The war against cybercrime goes private

Organised cybergangs cost Britain £27bn a year, and tougher laws are proposed. But one 22-year-old has taken matters into his own hands

Crime Correspondent

He takes on international criminals, refuses to be paid, and laughs in the face of danger. He has received death threats, cracked scams and helped police make arrests. Not a bad evening's work for a man who spends his day on the car assembly line.

Xylitol – the name of an artificial sweetener – is the nom de guerre of one of a new breed of civilian amateurs taking on organised cybergangs armed only with their computer expertise, a fast internet connection and a sense of purpose.

The 22-year-old is based close to the Swiss border in the north-eastern French city of Belfort – other personal details are kept deliberately vague – and his success in tackling lucrative criminal scams has shown how blurred the lines have become between state agencies, unregulated private companies and individuals tackling the criminals who cost Britain £27bn every year, according to a report commissioned by the Government.

In last week's Queen's Speech, the Government proposed tougher laws that could lead to life sentences for cyber criminals whose activities lead to loss of life or serious damage to national security. It was a sign of the growing seriousness on the part of officials to tackle the issue.

Xylitol's work was recommended by a fellow French cyber vigilante who in turn was himself identified by a senior British cyber-security official as one of the leading lights in tackling the predominantly Eastern European world of cybercrime.

A former hacker, Xylitol changed sides in 2008 after his own computer became infected by someone trying to steal his passwords. Since then, he has long battled Russian makers of ransomware, an insidious program that locks up a computer until the user pays for a code to get back in.

It has earned him enemies, including an Algerian, Hamza Bendelladj, who was extradited to the US last year over claims that he used a computer virus to steal cash from more than 250 American banks. In a post on a forum that criticised Xylitol's work, someone using Bendelladj's Bx1 alias said: "He lives in Lyon France, I already saw him and walked beside him."

Interviewed by email, Xylitol says he has only ever been threatened online and never physically attacked. "I receive death threats sometime, but that's part of the game. I never really pay attention to that," he wrote, adding that he sometimes steered clear from identifying the instigator of a scam.

"I'm not a guy who hides in a garage," he wrote. "I've always done that for fun and entertainment. I don't see myself as someone who strikes back, or someone on a crusade after a specific group. I've a sort of ethic: don't do unto others what you don't want others to do unto you.

"The things I hate are guys without morals who try to steal money, profit from personal information and ruin people's lives in general."

Xylitol, who is currently unemployed after his assembly-line contract expired and is training for private security, unravels the code used by the scammers and online fraudsters. He says he often reports the information he obtains to "competent people" within the security sector and leaves the rest to them. He says he once received $200 from someone grateful for his work, but he sent it back. "I don't spit on money, but I don't see myself making money with a computer for the moment," he said.

Working as an independent, he says that he has "more liberty than someone who works for a company or a group. Warning people by releasing information about threats is a way to know your enemies and their techniques".

But the role of people such as Xylitol raises questions about who has the right to destroy computer infrastructure based in another nation. Troels Oerting, the head of the European Cybercrime Centre, told The Independent last month that "hacking back" should usually be the role of the state.

"You will normally see coercive power as a prerogative of the state. I can beat you, arrest you, even shoot you; I can search your house because we have rules and I have this permission. We should have the same standards with cybercrime," he said.

"We will see private sector companies able to offer services to companies asking will you please make this go away. They will make it go away. They don't adhere to the same rules that we do. I think this should be done by the police in an open and transparent way that can be scrutinised... and someone can be held liable if it goes wrong."

Start your day with The Independent, sign up for daily news emails
Britain's opposition Labour Party leader Ed Miliband (R) and Boris Johnson, mayor of London, talk on the Andrew Marr show in London April 26
General electionAndrew Marr forced to intervene as Boris and Miliband clash on TV
peoplePair enliven the Emirates bore-draw
Arts and Entertainment
tvPoldark episode 8, review
ebooksA special investigation by Andy McSmith
  • Get to the point
Latest stories from i100
Have you tried new the Independent Digital Edition apps?

Day In a Page

General Election 2015: Chuka Umunna on the benefits of immigration, humility – and his leader Ed Miliband

Chuka Umunna: A virus of racism runs through Ukip

The shadow business secretary on the benefits of immigration, humility – and his leader Ed Miliband
Yemen crisis: This exotic war will soon become Europe's problem

Yemen's exotic war will soon affect Europe

Terrorism and boatloads of desperate migrants will be the outcome of the Saudi air campaign, says Patrick Cockburn
Marginal Streets project aims to document voters in the run-up to the General Election

Marginal Streets project documents voters

Independent photographers Joseph Fox and Orlando Gili are uploading two portraits of constituents to their website for each day of the campaign
Game of Thrones: Visit the real-life kingdom of Westeros to see where violent history ends and telly tourism begins

The real-life kingdom of Westeros

Is there something a little uncomfortable about Game of Thrones shooting in Northern Ireland?
How to survive a social-media mauling, by the tough women of Twitter

How to survive a Twitter mauling

Mary Beard, Caroline Criado-Perez, Louise Mensch, Bunny La Roche and Courtney Barrasford reveal how to trounce the trolls
Gallipoli centenary: At dawn, the young remember the young who perished in one of the First World War's bloodiest battles

At dawn, the young remember the young

A century ago, soldiers of the Empire – many no more than boys – spilt on to Gallipoli’s beaches. On this 100th Anzac Day, there are personal, poetic tributes to their sacrifice
Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves

Follow the money as never before

Dissent is slowly building against the billions spent on presidential campaigns – even among politicians themselves, reports Rupert Cornwell
Samuel West interview: The actor and director on austerity, unionisation, and not mentioning his famous parents

Samuel West interview

The actor and director on austerity, unionisation, and not mentioning his famous parents
General Election 2015: Imagine if the leading political parties were fashion labels

Imagine if the leading political parties were fashion labels

Fashion editor, Alexander Fury, on what the leaders' appearances tell us about them
Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

Phumzile Mlambo-Ngcuka: Home can be the unsafest place for women

The architect of the HeForShe movement and head of UN Women on the world's failure to combat domestic violence
Public relations as 'art'? Surely not

Confessions of a former PR man

The 'art' of public relations is being celebrated by the V&A museum, triggering some happy memories for DJ Taylor
Bill Granger recipes: Our chef succumbs to his sugar cravings with super-luxurious sweet treats

Bill Granger's luxurious sweet treats

Our chef loves to stop for 30 minutes to catch up on the day's gossip, while nibbling on something sweet
London Marathon 2015: Paula Radcliffe and the mother of all goodbyes

The mother of all goodbyes

Paula Radcliffe's farewell to the London Marathon will be a family affair
Everton vs Manchester United: Steven Naismith demands 'better' if Toffees are to upset the odds against United

Steven Naismith: 'We know we must do better'

The Everton forward explains the reasons behind club's decline this season
Arsenal vs Chelsea: Praise to Arsene Wenger for having the courage of his convictions

Michael Calvin's Last Word

Praise to Wenger for having the courage of his convictions