Kentucky man jailed following international cyber investigation

Kentucky man jailed following international cyber investigation

An American cybercriminal who developed malicious software purchased by more than 8,500 people in 82 countries worldwide has been sentenced to 30 months in prison and ordered to forfeit more than $100k and $725k worth of bitcoin following an investigation led by the South West Regional Cyber Crime Unit (SW RCCU) working alongside Europol, the National Crime Agency, FBI and US Attorney’s Office, Kentucky .

Colton Grubbs, 21, from Kentucky, USA, pleaded guilty to conspiracy to illegally access computers, concealing evidence and money laundering.  He also admitted making more than $150k from his crimes.

Grubbs initially claimed his software, LuminosityLink, was a legitimate remote access tool, the sort of software that enables a company’s technical support team to log on to a user’s computer to fix a problem.  However, the evidence of its malicious capabilities was stacked against him and he changed his plea to guilty. 

For $39.99, purchasers of LuminosityLink were able to download passwords and usernames from victims’ computers, log all keystrokes, use victims’ computers to ‘mine’ cryptocurrency and, perhaps most disturbing of all, secretly activate cameras and microphones to record victims in their own homes.

Its anti-detection features meant no notifications to victims that it was installed or running on their computers, it restarted when their computers were turned on, and it would not be picked up by antivirus software.  So, victims would have no idea someone was accessing their devices.  

The SW RCCU’s investigation began in Autumn 2016 after officers found the hacking tool installed on a computer seized as part of a separate case and set out to identify its developer.  By the following July they were working alongside the FBI arresting Grubbs, who worked under the alias ‘KFC Watermelon’, and the Kentucky home that he shared with his parents. 

Detective Sergeant Jon Atkin, who led the investigation for the SW RCCU said: “Identifying, arresting and building a case against Grubbs was just the start.  We were also faced with the fact that more than 8,500 people worldwide had purchased this malware.  What were they using it for?

“After months of evidence gathering, we were able to disseminate intelligence packages about known LuminosityLink purchasers to 82 countries for action.  In our region, 12 search warrants were carried out across our five force areas and three investigations remain ongoing into offences including possession of indecent images of children, unauthorised access to computers and voyeurism.  Such outcomes are likely to be mirrored on an international scale.”

Working for positive Cyber Futures

The investigation also identified a number of young people in our region who had bought LuminosityLink out of curiosity, but were on the brink of committing serious offences.  Our Cyber Futures team worked with them…

Cyber Futures Lead PC Lloyd Nethercott, based at the SW RCCU, said:

“For a young person to say they want to be a hacker causes all sorts of dread and worry for parents. They often see this as criminal-related and worry for their child’s future.  They certainly struggle to have a meaningful conversation about it, which can lead to frustration and even resentment from young people.

“The truth is, hacking can very much be a criminal pathway, with severe consequences, but it can also be a lawful, productive and lucrative career with fantastic employment opportunities.

“This is why we created our initiative. We wanted to work with young people, their parents and teachers to ensure that all concerned have the information to make positive choices over their own cyber futures.”

To protect against the threat of Remote Access Trojans and other similar malicious software, follow the below advice:

  1. Keep all your software updated regularly, including operating systems, security software and web browsers.
  2. Only download apps and software from sources you can trust.
  3. Ensure that your device’s firewall (if available) is active and correctly set up.
  4. Do not open suspicious email attachments, even if you think a message is coming from somebody you know. Attachments and links can be rigged with malware. Same goes for clicking on URLs, whether they are in emails, text messages or on social media: any of these could be infected.
  5. Create strong passwords, for example use the ‘ThreeRandomWords’ Technique. Do not share your passwords with others, and do not reuse passwords across accounts.  
  6. Use Two-Factor Authentication where possible, this makes it significantly harder for criminals to gain access to online accounts.

If you have experienced cyber crime report it to ActionFraud, the UK’s national cyber crime reporting service, at or call at 0300 123 2040.