For more than two years, Alistair Peterson headed an elaborate online bank-hacking syndicate.
He was the thorn in the side of South Africa's four giant banks whose top cyber experts were left red-faced every time he hacked through several security features and accessed their "secure" banking accounts.
In a single day on December 24 2005 he swiped R9,8-million from the account of a government department. It was his first hack ever.
When he was eventually caught two years and two months later he had stashed R17-million in a bank account in Swaziland.
Peterson says he never took money from the personal accounts of individuals - his targets were always big business, trust funds and corporate accounts.
"I never needed the money, I was a software architect for a computer company where I was earning R80 000 a month. What I was doing was just for fun. It was the thrill of being able to do it," he said.
Because of the complex structure of the syndicate, Peterson got only a quarter of what they stole - and that was if his "e-mules" didn't double-cross him and run off with all the money.
Peterson - who has a BSc degree in computer sciences from Rand Afrikaans University - developed a virus called Regger.W32, which he programmed to maliciously spread itself from computer to computer, installing spyware as it went along.
The virus was able to glean people's sensitive log-in details such as PINs and passwords, and send it to a server he hosted in another country.
With this information, he was able to hack into bank accounts and transfer the stolen money into numerous beneficiary accounts, known as host accounts.
The host accounts were owned by mainly poor people who were recruited as e-mules to open bank accounts.
Peterson would transfer R19 500 at a time - more than R20 000 would require a bank manager's authorisation - to several accounts owned by e-mules, who would draw the money within minutes of transferral.
"After the account holder gets his cut, the person who recruited him gets his cut, and his hanger-on gets his cut, my cut would be only a quarter.
"Sometimes I never even got my share because the people would disappear. One time we transferred money into the account of a man who was crippled. As soon as he withdrew the money the man's leg miraculously got better, and he ran like I have never seen anyone run before," he says.
"The whole thing was based on trust," he adds.
To illustrate his point, he reckons he did not receive a cent from the R9,8-million government department hit.
"They promised me R2-million. After the job was done I never saw those guys again."
Initially, Peterson operated the syndicate with a small band of people - depositing money into poor people's accounts and taking a share. But word of his "Robin Hood"-style enterprise grew and at the peak of his operation he had thousands of mules all over the country.
"There were people I had never met in my life who would call me and say: Please put some money in my account. How they found out I don't know," he said.
But every time he hacked into an account, the more determined it made the Scorpions and the banking industry's top cyber experts to catch him.
By December 2006, after hitting several dead ends, the Scorpions were finally able to penetrate the syndicate by discovering that Peterson had recruited a Standard Bank employee.
The Scorpions turned his recruit into an informant, and set the ball rolling for an elaborate sting.
In February 2007, the informant was told to get Peterson to transfer money into three bank accounts the Scorpions and Standard Bank had set up.
The Scorpions set up a surveillance team around Peterson. They followed him to an Internet hotspot at OR Tambo International Airport.
While there, he transferred R9 500 and R11 000 into the two accounts, and as he was about to transfer R1,2-million into the third account the Scorpions busted him.
Investigators had dozens of charges against him, but knew that convicting him on all was going to be near impossible.
In April 2007, Peterson struck a plea bargain. He pleaded guilty to three charges of online fraud and money laundering, and was sentenced to eight years' imprisonment.
Part of the plea bargain was that he work with the Council for Scientific and Industrial Research, and develop an anti-virus to prevent any further attacks by Regger.W32.
In addition he would also hand back all the money he stole and help the banks secure any holes in their security system.
Having met all these conditions, Peterson was released from jail on October 4 - having served just six months of his sentence.
He says getting arrested was the best thing that could have happened to him.
"When I was doing all that nonsense, I was not sleeping. I was constantly restless, knowing the police were going to knock on my door at any moment.
"After I was arrested, I slept like a baby, and going to jail made me realise my interest lies in cyber security."
At the beginning of the year, together with the Scorpions, Peterson helped prevent online fraud that could have cost the banks more than R100-million.
He says working for the good guys has given him a new lease of life.
"While I was in jail and the guys from the bank used to pick me up and tell me to help them, I realised I really enjoyed the forensic part of computers. I loved looking for holes I could close and preventing the crooks from getting in," he said.
Recently, Peterson opened his own software development company called Goozoo Labs, specialising in Internet security solutions.