The war against cybercrime goes private

Organised cybergangs cost Britain £27bn a year, and tougher laws are proposed. But one 22-year-old has taken matters into his own hands

Crime Correspondent

He takes on international criminals, refuses to be paid, and laughs in the face of danger. He has received death threats, cracked scams and helped police make arrests. Not a bad evening's work for a man who spends his day on the car assembly line.

Xylitol – the name of an artificial sweetener – is the nom de guerre of one of a new breed of civilian amateurs taking on organised cybergangs armed only with their computer expertise, a fast internet connection and a sense of purpose.

The 22-year-old is based close to the Swiss border in the north-eastern French city of Belfort – other personal details are kept deliberately vague – and his success in tackling lucrative criminal scams has shown how blurred the lines have become between state agencies, unregulated private companies and individuals tackling the criminals who cost Britain £27bn every year, according to a report commissioned by the Government.

In last week's Queen's Speech, the Government proposed tougher laws that could lead to life sentences for cyber criminals whose activities lead to loss of life or serious damage to national security. It was a sign of the growing seriousness on the part of officials to tackle the issue.

Xylitol's work was recommended by a fellow French cyber vigilante who in turn was himself identified by a senior British cyber-security official as one of the leading lights in tackling the predominantly Eastern European world of cybercrime.

A former hacker, Xylitol changed sides in 2008 after his own computer became infected by someone trying to steal his passwords. Since then, he has long battled Russian makers of ransomware, an insidious program that locks up a computer until the user pays for a code to get back in.

It has earned him enemies, including an Algerian, Hamza Bendelladj, who was extradited to the US last year over claims that he used a computer virus to steal cash from more than 250 American banks. In a post on a forum that criticised Xylitol's work, someone using Bendelladj's Bx1 alias said: "He lives in Lyon France, I already saw him and walked beside him."

Interviewed by email, Xylitol says he has only ever been threatened online and never physically attacked. "I receive death threats sometime, but that's part of the game. I never really pay attention to that," he wrote, adding that he sometimes steered clear from identifying the instigator of a scam.

"I'm not a guy who hides in a garage," he wrote. "I've always done that for fun and entertainment. I don't see myself as someone who strikes back, or someone on a crusade after a specific group. I've a sort of ethic: don't do unto others what you don't want others to do unto you.

"The things I hate are guys without morals who try to steal money, profit from personal information and ruin people's lives in general."

Xylitol, who is currently unemployed after his assembly-line contract expired and is training for private security, unravels the code used by the scammers and online fraudsters. He says he often reports the information he obtains to "competent people" within the security sector and leaves the rest to them. He says he once received $200 from someone grateful for his work, but he sent it back. "I don't spit on money, but I don't see myself making money with a computer for the moment," he said.

Working as an independent, he says that he has "more liberty than someone who works for a company or a group. Warning people by releasing information about threats is a way to know your enemies and their techniques".

But the role of people such as Xylitol raises questions about who has the right to destroy computer infrastructure based in another nation. Troels Oerting, the head of the European Cybercrime Centre, told The Independent last month that "hacking back" should usually be the role of the state.

"You will normally see coercive power as a prerogative of the state. I can beat you, arrest you, even shoot you; I can search your house because we have rules and I have this permission. We should have the same standards with cybercrime," he said.

"We will see private sector companies able to offer services to companies asking will you please make this go away. They will make it go away. They don't adhere to the same rules that we do. I think this should be done by the police in an open and transparent way that can be scrutinised... and someone can be held liable if it goes wrong."

Start your day with The Independent, sign up for daily news emails
ebooksAn introduction to the ground rules of British democracy
Latest stories from i100
Have you tried new the Independent Digital Edition apps?

Day In a Page

Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

How Isis profits from destruction of antiquities

Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

'If we lose touch we’ll end up with two decades of the Tories'

In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea
Tunisia fears its Arab Spring could be reversed as the new regime becomes as intolerant of dissent as its predecessor

The Arab Spring reversed

Tunisian protesters fear that a new law will whitewash corrupt businessmen and officials, but they are finding that the new regime is becoming as intolerant of dissent as its predecessor
King Arthur: Legendary figure was real and lived most of his life in Strathclyde, academic claims

Academic claims King Arthur was real - and reveals where he lived

Dr Andrew Breeze says the legendary figure did exist – but was a general, not a king
Who is Oliver Bonas and how has he captured middle-class hearts?

Who is Oliver Bonas?

It's the first high-street store to pay its staff the living wage, and it saw out the recession in style
Earth has 'lost more than half its trees' since humans first started cutting them down

Axe-wielding Man fells half the world’s trees – leaving us just 422 each

However, the number of trees may be eight times higher than previously thought
60 years of Scalextric: Model cars are now stuffed with as much tech as real ones

60 years of Scalextric

Model cars are now stuffed with as much tech as real ones
Theme parks continue to draw in thrill-seekers despite the risks - so why are we so addicted?

Why are we addicted to theme parks?

Now that Banksy has unveiled his own dystopian version, Christopher Beanland considers the ups and downs of our endless quest for amusement
Tourism in Iran: The country will soon be opening up again after years of isolation

Iran is opening up again to tourists

After years of isolation, Iran is reopening its embassies abroad. Soon, there'll be the chance for the adventurous to holiday there
10 best PS4 games

10 best PS4 games

Can’t wait for the new round of blockbusters due out this autumn? We played through last year’s offering
Transfer window: Ten things we learnt

Ten things we learnt from the transfer window

Record-breaking spending shows FFP restraint no longer applies
Migrant crisis: UN official Philippe Douste-Blazy reveals the harrowing sights he encountered among refugees arriving on Lampedusa

‘Can we really just turn away?’

Dead bodies, men drowning, women miscarrying – a senior UN figure on the horrors he has witnessed among migrants arriving on Lampedusa, and urges politicians not to underestimate our caring nature
Nine of Syria and Iraq's 10 world heritage sites are in danger as Isis ravages centuries of history

Nine of Syria and Iraq's 10 world heritage sites are in danger...

... and not just because of Isis vandalism
Girl on a Plane: An exclusive extract of the novelisation inspired by the 1970 Palestinian fighters hijack

Girl on a Plane

An exclusive extract of the novelisation inspired by the 1970 Palestinian fighters hijack
Why Frederick Forsyth's spying days could spell disaster for today's journalists

Why Frederick Forsyth's spying days could spell disaster for today's journalists

The author of 'The Day of the Jackal' has revealed he spied for MI6 while a foreign correspondent