The Man Who Extorted Millions with Adult Ads

March 2013.

A banker in London clicks an adult video

ad. Police badges flood his screen

noting illegal content. His webcam

activates and his face appears next to

the accusation. Pay £400 or be

registered as a sex offender. He pays

immediately, terrified of losing

everything. But he's victim number 4,247

just today. Across 20 countries, the

same ransomware is hitting 10,000

computers per hour. By month's end,

70,000 people will pay. The mastermind

isn't a Russian mafia or North Korean

hackers. It's Zayn Kaiser, a 19-year-old

who failed out of computer science still

living in his parents' house and

barking. He's hijacked Google, Pornhub,

and Yahoo's own advertising networks to

deliver his weapon. When ad companies

try to stop him, he dodoses their

servers, costing them millions. And when

police raid his bedroom, they find

something that makes their blood run

cold. How did a teenage dropout

weaponize the internet's advertising?

And why couldn't tech giants stop him?

Zin Kaiser slouches over a Dell laptop

in his parents semi- detached house at

47 Ripple Road, barking. It's September

2012 and the 18-year-old has just

dropped out of Roampton University's

computer science program after failing

his first year exams. While his former

classmates return to campus, Zayn

descends into hack forums under the

username KG.

A sticky thread catches his eye. Reviton

ransomware, $10,000 weekly income

guaranteed. The post describes a new

scam sweeping Europe. malware that

impersonates law enforcement and demands

payment for viewing illegal content.

Where others see a criminal scheme, Zayn

sees a business model. King messages the

thread's author, a Russian-speaking

coder named Slavic, operating from

Krasnodar. Slavic's crew has perfected

the ransomware, but struggles to

distribute it beyond Russian porn sites.

They need someone who speaks native

English and understands Western

advertising networks. Z proposes a

partnership in broken Google Translate

Russian. He'll handle distribution

through legitimate ad networks if

[music] they provide the technical

infrastructure. We don't know what King

exactly told them, but within 72 hours,

Slavic grants him admin access to their

Anglr Exploit Kit server, a $43,000

piece of black market software that can

detect and exploit 37 different browser

vulnerabilities. The Russians will

maintain the malware. Zayn will get it

in front of victims, splitting the

revenue 50/50.

Zayn registers his first shell company,

Punch Media Limited, using a fake

passport he purchases for £800 from a

forger in Birmingham. The passport shows

his photo but lists his name as Amar

Singh, complete with a fabricated

address in Houndslow. He opens a

business bank account at Barclays,

deposits £5,000 borrowed from his uncle,

claiming it's for a web design startup,

and crafts his pitch email. On October

3rd, 2012, he sends identical messages

to 47 advertising networks. Punch Media

seeks to purchase premium display

inventory on entertainment websites, a

tiny budget of £50,000 monthly.

The email includes a professionallook

website he built in 4 hours and a

company's house registration number.

Traffic Junkie, the internet's second

largest adult advertising network,

responds within 6 hours. They manage ad

inventory for Pornhub, Red Tube, and

Upuporn, sites that collectively receive

4.4 billion visits monthly. Zayn

schedules a Skype call with their

account manager for the next morning. He

practices his pitch, modulating his

voice to sound older, rehearsing

technical jargon he's memorized from

advertising blogs. The call lasts 14

minutes, and they approve his account on

the spot. They even assign him a

dedicated account representative [music]

and offer a 15% discount for prepaying.

Z wires £10,000 that afternoon. On

October 17th, 2012, Zayn uploads his

first malicious banner ad, a 728x 90

pixel rectangle advertising free HD

videos. The ad contains an invisible

iframe with JavaScript that redirects

users to the Angr server Slavic

controls. He sets the campaign to run on

Pornhub between midnight and 6 a.m. GMT,

targeting users in the UK, USA, Canada,

and Australia. Geographic targeting

costs extra, but these countries have

the highest payment rates. He allocates

£500 for the first night, enough to

display his ad 2 million times. His

hands shake as he clicks launch

campaign. The ad goes live and 2 minutes

later, the Angr dashboard registers its

first successful exploitation. A user

running Internet Explorer 8 on Windows

XP in Birmingham. 5 minutes later, that

same user submits a Ukash payment for

£400. Zayn has earned £200 in 7 minutes.

By sunrise, £1,847

users have encountered his ransomware

and 89 have paid. His cut was 17,800

for 6 hours of work. He messages Slavic,

"We're going to be rich." But can a

teenager really sustain this operation

without attracting attention? And what

happens when the ad networks discover

what he's really selling? Speaking of

discovering what's really valuable, Zayn

failed out of computer science after one

year. But here's the thing, he didn't

fail because coding was too hard. He

failed because traditional computer

science programs are boring as hell and

bored learners quit. Which is exactly

why I've been using boot.dev. And

honestly, it's the most addictive way

I've found to actually learn back-end

development. I'm not just reading this

off a card. I've been grinding through

their Python and SQL courses, and

they've gified the whole experience.

You're earning XP, leveling up, fighting

bosses while writing actual production

level code. It's like if Zayn had put

his hack forums energy into something

legitimate.

They just launched the training grounds

where you can drill infinite practice

challenges. And Boots, this AI bear

wizard, actually knows the full context

of what you're learning. So, he guides

you instead of just handing you answers.

The median back-end developer salary is

over $100,000.

And Boot.dev takes you from zero to

hirable with hands-on projects, not just

theory. All content is free to read.

Paid membership unlocks the interactive

features, progress tracking, and that

game layer that keeps you coming back.

Go to boot.dev and use code black files

to get 25% off your entire first year.

They've got a 30-day refund policy, so

there's literally no risk. Now, back to

Zayn. Because while legitimate coders

are building careers, he's about to

learn that ad networks have fraud

detection systems specifically designed

to catch operations like his.

The money flows faster than Zayn can

launder it. By December 2012, his Angr

dashboard shows 400,000 successful

infections across 20 countries. Payment

conversion hovers at 4.8%.

Astronomical for any online business.

The ransomware adapts like a chameleon.

Americans see FBI badges and demands for

money pack payments. Germans face BKA

warnings requiring pay safe card.

Japanese victims encounter national

police agency logos requesting Bitcash.

Each localized version uses that

country's actual criminal code

citations, court case numbers, even the

names of real judges. Slavic's

programmers scraped this information

from government websites, making the

threats terrifyingly authentic. One

version targeting France includes a fake

timer counting down to automatic

prosecution. A psychological trigger

that increases payment rates by 31%. The

technical precision is surgical. When

users land on Pornhub at 1 a.m., Zay's

invisible iframe loads faster than the

actual video content, 43 milliseconds on

average. The Angller kit probes their

system like a doctor checking vital

signs, browser version, installed

plugins, operating system patches. It

maintains a database of 1,200 known

vulnerabilities updated daily by

Slavic's team who reverse engineer

Microsoft and Adobe security bulletins.

If Angler detects a vulnerable Flash

Player version, it deploys an exploit.

The victim never sees this happening.

Their screen simply freezes, then fills

with the ransomware's accusation. The

webcam activation isn't real, just a

static image. But victims don't know

that. Traffic Junkie notices anomalies

by January 2013. Their fraud detection

system flags Punch Media's campaigns for

irregular user behavior. Specifically,

users who click ads but never return to

the original website. Their team emails

Zane requesting clarification. He

responds within minutes with a 2,000word

explanation about brand awareness

campaigns and upperfunnel marketing

strategies. Drowning in advertising

buzzwords he's learned from marketing

week articles, he attaches fabricated

performance reports showing improving

brand lift metrics, the company,

overwhelmed and under pressure to hit

quarterly revenue targets marks the

account as verified priority advertiser.

If you're hitting this channel with a

like right now, you're already three

steps ahead of these ad networks because

understanding these schemes protects you

from becoming the next victim. The

operation scales beyond Zayn's wildest

projections. He registers 12 more shell

companies, Dynamic Media Solutions,

Crystal Advertising, Phoenix Digital

Marketing. Each uses different forged

documents, different bank accounts at

Barclays, HSBC, and Lloyds, different

directors [music]

who are all actually Zay wearing various

disguises in passport photos. He hires

two money mules through local Bitcoins

forums, university students who think

they're doing payment processing for an

e-commerce company. They convert victim

payments from Ukash, Money Pack, and Pay

Safe card into Bitcoin, taking [music]

5% commission. The Bitcoin flows through

six mixing services before reaching

wallets controlled by Zayn and Slavic's

crew. By March 2013, they're processing

£45,000 daily. Zion's lifestyle

transforms overnight. The teenager who

couldn't afford university textbooks now

wears an 8,000lb Rolex Submariner. He

leases a white BMW M4 for £1,200

monthly, telling his parents it belongs

to a friend. His bedroom fills with

packages from Herods and Selfridges.

Designer clothes he can't even wear

without raising suspicions. He books

first class flights to Dubai, Amsterdam,

Barcelona, always traveling alone,

always paying cash. Hotel records show

he spent £67,000 on a twoe stay at the

Burjalab.

Friends think he's won the lottery or

deals drugs. But the truth is more

lucrative and more dangerous than they

imagine. How long can a teenager flash

this much wealth before someone asks

where it came from? And what [music]

happens when ransomware victims start

fighting back instead of paying up?

April 2014,

Chad Wilkins, Traffic Junky's new

security director, discovers something

that makes his blood run cold. While

investigating user complaints, he traces

redirect chains from Punch Media's ads

to in specific IP address listed in 16

threat intelligence databases as an Angr

exploit kit command server. He pulls

Punch Media's payment history and sees

£847,000

transferred over 18 months. Every penny

funded malware distribution. Chad

immediately suspends the account and

alerts law enforcement. Zayn's phone

buzzes with the account termination

email at 3:17 p.m. By 3:19 p.m., he's

typing a response that will haunt Chad

for years. Reverse this decision within

24 hours or I will destroy your company.

The first attack hits Traffic Junky's

servers 16 hours later. 400 Gbits per

second of junk traffic, enough to crash

Netflix, floods their infrastructure.

Their content delivery network

collapses. Pornhub goes offline.

Millions of users worldwide can't access

the site. Every minute of downtime costs

Traffic Junkie £8,000 in lost ad

revenue. Chad's phone rings non-stop.

Angry executives, panicking engineers,

confused customers.

The attack continues for 72 hours with a

total damage of 726,000.

A second email arrives from Zayn. This

was a warning. Restore my account or the

next attack will be permanent. Chad

faces an impossible choice. Enable a

criminal or watch his company burn.

Traffic junkie capitulates. They quietly

reactivate Punch Media's account with

restrictions. Lower spending limits.

Manual campaign approval, but Zayn has

already moved on. He's simultaneously

running campaigns on 15 other networks.

Exoclick, Adex expansion, Juicy Ads, Pop

Ads. When Pop Ads bans him in May 2014,

he retaliates by hijacking their CEO's

email through a spear fishing attack,

sending child exploitation material to

their entire contact list from the CEO's

address. The CEO, Marcus Webb, receives

death threats from his own business

partners who think he's a pedophile. His

reputation never fully recovers. When

Adex expansion blocks Zayn's campaigns,

he exploits an SQL injection

vulnerability in their billing system,

stealing credit card details for 50,000

advertisers. He doesn't use the cards,

just sends screenshots to Adexpansion's

board of directors with a threat.

Meanwhile, 3,400 m away in Washington

DC, FBI special agent Jennifer Martinez

assembles Operation Shrouded Horizon, an

international task force targeting

ransomware operations. Her team includes

investigators from the Secret Service,

DEA, tracking money flows, Europole, and

crucially Britain's National Crime

Agency. They've been monitoring Russian

language forums where Slavic's crew

operates. In March 2014, they arrest

Slavic's cousin in Miami carrying a

laptop with Angler source code. Under

interrogation, he reveals communication

logs with someone called King, a native

English speaker who handles Western

territories. The logs include

cryptocurrency wallet addresses that

blockchain analysis links to UK-based

exchange accounts. The NCA's cyber crime

unit takes over the UK investigation.

Detective Inspector Paul Stevens obtains

surveillance warrants for cryptocurrency

exchanges, revealing account holder

Amomar Singh, whose IP address traces to

47 Ripple Road Barking. Physical

surveillance begins April 28th, 2014.

Agents photograph Zayn entering and

leaving the house, matching his face to

passport applications for both Zin

Kaiser and Amar Singh. They intercept

his mobile phone metadata, showing calls

to known moneyers and dark web vendors.

On May 15th, 2014, undercover officers

posing as wealthy criminals approach

Zayn at a Bitcoin ATM in Shor Ditch,

offering to buy 100,000 in

cryptocurrency. He agrees without

hesitation, providing bank details for

wire transfers. The trap is set. July

9th, 2014, 4:47 a.m. Zayn wakes to his

bedroom door exploding off its hinges.

Eight NCAA officers storm in, securing

him before he can reach his laptop.

Detective Stevens finds the MacBook Pro

still logged in. A miracle since Zayn

configured it to auto encrypt after 60

seconds of inactivity. The screen shows

three windows. His Barclay's business

account with a balance of £367,000.

A Bitcoin exchange £427 BTC worth

£170,000

in 2014. but 42 million on 2025. And

most damning, an admin panel for Dynamic

Media Solutions logged into Traffic

Junkie. They arrest him for fraud, money

laundering, and Computer Misuse Act

violations. In the police car, Zayn

makes one request. Can you tell my

parents I've been selling drugs instead?

But why would hardened investigators let

a 20-year-old cyber criminal make any

requests at all? And how does someone

caught red-handed still manage to evade

justice for four more years?

The MacBook Pro becomes a battlefield.

NCA forensic analyst discovers Zayn has

configured the laptop like a Russian

nesting doll of encryption. The main

drive runs Mac OS with File Vault 2

encryption. [music] Inside that, a

virtual machine runs Ubuntu Linux with

LUKS encryption. Inside that, another VM

runs Tails. The amnesic incognito live

system designed to leave no traces

inside that encrypted containers hide

the actual evidence. Each layer requires

different passwords. Without them, the

data might as well not exist. Zayn

refuses to provide passwords, claiming

he's forgotten them under stress. UK law

allows authorities to imprison [music]

suspects who won't decrypt devices, but

Zayn's lawyer argues his client has

autism spectrum disorder and genuinely

can't remember complex passwords during

anxiety episodes. While forensics

struggle with the laptop, Zayn posts

£50,000 bail and returns home on strict

conditions, no internet access, daily

police station check-ins, [music] and

surrendered passport. He immediately

violates these terms. Using a hidden

phone he purchased before arrest, he

contacts Slavic through Telegram.

Compromised. Delete everything. Slavic's

crew shuts down their entire operation,

destroying servers in Russia, Romania,

and Netherlands. They've made 12

million. Time to disappear. Zayn then

accesses backup cryptocurrency wallets

using seed phrases he's memorized,

moving 2,000 Bitcoin to new addresses.

At July 2014 prices, that's £800,000.

The authorities will never recover.

September 2014 brings a breakthrough.

The analyst discovers Zayn made one

crucial mistake. He used the same

password for his MacBook user account

and his iPhone backup stored on the

laptop. The password is K1G dollar

SWorld 2012. And this unlocks the first

encryption layer, revealing browser

histories, email archives, and

crucially, a password manager containing

credentials for everything else. The

digital fortress crumbles. Inside,

investigators find 3,847

pages of chat logs with Slavic's crew,

including conversations where Zayn brags

about specific ransomware campaigns.

Screenshots show Angller's admin panel

tracking 70 million infection attempts.

4.4 million successful exploits,4.1

million pounds in collected ransoms. A

spreadsheet details payments to money

mules, Bitcoin mixing services, even the

forger who created fake passports. One

folder [music] contains 147 threatening

emails Zayn sent to companies [music]

that banned his ads. The Crown

Prosecution Service takes 2 years to

build an airtight case, analyzing every

transaction, every victim complaint, and

[music] every line of code. They

identify victims across 20 countries,

but focus on 700 British citizens who

can testify. The charges filed in 2017

include 11 counts. Blackmail, fraud by

false representation, money laundering,

converting criminal property,

unauthorized computer access, impairing

computer operation, possession of

articles for fraud, threatening to

destroy property, and making threats to

kill. The maximum sentence, if convicted

on all counts, is 45 years. Zayn's trial

is scheduled for February 2018. Then

Zayn plays his final card. Days before

trial, he attempts suicide by overdose

and is admitted to Goodmeaz Hospital's

psychiatric unit. Psychiatrists diagnose

him with severe depression, anxiety, and

autism [music] spectrum disorder. The

trial is postponed. While supposedly

receiving treatment, staff catch Zayn

using the hospital's patient computer

lab to access local bitcoins through

tour attempting to sell £300,000 in

cryptocurrency.

He's also messaging someone in Pakistan

about purchasing diplomatic immunity

through a Caribbean island nation

selling citizenships.

The hospital revokes his computer

privileges. Two weeks later, they catch

him using a smuggled smartphone to

continue his schemes. This time, there's

no mercy. In December 2018, prosecutors

offer a plea deal, plead guilty to all

charges, cooperate with ongoing

investigations into Slavic's crew, and

receive a reduced sentence. Zen accepts,

knowing the evidence is overwhelming.

On April 9th, 2019, he stands before

Judge Timothy Lamb at Kingston Crown

Court. Prosecutor Kevin Barry calls him

the most significant cyber criminal ever

prosecuted in the UK. Defense barrister

James Scobby argues his client was a

vulnerable young man by older Russian

criminals. Judge Lamb dismisses this

narrative. You were the western arm of

this operation. Without you, it would

not have succeeded. The sentence is

clear. 6 years and 5 months in prison.

Zen shows no emotion as guards escort

him to the cells. Zen Kaiser was

released on license in 2021 after

serving half his sentence. He's banned

from using encryption software,

accessing dark websites, or possessing

more than one mobile phone. He was

unable to leave the United Kingdom until

mid 2025.

His victims, scattered across the globe,

never recovered their money. The banker

from our opening still checks his webcam

LED obsessively, covering it with tape

when not in use. He's never told anyone

about that night. Millions of others

carry the same secret shame. All because

one dropout figured out how to weaponize

[music] advertising, the internet's most

trusted ecosystem.

The kid who called himself king proved

that you don't need [music] technical

genius to break the internet. Just the

audacity to exploit the systems everyone

else trusts. But Zayn wasn't the only

teenager running circles around law

enforcement. While Zayn was extorting

millions through fake police warnings,

another young hacker was doing something

even more audacious, scamming the actual

FBI.

That's the story of Maxim Papov, the

Ukrainian prodigy who sold the FBI fake

cyber crime intelligence for $150,000,

convinced them he was their best

informant, then used their own money to

fund his hacking operations. Click here

to discover how a 20-year-old fooled

America's top investigators into paying

for their own infiltration. And once

again, huge thanks to boot.dev for

sponsoring this video. If you want to

learn to code the fun way, check out

that link in the description.