Cyber security expert jailed for running hacker test site

A cyber security wizard who shunned the chance to earn big bucks in the corporate world to set up his own business offering a product-testing service for hackers has been sentenced to 24 months in prison.
Goncalo Esteves, 24, of Colchester, who admitted guilt last month following a joint investigation by the National Crime Agency (NCA) and cyber security firm Trend Micro, was sentenced at Blackfriars Crown Court in relation to two computer misuse offences and one count of money laundering.
Esteves ran the website reFUD.me, which allowed cyber criminals to test, for a fee, whether their malicious cyber tools could beat anti-virus scanners. Under the pseudonym KillaMuvz, he also sold custom-made malware-disguising products and offered technical support to users.
Esteves called his encryption tools Cryptex Reborn and Cryptex Lite. Part of a family of cyber tools known as crypters, they could be used by hackers to improve their chances of dodging anti-virus. He sold them for use in packages which varied in price according to the length of the licence.
A month of Cryptex Lite cost $7.99 ( about £5) while a lifetime licence for Cryptex Reborn cost $90 (about £60). Esteves provided customer support via a dedicated Skype account and accepted payment either in conventional currency, in the cryptocurrency Bitcoin or in Amazon vouchers.
He advertised his website on the hackforums.net website, a well-known messageboard for cyber criminals, under the description: “A free service that offers fast and reliable file scanning to ensure that your files remain fully undetectable to anti-malware software.”
NCA officers discovered that Esteves made £32,000 from more than 800 Paypal transactions between 2011 and 2015. However, he is likely to have made far more, as this sum does not include payments Esteves accepted in Bitcoin and Amazon vouchers.
Mike Hulett, head of operations at the NCA’s National Cyber Crime Unit, said: “Esteves helped hackers to sharpen their knives before going after their victims. His clients were most likely preparing to target businesses and ordinary people with fraud and extortion attempts.
“He made a fair bit of money, but he’d probably have made much more, and certainly for longer, if he’d pursued a legitimate career in cyber security.”