Malware dealer made Britcoin fortune
A cyber crook who sold Malware to a customer so he could spy on his ex-girlfriend may have made a fortune from trading in Britcoin, a court heard.
Goncalo Esteves, 24, ran the website reFUD.me, allowing clients to test, for a fee, whether their malicious cyber tools could beat anti-virus scanners.
Under the pseudonym KillaMuvz, he also sold virus cloaking products and offered bespoke support to customers.
Esteves made at least £17,000 in Paypal transactions but could have amassed up to £800,000 from trading in the Britcoin cryptocurrency, Blackfriars Crown Court heard.
He was eventually snared after a joint investigation by the National Crime Agency and cyber security firm Trend Micro.
Esteves claimed his business was above board but John Ojakovoh, prosecuting, said: ‘It’s like offering to disconnect burglar alarms so that burglars can get in undetected.’
Mr Ojakovoh said a Skype user with the name FishHabbo wanted to put a remote access Trojan on his ex-girlfriend’s computer so he could ‘see what she’s up to’.
‘In fairness to the defendant he at first said, ‘Instead of hacking her, how about you do something really nice for her.’
‘But the customer persisted so the defendant sold him the product, knowing it was going to be used to spy on or stalk his ex-girlfriend.’
In a conversation with another hacker, YungZen, Esteves was asked about off shore web-hosting and replied: ‘It’s up to you bro, you have to be your own hacker.’
Esteves had a rude awakening in November 2015 when police stormed into his home in Colchester, Essex, to find him asleep in his bedroom.
He sold the anti-virus dodging tools in packages which varied in price according to the length of the licence.
A month of Cryptex Lite cost £5 while a lifetime licence for Cryptex Reborn cost £60.
NCA officers discovered that Esteves made £32,000 from more than 800 Paypal transactions between 2011 and 2015.
Mr Ojakovoh added: ‘The Bitcoin wallet was investigated and the National Crime Agency saw that there were numerous transfers in of Bitcoin and transfers out.
‘Unfortunately it is, of course, not possible to trace where those land.
‘If we take the values at the time they were transferred out and add them all up it’s £15,700 at the time of pleading.
‘Although at its height they would have been worth £800,300 and after the recent crash, £500,000.
‘However, the Crown doesn’t seek to push into a higher category on that basis.’
Esteves advertised on a well-known message-board for cyber criminals, under the description: ‘A free service that offers fast and reliable file scanning to ensure that your files remain fully undetectable to anti-malware software.’
He was handed a seven month suspended sentence at Reading Crown Court in August 2016 for making false claims for refunds on four MacBooks ordered on Amazon.
One of the computers was used in his illegal business and was seized by police when they raided his home in 2015.
Esteves was forced to drop out of his first year of university and told the court he is under great pressure, with a young family and another child on the way.
Mike Hulett, head of operations at the NCA’s National Cyber Crime Unit, said: ‘Esteves’s crimes weren’t victimless. His clients were most likely preparing to target businesses and ordinary people with fraud and extortion attempts.
‘While offenders like Esteves try hard to stay hidden from law enforcement, NCA officers have the training and technical capability to detect them and put them before the courts.
‘This is bolstered by strong partnerships with the private sector. We’re grateful to Trend Micro for their ongoing support in tackling cyber crime.’
Esteves, of Cape Close, Colchester, Essex, admitted two computer misuse offences and one charge of money laundering last month.
He appeared in court today (mon), accompanied by his pregnant wife and father-in-law, but he will have to return on Thursday for sentence after Judge
Judge Mark Dennis said: ‘I want to step back from all that I have heard and to assess the appropriate sentence having done so.
‘This plainly crosses the custody threshold and you are not to read anything into the fact that I am granting you bail.’
ends
