A Nottingham man was imprisoned this week for more than two years after hacking the computers and phones of dozens of victims, some of them underage, and spying on them using remote access trojans (RATs).
32-year-old Robert Davies used fake online social media profiles and Skype accounts to catfish his victims and hack their devices by sending links that would infect them with RATs obfuscated using crypters (this helped the malicious tools evade anti-malware detection tools).
“He then used the RATs to gain remote access to their devices and steal any sexual images (mainly of females) they had stored on there,” the UK National Crime Agency said in a press release.
“On at least one occasion, he used his illegal access to spy on a teenage girl through her webcam, turning the encounter into a number of indecent images.”
He was also a “We Leak Info” customer, a large online marketplace that claimed to provide access to roughly 12.5 billion records stolen from data breaches before being taken down by law enforcement in January 2020.
Davies used his access to victims’ computers and phones to steal and build a large collection of indecent images of both adults and children (investigators recovered dozens of images and videos of children while analyzing data on his seized computer).
Davies only landed on NCA’s radar after investigators spotted him buying various cyber crime tools online, including the RATs and crypters he later used to compromise and remotely access his victims’ devices.
26 months of prison after hacking, spying on 30 people
“Davies had amassed what can only be described as a cyber criminal’s toolkit,” said Andrew Shorrock, Operations Manager from the NCA’s National Cyber Crime Unit.
“Not only was he using these tools to break in to peoples’ devices, he was using them to spy on his unsuspecting victims and to steal naked images of them for his own sexual gratification.
“Even more disturbing is the fact that at least one of his victims was a teenager and we found a collection of images and videos of child sexual abuse on his computer.”
Davies was sentenced this week to 26 months in prison after pleading guilty to 24 Computer Misuse Act offenses, possessing and making indecent images of children, and possessing extreme pornographic images.
“In total NCA officers identified and visited over 30 victims of Davies throughout the course of the investigation,” the NCA added.
The sentence comes after he was arrested three times over a span of almost two years, between November 2019 and August 2021, each time being charged for additional offenses as officers were analyzing information collected from his devices.