British IT specialist tried to intercept money intended for extortionists, and paid a bitter price for it
A scam in the style of the best Guy Ritchie films ended unsuccessfully for the young specialist.
An interesting situation happened in 2018 in the British city of Oxford. A group of extortionists carried out a cyberattack followed by data encryption on one of the local companies. The management of the enterprise decided to pay a ransom to the attackers, since the loss of data would have dealt a serious blow to the company.
Ashley Liles, who at that time worked as an IT analyst for this company, was directly involved in ensuring the cybersecurity of the company, and set up a communication channel between the company’s management and extortionists. The situation is pretty standard, but Lyles decided to use his working position to intercept the ransom intended for the real attackers.
In order to deceive the company, Lyles posed as one of the members of the cybercriminal group and tried to redirect the payment by replacing the hackers’ cryptocurrency wallet with his own, sending it in a fake email to the firm’s email. In addition, having full access to corporate documents, the man used them to blackmail his management in order to speed up the transfer of funds to his account.
However, with his actions, Lays only scared away the management, which was initially inclined to transfer funds. As a result, the company did not comply with the requirements put forward by the attackers, so neither Lyles nor the real hackers got the ransom.
In parallel, the company launched an independent internal investigation involving the British police department. SEROCUduring which it turned out that Lyles repeatedly gained access to confidential company data, including from his home address.
Although Lyles took the precaution of erasing all data from his personal devices after he became aware of progress in the investigation, law enforcement seized his computer and successfully recovered the necessary evidence.
At first, Lyles vehemently denied involvement, but during a recent court hearing at the Royal Court of Reading, he finally confessed to what he had done. Five years after the incident.
Under UK law, illegal access to a computer can result in a prison sentence of up to two years, while blackmail is punishable by a maximum of 14 years.
As a result, 28-year-old Lyles was sentenced to three years and seven months in prison “for blackmail and unauthorized access to a computer with the intent to commit other crimes.”
This story highlights the importance of ethics and integrity in the world of cybersecurity. Although Ashley Lyles began his job with the company to ensure its safety, he took advantage of his position for his own benefit. Breaking laws and abuse of power is not only unethical, but can lead to serious consequences.