‘Pedo hunter’ who posed as teen to extort others accepted payment in Amazon vouchers

library
crime | hacking | security

A 48-year-old man from South Wales was jailed in June for planting child abuse images on the computers of other men and then extorting a total of £40,000 from them.

The reason we’re only hearing now about Lee Phillip Rees, of Roath, Cardiff, who was sentenced to 9 years in jail, was that South Wales police have been sharing intelligence with other forces: a combined effort that’s resulted in numerous busts of the pedophiles Rees was preying upon.

The investigations have been conducted worldwide: throughout the UK, as well as in 118 countries. Interpol, Europol, and the Child Exploitation and Online Protection Centre (CEOP) have been involved in arrests.

Rees has been arrested multiple times in connection with pedophilia and this scam.

According to the BBC, in 2011, after Rees separated from his wife, she and her new partner found a file on Rees’ computer that they suspected contained indecent images, so they turned it over to police.

Rees would conduct pedophile hunts by posing as a teenage girl in chat rooms, presenting himself as bait.

After his victims contacted Rees, he’d share a video with them.

The video was rigged with a Remote Access Trojan (RAT). That enabled Rees to plant obscene images on their machines.

He’d capture screenshots before threatening to forward their personal details to local schools and the media.

He also maintained a website where he published his victims’ details, including conversations and images captured after he encouraged his targets to expose themselves via webcam.

Then, he’d tell the pedophiles that their details would come down only if they paid a “fine.”

He wasn’t after criminals’ preferred virtual currency, Bitcoin. Rather, he demanded payment in Amazon vouchers.

He’d extort his victims for £25 to £100 in exchange for having their details removed.

Police found about 400 payments and have been investigating more than 4500 of Rees’s Skype contacts.

Police were told that he’d “terrify the living daylights” out of his victims.

Police found that Rees not only bragged about his crimes, claiming to have made about £1200 in one month; he also encouraged other people to “pedo hunt”.

Rees didn’t just lure and extort pedophiles. He was one himself.

As the Register reports, Rees had already been placed on probation for possession of child abuse images back in 1989, when a psychiatric report found he had the psychiatric disorder of pedophilia.

Rees went on to blackmail a further victim while on bail in 2014, according to the South Wales Evening Post.

Rees pleaded guilty to 31 offences including blackmail, distributing indecent photographs of children and computer hacking between 2010 and 2014.

Some commenters have raised the question of whether, by planting images on victims’ systems, Rees actually made it impossible to convict the child predators?

Would such an act undermine any investigations already under way?

Larry Magid, writing for CNET back in 2009, did some good work on this issue.

At the time, an Associated Press investigation found cases in which innocent people had been branded as pedophiles after child porn was found on their systems that had actually been planted by a virus.

Good computer forensics can, in fact, determine whether someone deliberately downloaded images onto their own systems or whether thousands of images might have been planted because of a virus or misdirected site.

Michael Geraghty, executive director of the National Center for Missing Exploited Children Technology Services Division, at the time told CNET that a good investigator would look at whether the suspect was actually sitting at the computer at the time the images were downloaded.

For example, was he using the computer to send email or visit other sites at the time?

Magid quoted him:

There is always some type of trail we can follow to determine if the person were likely actively involved in the process of downloading the material.

Other indications include time lapse between image downloads. When a computer forensics expert analyzed the computer of the innocent person covered in the Associated Press investigation, for example, it was revealed that the sites were opened and images downloaded faster than humanly possible.

Other computer forensics experts say it’s possible to examine the cache to determine if something was opened or saved to a file.

More evidence still can be found in search history: if a system shows no searches for child abuse images, that doesn’t quite jibe with a large collection of images.

But even if the “somebody else – a virus, maybe! – put it there” claim is actually true and not just a feeble excuse of a defense, good computer forensics cost money, and lots of it.

Take the case of Michael Fiola, the innocent man from the AP story.

Fiola and his wife fought the case, spending a total of $250,000 on legal fees. They had to liquidate their savings, take on a second mortgage, and sell their car.

Forensics showed that his laptop was severely infected.

We’re not interested in giving out advice to keep pedophiles safe, obviously.

But we do care about all you innocents, who should treat this case as yet another, very good reason to keep your system updated and protected with good security software, to protect against malware such as that Rees employed as well all the other flavors of bad that are out there.