15 January 2018
A cyber criminal has admitted running a product-testing service for hackers following a joint investigation by the National Crime Agency (NCA) and cyber security firm Trend Micro.
Goncalo Esteves, 24, of Cape Close, Colchester, Essex, ran the website reFUD.me, which allowed offenders to test, for a fee, whether their malicious cyber tools could beat anti-virus scanners.
Under the pseudonym KillaMuvz, he also sold custom-made malware-disguising products and offered technical support to users.
He pleaded guilty to two computer misuse offences and a count of money laundering at Blackfriars Crown Court.
Esteves called his encryption tools Cryptex Reborn and Cryptex Lite. Part of a family of cyber tools known as crypters, they could be used by hackers to improve their chances of dodging anti-virus.
He sold them for use in packages which varied in price according to the length of the licence.
A month of Cryptex Lite cost $7.99 ( about £5 at the time of offending) while a lifetime licence for Cryptex Reborn cost $90 (about £60). Esteves provided customer support via a dedicated Skype account and accepted payment either in conventional currency, in the cryptocurrency Bitcoin or in Amazon vouchers.
Esteves advertised his website on the hackforums.net website, a well-known messageboard for cyber criminals, under the description: “A free service that offers fast and reliable file scanning to ensure that your files remain fully undetectable to anti-malware software.”
NCA officers discovered that Esteves made £32,000 from more than 800 Paypal transactions between 2011 and 2015.
He is likely to have made far more, as this sum does not include payments in alternative payments Esteves accepted such as Bitcoin and Amazon vouchers.
Sentencing was set for Monday 12 February 2018 at Blackfriars Crown Court.
Mike Hulett, head of operations at the NCA’s National Cyber Crime Unit, said: “Esteves’s crimes weren’t victimless. His clients were most likely preparing to target businesses and ordinary people with fraud and extortion attempts.
“While offenders like Esteves try hard to stay hidden from law enforcement, NCA officers have the training and technical capability to detect them and put them before the courts.
“This is bolstered by strong partnerships with the private sector. We’re grateful to Trend Micro for their ongoing support in tackling cyber crime.”
Rik Ferguson, Trend Micro vice president of security research, said: “Trend Micro actively works with global law enforcement to assist in the investigation and prosecution of online crime. In this particular case the NCA and the justice system have acted against not just a criminal, but a “service provider” to the wider online underground who enabled other criminals’ attacks.
"We hope that this successful prosecution sends a message to the community that online crime is no different from the more traditional kind; it is harmful, it does carry risks and criminals are not invisible.”
Adrian Flasher, Specialist Prosecutor in the Organised Crime Division at the CPS, said: "Goncalo Esteves designed, developed and sold software that disguised computer viruses used by cyber criminals which allowed anti-virus software to be bypassed and cybercrime carried out undetected.
“Esteves advised his customers about his products, discussed how they were to be used and how to use the software to achieve criminal objectives.
“The CPS advised investigators throughout the investigation and prosecution, enabling a strong case to be presented; namely, that Esteves knew exactly what the criminal aims of his customers were and that he had profited from his criminality in selling the tools for cybercrime.”