Hated and hounded: the dangerous life of a virus hacker, making powerful enemies

Fabian is known to destroy extortionists — viruses that criminal groups send out to extort money. Because of this, he has to lead a solitary life, and always one step ahead of cybercriminals. At the end of our interview, he moved to an unknown place.


')
For a photographer from British Yorkshire, the situation was disastrous. Late at night, he put the final touches on his last set of wedding photos that he needed to send to joyful newlywed clients. And then everything changed on the computer screen. Not only the folder with the images, but all the work, all the mail and all the checks disappeared.

A school teacher from Texas (USA) realized the seriousness of the situation only after she remembered what was stored on her computer. Detailed long-term financial education plan. It took months of work and a lot of effort, and because of one mouse click, hackers controlled all this.

The senior manager of a large corporation from Hong Kong was covered in cold sweat. He has heard about similar computer viruses and how dangerous they can be. But he never thought that he would be deceived by forcing him to click on the wrong link. After reading the ransom demand, he panicked. Because of this situation, he could lose his job.

The ransomware program [ransomware] is a particularly unpleasant type of computer virus. Instead of stealing data or money from victims, such a virus intercepts computer control and encrypts all documents, images, video files and mail. Then a redemption request is issued. Sometimes it is recorded in a note left on the desktop, sometimes it suddenly appears on the screen.

And in such cases there is always a way out. Pay the hacker a few hundred - and sometimes thousands - of dollars, and then he will restore your files.

All the above-mentioned victims were overtaken by a virus extortioner of any kind. However, the manager from Hong Kong did not lose his job, and the photographer and teacher were able to restore what they had done. No one had to pay money, and when they returned their lives to normal, they all sent emails with thanks to the same person.

This man has devoted his life, while experiencing serious problems, helping victims of ransomware programs around the world. He carefully hides his identity for self-defense, since for every message he receives, he gratefully has a message with insults from the cybercriminals who hate him.

In general, they hate him so much that they even leave personal threats in the code of their own viruses.



For an untrained person, the computer virus code is a jumble of letters, numbers, and symbols. But for Fabian Vazar, each line is a clear instruction. He knows and understands every number and every point just as a pianist would understand a page with notes.

About a year ago, looking at the code of the latest ransomware virus in search of clues to help him break it, he suddenly froze. Directly from the code it looked at the green letters, folding into a curse, addressed to him personally. By name.

“I was shocked, but at the same time I felt real pride,” said Fabian. - Even a bit of arrogance. I will not lie, it was nice. It was clear that the programmer was pissed off. They spent time and energy writing a message, knowing that I would see it, and it is clear that I began to get it. Great motivation is to know that my work annoys some particularly unpleasant cybercriminal groups. ”

Fabian shows me other messages. It takes me some time to see them scrolling through endless lines of code. When I discover one of them, it stands out like a beacon in a sea of ​​unreadable characters.

Almost all of them are obscene, offensive and threatening. Fabian’s mother and descriptions of sexual acts are often mentioned. Many contain calls and ridicule in his address. One virus was even called Fabiansomware, in an attempt to make the victims believe that Fabian was behind it.

But some are more like requests, like this one, which he found several months ago:


“Fabian, please don't hack me! This is my last attempt. If you crack this version, I will start taking heroin! ”

“They tried to make me feel guilty. But, naturally, I hacked their virus and laid out the decryptor, he said. “And, unsurprisingly, this did not stop them, and they posted the next version.”

Fabian stores all messages found. He already had a large collection, and this is another motivation, forcing him to devote himself to his work, and even get too carried away with it.



From the moment you enter the house of Fabian, you understand how this devotion is manifested in his life. In his unassuming house on the outskirts of London there are no decorations. No pictures or photos on the walls. No lamps or plants. The shelves are empty, except for the collection of games from Nintendo and books on programming.

He has one board game called Hacker: The Cyber ​​Security Logic Game, and he says he's good at it, though he always plays it alone. In short, his house cannot be called cozy, but this cheerful young native of Germany does not suffer from it. He admits that he spends 98% of his time at home, working from an office on the second floor.

“I am one of those people who do not leave home without a good reason,” he says. “I don't particularly like leaving the house unnecessarily.” Almost all purchases I make over the Internet, and everything is delivered to me. I don’t like to keep a lot of things, and I spend most of my time at work. ”

Strangely enough, Fabian equipped the smallest room in the house as an office. It is there, behind closed curtains, he spends most of his life picking up a base of grateful fans and dangerous enemies of haters from around the world.

He works remotely for a cybersecurity company and often works together with colleagues from around the world for several hours.

When he “enters the zone,” the outside world becomes even less important, and his whole being concentrates on the code on the screen. One day he woke up with traces of buttons on his face, falling asleep after a 35-hour continuous work.

And all this is done for the sake of creating anti-money-burners, which he and his company usually give out for free. Victims download the tool for a specific virus, follow the instructions and get the files back. It is clear from where he has so many vengeful enemies among cybercriminals.



“You can never be sure who you come across, but I think I have angered or upset about 100 different cybercriminal groups in the past few years,” says Fabian. - Code - it is like the text of the story. You can learn the style. You can understand that you are dealing with the same people. And also pretty easy to track money. Studying Bitcoin wallets, to which criminals demand to transfer money, you can see who is responsible for which version of the ransomware program and how much they earn. ” He says that one group, “which he had pissed off,” earned about $ 250,000 in the three months before he discovered their virus and stopped it.

Ransomware is one of the most profitable ways to make money for cybercriminals. You can steal data, but they need to find a buyer. And in these attacks the victim is the buyer. People rarely have backup copies of valuable family photos, so they are likely to pay a couple hundred bucks to save them.

Organizations often pay, not involving law enforcement agencies, and not upsetting shareholders. In some cases, local law enforcement agencies pay money, assessing the cost of replacing their systems with taxpayers' money. In March, officials from Jackson County, pc. Georgia (USA) paid criminals $ 400,000 to get rid of the extortion virus and restore access to their IT infrastructure. It is reported that according to their estimates, the replacement of a computer network would cost millions.

The most successful cybergroups are similar to the mafia, have a special structure and division of labor. There are virus coders, money launderers, defenders and bosses who choose victims and sometimes invest in more serious criminal enterprises.

And to catch these criminals is extremely difficult. One of the most fruitful extortion groups, and responsible for the two main families of such viruses - CTB-Locker and Cerber - was estimated to have earned about $ 27 million, and for years has not come across the police. To close it, we had to combine the efforts of the American FBI, the British NCA and investigators from Romania and the Netherlands. In December 2017, five people were arrested in Romania.

According to the Emsisoft company, which Fabian works for, every two seconds another computer is attacked. Over the past 60 days, the company's network has managed to prevent 2,584,105 infections, and this is only one of the dozens of anti-virus companies that exist worldwide.



Some of the most destructive cyber attacks of recent years were carried out with the help of extortion programs. In May 2017, hundreds of British hospitals plunged into chaos due to the fact that the WannaCry virus spread through a network of medical institutions like a forest fire. About 70,000 devices — including computers, MRI scanners, blood-storage refrigerators, and operating theater equipment — turned off due to a virus that encrypted all data and required payment in bitcoins to decrypt them. Doctors and nurses had to return to the practice of manual recording, and thousands of techniques and operations were canceled or postponed. Worldwide, this virus has infected 300,000 computers in 150 countries, most strongly in Ukraine, Russia, Taiwan and India. Experts quickly blamed the attack, the damage from which cost hundreds of millions of dollars, North Korea.

Another version of the ransomware program, Not Petya, is responsible for what is often called the most destructive cyber attack of all time. It is believed that the damage from it amounted to about $ 10 billion, $ 300 million of which one company lost.

Infection began in June 2017. It went from a completely harmless accounting program, popular among Ukrainian companies, and spread throughout the country, encrypting computers in energy companies, transport networks, airports and banks. Then the virus quickly began to encrypt computers in Germany, France, Italy, Poland and Britain.

The cynical cruelty of the Not Petya virus was that, although it looked and behaved like an ransomware program, in fact, even if you paid the ransom (and many paid), the files could not be recovered.

Maersk, the largest logistics and container carrier company in the world, suffered the most. The business almost stopped, and in the ten days that it took to rebuild thousands of computers connected to the network, the cost of such goods as bananas sharply jumped when the store shelves began to empty.

Some believe that the attack was a political act against Ukraine, but no one truly knows who was behind it. “This is essentially an arms race,” says Fabian. “They are releasing a new ransomware virus, I find a flaw in its code and create a decryption tool to help get files back to people. Then the criminals release a new version, hoping that I will not hack it. Sometimes they understand what they did wrong and fix the program, but more often they don’t see flaws in their code. Once this game in and out with one cybergroup lasted six to seven months. And passions ran high, while they were increasingly angry with me. ”



Fabian admits that, being carried away by the arms race with anonymous criminals, it becomes difficult to perform such simple actions as eating, drinking and watching yourself.

Among the mess of books on programming and documents on his desk, I notice two boxes of pills. Containers with labels for each day of the week talk about health problems that, he confessed, appeared because of his lifestyle.

“I have a lot of excess weight, problems with pressure, so I take medicine. I also have problems due to hyperthyroidism, he says. - This is all because of my work and lifestyle. I am thinking to have a puppy so that I have to leave the house for walks. Yes, and the company would be useful to me. "

It was the message concerning his overweight that prompted him to flee Germany and settle in Britain. About a year ago he came across a hidden message that, unlike many, was frighteningly personal:


"Fabian, tie in with cheeseburgers, you're fat!"

This he could not ignore. Not because it offended him, but because it showed that cybercriminals knew something about him. Until that moment, he kept everything except his name, in the strictest confidence. Even his boss and employees did not know where exactly in his hometown he lived in eastern Germany, and now, apparently, the criminals were getting closer to him.


"Fabian, stop eating hamburgers, man, seriously"

“It really got me. Not because of weight - I obviously weigh a lot - but because I realized that people were tracking me on the Internet, ”he says. Fabian described this time as a period of fear. He cleared his accounts in social networks and web forums from all photos or links to his appearance. He found that many years ago he mentioned a ketodete in some tweet. “Then I deleted my birthday from everywhere, and so on, so as not to give out much information,” he says. “I remember thinking about the need to leave Germany, where you can easily find a person on scraps of information.”

"This was really scary. I don’t think they would kill me, but these guys are very dangerous. I know how much they earn, and for them it would not have been worth paying 10-20 thousand to some Russian who would come to my home and beat me to a pulp. I moved to Britain as quickly as I could. Here you can hide, there is no registration and all that, and you can live anonymously. ”



Fabian has not yet told his colleagues where he lives in Britain. He agreed that I should come to him, just because he was going to move to another place, and did not tell me where. He understands that constant travels and restrictions of his life and circle of friends are part of the sacrifices he makes for his hobby, which has turned into a profession.

He first discovered a passion for computers at the age of seven, when he was playing on his father's work computer. His family from eastern Germany was poor, and the fulfillment of his dreams depended only on himself. For three years he saved money on his first computer, collecting and handing over bottles and cans.

At 10, he had saved enough money to buy a computer and start experimenting with it. Everything spun when he first came across a computer virus. “He was called TEQUILA-B, he messed up my entire system, and terribly interested me. I went to the library, and they had a couple of books about computer viruses. I got into it and wrote my own antivirus program. ”

By the age of 14, he was already known in his area as an enikeyschik, and managed to save enough money to help the family move to a better home in a good area. By 18, without any formal education, he got a job at cybersecurity firm Emsisoft, where he earned his reputation and became known as one of the best experts on extortionist programs in the industry.

With such skills and reputation, Fabian could have become one of the biggest names in the cyber world, but he chose a more modest existence. He earns very well, but looking at his house and how he lives, it is difficult to understand what he is spending money on. “And I especially do not spend them. I like to play board games online [and it is written - apparently, the author confused something / approx. transl.], but it costs a little, he says. - I sent a lot of money to my sister, who has a small daughter. I like to make sure she has everything she needs. ”

He is constantly offered rewards and rewards, but he does not like to accept them. But he liked one gift - it was a drawing from a grateful artist who tried to imagine what Fabian might look like. It depicts a portly man in a hat depicting a polar bear. Oddly enough, the artist managed to convey the essence (and love of polar bears), even without a portrait likeness.



He uses this picture as an avatar on the Internet, rejoicing that he received it from the person he helped, and at the same time knowing that it is safe to use.

Leaving him after the interview, I feel flattered that I was invited to his house and became one of the few people who were entrusted with his location, albeit temporarily. I wished him good luck with the move and with the search for a companion puppy with whom he could share his strange life.