HACKING

Ransomware Creator “Tox” Reveals Who His Targets Were

The teenage hacker "Tox" says he's selling his "ransomware" operation because "I can't let this thing take me over"

© KACPER PEMPEL/Reuters/Corbis
Jun 10, 2015 at 12:01 PM ET

Last week, a teenage hacker named “Tox” who ran a business disabling people’s computers for profit announced in a PasteBin essay that he was selling his operation because it “had become too hot to handle.” At the time, we emailed him some questions to find out more about how the business works and who his customers were, and this week he responded.

“Ransomware” viruses like Tox’s have become a serious problem—as well as a “multi-million-dollar business for the hackers behind them. Earlier this year, ransomware hackers targeted police agencies in Maine and Massachusetts, taking over their computer systems until the cops coughed up the cash. As for Tox’s involvement in these system hacks, rather than doing the hacking himself, he provided “clients” with the code he developed that allowed them to hold their victims’ computers hostage.

Tox’s ransomware worked like this: People would sign up for access to his code, which they would distribute to unsuspecting victims through common file types like Word documents or screensavers. When the file was opened, it would essentially hold the computer hostage and then demand a sum of money to unlock it. Tox would receive 30 percent of the ransom, with the rest going to the user.

In a series of email exchanges, Tox told us that fellow hackers who used his ransomware virus frequently targeted people looking for child pornography because they considered them easy marks. “Pedophiles were the main target at the beginning, as it is easy to make them download a file saying it contains ‘hot pics,'” he said.

Tox wouldn’t tell us his name, age or location, but described himself as a “kid sitting in his parents’ house wreaking havoc on the Internet.” We’ve published his quotes here typos and all. He told us that after the first week of selling code, he had more than 1,000 users and infections. “It has been both exciting and frightening seeing how much interested I raised. I felt like I was living in a movie, as I had all kinds of sound [and] alerts triggered by different events,” he says. “The first few days my pc was always next to me, with several terminals monitoring the logs.”

Tox says his motivation was never money, more the challenge of seeing if he could pull it off. “Hackers are hackers because of a combination of the following reasons—challenge, fame, profit, activism. Of course, the last one has nothing to do with me,” he says. “At first I didn’t think I would have had such a big success, so fame was not a motivation, either. Challenge is what prompted me to set up all this. I had to find out whether this would have worked as I thought. Profit was just an accessory, it has never been my focus, although I can’t say I don’t like it.”

He says the majority of users were in it for the money, and they wanted to buy “stupid things” like guns and “luxury stuff.” Tox said he plans to use his profits—he didn’t tell us how much he made—to travel the world “with my bag and my tent, dirty and smelly, while keep studying.” According to Tox, the majority of the users “were just script kiddies trying to make some bucks, others were skilled spammers, and a few were real hackers who used advanced techniques to spread the virus.”

The hacker says he taught himself to program viruses about three years ago but his main focus is web development. He says he enjoyed the brief notoriety not only because of the excitement and money, but because it allowed him to interact with other hackers who shared their knowledge in an informal setting via-the chat section of Tox’s dark net site, which has since been taken down. It was only accessible via the anonymized browser Tor.

“At the beginning I had to answer questions and help users, but after a few days my users were helping each other and I just had to answer to private messages,” Tox says. “It was incredible how those people were talking about the platform and even about non-related stuff. For example, they talked about the Ulbricht sentence, they shared opinions and in that moment, they were not black hats, script kiddies or whatever, they were just normal people discussing freely, I liked that.”

Tox says he decided to abandon his creation because “I don’t have much experience with these things, and I’m sure there’s always somebody one step ahead of me.” He says that the ransomware “business model” goes against his ethics. “It’s been cool for a while, but I can’t let this thing take me over,” he says.

Read More:

Teen Hacker Selling Ransomware Used To Hold 1,000 Computers Hostage (Vocativ)

ISIS Has Anonymous In Its Crosshairs (Vocativ)