Essex based cybercriminal Goncola Esteves, aka KillaMuvz has been jailed for 24 months. Esteves was charged with running a website (reFUD.me) that allowed hackers to test their code against anti-virus scanners. He also sold his own software tools that allowed cybercriminals to evade detection by security software.
Esteves was arrested earlier this year as part of a joint operation between the National Crime Agency and cybersecurity company Trend Micro. After his arrest, Esteves pled guilty to three charges. Last week he was sentenced at Blackfriars Crown Court.
The charges against Esteves were:
- 2 charges against Section 3A of the Computer Misuse Act 1990 (Making/adapting/supplying an article intended for use/to assist in the commission of a section 1 or 3 Computer Misuse offense)
- 1 charge against Section 327(1) and Section 334 of the Proceeds of Crime Act 2002 (Concealing/disguising/converting/transferring/removing criminal property)
What services and software did Esteves offer?
Esteves offered customers two encryption tools. Both were designed to help hackers evade detected by encrypting their code. Cryptex Lite cost just £5 per month while Cryptex Reborn cost £60 for a lifetime licence. Esteves started selling the tools back in 2011 and continuously updated them until he was caught.
Customers were given the option of paying through PayPal, via the Bitcoin cryptocurrency or in Amazon gift vouchers. Interestingly, the NCA were only able to trace £32,000 from 800 PayPal transactions between 2011 and 2015. Was is surprising is that Amazon was unable or unwilling to help trace any gift vouchers that may have been used by Esteves.
According to Mike Hulett, head of operations at the NCA’s National Cyber Crime Unit: “Esteves helped hackers to sharpen their knives before going after their victims. His clients were most likely preparing to target businesses and ordinary people with fraud and extortion attempts.
“He made a fair bit of money, but he’d probably have made much more, and certainly for longer, if he’d pursued a legitimate career in cyber security. We’re grateful to Trend Micro for their ongoing support in tackling cybercrime.”
We have emailed the NCA to ask how many of Esteves customers they have traced and arrested,. So far they have declined to comment. If we get a response we will update this story.
Why does this matter?
In the scheme of things, Esteves, aka KillaMuvz is a very small fish. However, he represents a growing ecosystem of tools vendors who are focused on cybercrime. As with the wider software tools industry they see their place as enabling others. Many of these people don’t believe that they are likely to get caught as they are not directing attacking computers.
However, this joint action by Trend Micro and the NCA shows that is a false belief. It will be interesting to see if this marks a new focus by law enforcement to target the wider cybercrime ecosystem.