UK security analyst goes rogue, blows it

The ransom demand was coming from inside the security analyst’s house, in a recently resolved cyber blackmail case in the UK.

Former IT worker Ashley Liles pleaded guilty in May to using his position as a security analyst at an Oxford-based company to carry out an unsuccessful ransomware attack, according to an announcement from the South East Regional Organised Crime Unit (SEROCU).

The firm, identified by the Oxford Mail as gene and cell therapy company Oxford Biomedica, experienced a breach and received ransom demands in February 2018. Liles helped investigate the incident alongside other colleagues and police, but secretly abused his position to alter the original ransom email to change the payment address to an account under his control, according to the SEROCU statement, which explained: “This was in the hope that if payment was made, it would be made to him rather than the original attacker. Liles also created an almost identical email address to the original attacker and began emailing his employer to pressurise them to pay the money.”

Liles also accessed a corporate board member’s email hundreds of times as part of the scheme, according to the announcement.

The company didn’t pay, and the scheme fell apart after someone noticed the unauthorized email access and traced it back to Liles’s home, according to SEROCU. While Liles had tried to cover his involvement by wiping data, his method was apparently imperfect—SEROCU said the data recovered from his seized devices “provided direct evidence of his crimes.”

Liles insisted on his innocence for five years before pleading guilty to charges of blackmail and unauthorized computer access in May, the release stated. Sentencing is set for July.