The war against cybercrime goes private

Organised cybergangs cost Britain £27bn a year, and tougher laws are proposed. But one 22-year-old has taken matters into his own hands

Crime Correspondent

He takes on international criminals, refuses to be paid, and laughs in the face of danger. He has received death threats, cracked scams and helped police make arrests. Not a bad evening's work for a man who spends his day on the car assembly line.

Xylitol – the name of an artificial sweetener – is the nom de guerre of one of a new breed of civilian amateurs taking on organised cybergangs armed only with their computer expertise, a fast internet connection and a sense of purpose.

The 22-year-old is based close to the Swiss border in the north-eastern French city of Belfort – other personal details are kept deliberately vague – and his success in tackling lucrative criminal scams has shown how blurred the lines have become between state agencies, unregulated private companies and individuals tackling the criminals who cost Britain £27bn every year, according to a report commissioned by the Government.

In last week's Queen's Speech, the Government proposed tougher laws that could lead to life sentences for cyber criminals whose activities lead to loss of life or serious damage to national security. It was a sign of the growing seriousness on the part of officials to tackle the issue.

Xylitol's work was recommended by a fellow French cyber vigilante who in turn was himself identified by a senior British cyber-security official as one of the leading lights in tackling the predominantly Eastern European world of cybercrime.

A former hacker, Xylitol changed sides in 2008 after his own computer became infected by someone trying to steal his passwords. Since then, he has long battled Russian makers of ransomware, an insidious program that locks up a computer until the user pays for a code to get back in.

It has earned him enemies, including an Algerian, Hamza Bendelladj, who was extradited to the US last year over claims that he used a computer virus to steal cash from more than 250 American banks. In a post on a forum that criticised Xylitol's work, someone using Bendelladj's Bx1 alias said: "He lives in Lyon France, I already saw him and walked beside him."

Interviewed by email, Xylitol says he has only ever been threatened online and never physically attacked. "I receive death threats sometime, but that's part of the game. I never really pay attention to that," he wrote, adding that he sometimes steered clear from identifying the instigator of a scam.

"I'm not a guy who hides in a garage," he wrote. "I've always done that for fun and entertainment. I don't see myself as someone who strikes back, or someone on a crusade after a specific group. I've a sort of ethic: don't do unto others what you don't want others to do unto you.

"The things I hate are guys without morals who try to steal money, profit from personal information and ruin people's lives in general."

Xylitol, who is currently unemployed after his assembly-line contract expired and is training for private security, unravels the code used by the scammers and online fraudsters. He says he often reports the information he obtains to "competent people" within the security sector and leaves the rest to them. He says he once received $200 from someone grateful for his work, but he sent it back. "I don't spit on money, but I don't see myself making money with a computer for the moment," he said.

Working as an independent, he says that he has "more liberty than someone who works for a company or a group. Warning people by releasing information about threats is a way to know your enemies and their techniques".

But the role of people such as Xylitol raises questions about who has the right to destroy computer infrastructure based in another nation. Troels Oerting, the head of the European Cybercrime Centre, told The Independent last month that "hacking back" should usually be the role of the state.

"You will normally see coercive power as a prerogative of the state. I can beat you, arrest you, even shoot you; I can search your house because we have rules and I have this permission. We should have the same standards with cybercrime," he said.

"We will see private sector companies able to offer services to companies asking will you please make this go away. They will make it go away. They don't adhere to the same rules that we do. I think this should be done by the police in an open and transparent way that can be scrutinised... and someone can be held liable if it goes wrong."

Start your day with The Independent, sign up for daily news emails
Latest stories from i100
Have you tried new the Independent Digital Edition apps?

Day In a Page

Fifa corruption: The 161-page dossier that exposes the organisation's dark heart

The 161-page dossier that exposes Fifa's dark heart

How did a group of corrupt officials turn football’s governing body into what was, in essence, a criminal enterprise? Chris Green and David Connett reveal all
Mediterranean migrant crisis: 'If Europe thinks bombing boats will stop smuggling, it will not. We will defend ourselves,' says Tripoli PM

Exclusive interview with Tripoli PM Khalifa al-Ghweil

'If Europe thinks bombing boats will stop smuggling, it will not. We will defend ourselves'
Raymond Chandler's Los Angeles: How the author foretold the Californian water crisis

Raymond Chandler's Los Angeles

How the author foretold the Californian water crisis
Chinese artist who posted funny image of President Xi Jinping facing five years in prison as authorities crackdown on dissent in the arts

Art attack

Chinese artist who posted funny image of President Xi Jinping facing five years in prison
Marc Jacobs is putting Cher in the limelight as the face of his latest campaign

Cher is the new face of Marc Jacobs

Alexander Fury explains why designers are turning to august stars to front their lines
Parents of six-year-old who beat leukaemia plan to climb Ben Nevis for cancer charity

'I'm climbing Ben Nevis for my daughter'

Karen Attwood's young daughter Yasmin beat cancer. Now her family is about to take on a new challenge - scaling Ben Nevis to help other children
10 best wedding gift ideas

It's that time of year again... 10 best wedding gift ideas

Forget that fancy toaster, we've gone off-list to find memorable gifts that will last a lifetime
Paul Scholes column: With the Premier League over for another year, here are my end of season awards

Paul Scholes column

With the Premier League over for another year, here are my end of season awards
Heysel disaster 30th anniversary: Liverpool have seen too much tragedy to forget fateful day in Belgium

Liverpool have seen too much tragedy to forget Heysel

Thirty years ago, 39 fans waiting to watch a European Cup final died as a result of a fatal cocktail of circumstances. Ian Herbert looks at how a club dealt with this tragedy
Amir Khan vs Chris Algieri: Khan’s audition for Floyd Mayweather may turn into a no-win situation, says Frank Warren

Khan’s audition for Mayweather may turn into a no-win situation

The Bolton fighter could be damned if he dazzles and damned if he doesn’t against Algieri, the man last seen being decked six times by Pacquiao, says Frank Warren
Blundering Tony Blair quits as Middle East peace envoy – only Israel will miss him

Blundering Blair quits as Middle East peace envoy – only Israel will miss him

For Arabs – and for Britons who lost their loved ones in his shambolic war in Iraq – his appointment was an insult, says Robert Fisk
Fifa corruption arrests: All hail the Feds for riding to football's rescue

Fifa corruption arrests

All hail the Feds for riding to football's rescue, says Ian Herbert
Isis in Syria: The Kurdish enclave still resisting the tyranny of President Assad and militant fighters

The Kurdish enclave still resisting the tyranny of Assad and Isis

In Syrian Kurdish cantons along the Turkish border, the progressive aims of the 2011 uprising are being enacted despite the war. Patrick Cockburn returns to Amuda
How I survived Cambodia's Killing Fields: Acclaimed surgeon SreyRam Kuy celebrates her mother's determination to escape the US

How I survived Cambodia's Killing Fields

Acclaimed surgeon SreyRam Kuy celebrates her mother's determination to escape to the US
Stephen Mangan interview: From posh buffoon to pregnant dad, the actor has quite a range

How Stephen Mangan got his range

Posh buffoon, hapless writer, pregnant dad - Mangan is certainly a versatile actor