UK Security Analyst Sentenced to 43 months in Prison in Failed Crypto Blackmail Attempt

• Ashley Liles, a UK-based security analyst, attempted to blackmail his employer, Oxford Biomedica, diverting a hacker’s ransom attempt to his own bitcoin wallet. His actions led to substantial reputational damage and cost the firm £245,000.
• Upon discovery of his actions, Liles tried to erase his digital tracks but was unsuccessful. He was sentenced to 43 months in prison, will serve half of his sentence, and be released under strict licensing rules.

British security analyst, 27-year-old Ashley Liles, who attempted to swindle his workplace, Oxford Biomedica, for £300,000 (equivalent to $390,000) has been penalized with a prison sentence of almost four years.

Liles pleaded guilty in May to charges of unauthorized modification of computer material and blackmail, relating to an attack on the Hertfordshire-based gene therapy company in early 2018. Ironically, the security analyst was originally part of the team investigating the data breach. Rather than identifying the true instigator, Liles manipulated the situation to his benefit, replacing the authentic blackmail email and altering the payee address.

Oxford Biomedica’s CEO asserts that the underhand actions of Liles inflicted financial costs and reputational damages of approximately £245,000.

Investigations reveal that Liles accessed the email account of Peter Nolan, Oxford Biomedica’s former business officer, 320 times within the span of March 2 to March 9, 2018. In that period, he switched the details of the hacker’s crypto wallet to his own, in a bid to misdirect the crypto ransom.

In addition to this, Liles set up an email account imitating the original hacker’s address to pressurize the company into paying the demanded ransom. However, Oxford Biomedica refused to buckle and did not submit any crypto.

Despite feigning cooperation during the breach investigation, the authorities quickly unearthed evidence that Liles was infiltrating Nolan’s emails through the company’s computer system. When he realized law enforcement was closing in, Liles made an unsuccessful attempt to erase any data connecting him to the crime. At the point of arrest, his computer, laptop, phone, and USB stick were confiscated.

On July 11, Liles received a 43-month prison sentence. He will be required to serve half of this period before being released on licence, under which strict regulations must be obeyed.

Liles’ defence lawyer suggested his client’s ‘lack of maturity’ as a potential factor behind his actions, stating that “He’s not had any financial gain and he’s lost a huge amount — a good career, a good name,” while adding that Liles himself was struggling to grasp why he committed these offences.