspecting victims and to steal naked images of them for his own sexual gratification."

Davies doesn't quite fit the archetype of a Computer Misuse Act offender. Research published last year found that on average, CMA crims are overwhelmingly male – but tend to be in their 20s and are not highly skilled.

The Computer Misuse Act is rarely used in UK prosecutions but has featured in cases similar to this one in the past, when a Brighton offender illegally accessed various women's Facebook accounts to steal private images of them. ®


Other stories you might like

  • Techniques to fool AI with hidden triggers are outpacing defenses – study
    Here's how to catch up with those poisoning machine-learning systems

    The increasingly wide use of deep neural networks (DNNs) for such computer vision tasks as facial recognition, medical imaging, object detection, and autonomous driving is going to, if not already, catch the attention of cybercriminals.

    DNNs have become foundational to deep learning and to the larger field of artificial intelligence (AI). They're a multi-layered class of machine learning algorithms that essentially try to mimic how a human brain works and are becoming more popular in developing modern applications.

    That use is expected to increase rapidly in the coming years. According to analysts with Emergen Research, the worldwide market for DNN technology will grow from $1.26bn in 2019 to $5.98bn by 2027, with demand in such industries as healthcare, banking, financial services and insurance surging.

    Continue reading
  • ‘Precursor malware’ infection may be sign you're about to get ransomware, says startup
    As more and more biz pays up to restore data, we're told

    Ransomware is among the most feared of the myriad cyberthreats circulating today, putting critical data at risk and costing some enterprises tens of millions of dollars in damage and ransoms paid. However, ransomware doesn't occur in a vacuum, according to security startup Lumu Technologies.

    A ransomware infection is usually preceded by what Lumu founder and CEO Ricardo Villadiego calls "precursor malware," essentially reconnaissance malicious code that has been around for a while and which lays the groundwork for the full ransomware campaign to come. Find and remediate that precursor malware and a company can ward off the ransomware attack is the theory.

    "The moment you see your network – and by network, I mean the network defined the modern times, whatever you have on premises, whatever is out in the clouds, whatever you have with your remote users – when you see any assets from your network contacting an adversarial infrastructure, eliminate that contact because that puts you in your zone of maximum resistance to attacks," Villadiego told The Register.

    Continue reading
  • China thrilled it captured already-leaked NSA cyber-weapon
    Not now with your mischief, Beijing

    China claims it has obtained malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets.

    The software nasty, dubbed NOPEN, is built to commandeer selected Unix and Linux systems, according to Chinese Communist Party tabloid Global Times, which today cited a report it got exclusively from China's National Computer Virus Emergency Response Center.

    Trouble is, NOPEN was among the files publicly leaked in 2016 by the Shadow Brokers. If you can recall back that far, the Shadow Brokers stole and dumped online malware developed by the NSA's Equation Group.

    Continue reading

Biting the hand that feeds IT © 1998–2022