IT security analyst admits hijacking cyber attack to pocket ransom payments
Ashley Liles altered blackmail emails in bid to make off with £300,000 in Bitcoin
A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself.
Ashley Liles, of Letchworth Garden City, in Hertfordshire, England, pleaded guilty at Reading Crown Court to blackmail and unauthorized access to a computer with intent to commit other offences on May 17 following an investigation by the South East Regional Organised Crime Unit (SEROCU).
The case stretches back to February 27, 2018, when the Oxford-based gene and cell therapy company was hit by a "security incident" in which unauthorized access was gained to part of the organization's computer systems. The parties responsible informed senior execs and demanded a ransom, confirmed by cops to be £300,000 in Bitcoin.
Liles, in his capacity as security analyst for Oxford Biomedica, began to investigate the attack alongside colleagues and the police, but SEROCU's own probe soon uncovered an ulterior motive.
It was discovered that Liles, who is now 28 years old, had the bright idea of inserting himself into the crime in the hope of siphoning off ransom payments meant for the attacker.
Liles was found to have accessed the emails of a board member more than 300 times, altering the original blackmail email and changing the payment details provided by the initial attacker. Using an almost identical email address to that of the attacker, Liles heaped pressure on the company to pay up.
Oxford Biomedica must have been listening to regular government advisories over the years, because no ransom payments were made – but Liles's email intrusions did not go unnoticed.
The unauthorized access was determined to have come from Liles's home. Specialist SEROCU officers swooped on the property to arrest him and conduct a search. Items seized included a computer, laptop, phone, and USB stick. Liles had attempted to wipe his devices days before his arrest, but the data was recovered.
- Russian IT guy sent to labor camp for DDoSing Kremlin websites
- Payments firm accused of aiding 'contact Microsoft about a virus' scammers must cough $650k
- DoJ 'very disappointed' with probation sentence for Capital One hacker Paige Thompson
- Capital One: Convicted techie got in via 'misconfigured' AWS buckets
Liles continued to deny any involvement, despite evidence to the contrary, until he cracked in court last week. He will be sentenced at Reading Crown Court on July 11.
Detective Inspector Rob Bryant, from the SEROCU Cyber Crime Unit, said: "I would like to thank the company and their employees for their support and cooperation during this investigation. I hope this sends a clear message to anyone considering committing this type of crime. We have a team of cyber experts who will always carry out a thorough investigation to catch those responsible and ensure they are brought to justice."
Which just goes to show that if you are an infosec worker tempted by the forbidden fruit, remember that the cyber cops often know what they're doing – even if you think you can hide your tracks better than this guy. ®