Modern field guide to security and privacy

International bust targets BlackShades malware. Is your computer safe now?

The BlackShades 'RAT' made taking over a computer so easy 'even a caveman could do it,' says FBI investigator. Ninety-seven people in 16 countries have been arrested in the cyber-crime crackdown.

|
Adrees Latif/Reuters
Preet Bharara (r.), US Attorney for the Southern District of New York, points toward a display referring to 'BlackShades' malware during a news conference Monday in New York City to announce law enforcement action to target alleged creators and purveyors of the malicious computer software.

It’s every computer user’s worst nightmare – a single click of the mouse that unwittingly grants cyber-thieves full access to the user’s files, passwords, even webcams.

Thousands of cyber-criminals gained such access to at least half a million machines in more than 100 countries by tricking users into clicking on a single malicious link that surreptitiously installs a particularly insidious form of malware onto computers, according to federal law enforcement officers. 

Law enforcement agencies across the globe have launched a concerted strike against developers, distributors, and users of the nefarious BlackShades Remote Access Tool, known as the “RAT,” resulting in 97 arrests in 16 countries, as part of a multinational operation led by the Federal Bureau of Investigation, according to European and US law enforcement officials.

The US Attorney's Office in New York released documents Monday that detail charges against alleged co-creators of the RAT – Swedish national Alex Yücel and American Michael Hogue of Maricopa, Ariz. – as well as three other Americans who bought or helped sell the malware.

The FBI-led operation is part of a broader US effort  to crack down on international cyber-crime. Monday’s BlackShades announcement came in tandem with word from Attorney General Eric Holder that the US has filed it first-ever charges for economic cyber-espionage – against five individuals in the Chinese military for allegedly stealing trade secrets from American companies.

The BlackShades documents spell out a set of capabilities that the RAT extends to hackers. Among them are key-logging and form-grabbing features that deliver passwords and other login credentials to hackers, a file hijacker feature that enables hackers to encrypt files and charge victims a ransom to reopen them, and “spreader” tools that use infected computers to post malicious links to a victim’s social media accounts and spread infection via USB devices – all for an average price of $40.

The RAT’s user-friendly interface, accessible price tag, and extensive capabilities have boosted the malware's popularity among hackers, says Kevin Haley, director at Symantec Security response in Culver City, Calif., which assisted in the FBI investigation.

“Somebody with very few skills can simply click on buttons on the screen and they can retrieve anything they want from the victim’s computer,” Mr. Haley says. “They can look through the files. They can take screen shots. They can turn the webcam on. They can even break in and use your instant messaging or your social networks. They really have complete control of your computer. It’s like they are sitting at the keyboard, and they are; they’re just doing it remotely.”

Leo Taddeo, special agent in charge of the Cyber and Special Operations Division for the FBI’s New York office, told reporters Monday that the RAT software “made taking over a computer so easy even a caveman could do it.”

The FBI estimates that the RAT has enabled hackers to penetrate more than half a million computers in 100 countries since 2010.

Haley stresses that a wide range of operators have employed the RAT to meet a diverse set of endgames.

“We’ve seen it used for financial attacks in France, we’ve seen it used against political activists in Libya and Syria. We’ve seen it in multiple countries, Germany, the UK, the Netherlands, France, and on and on,” he said.

The unprecedented global effort sends an important message to would-be hackers, but it has not removed the threat, Haley cautions. Computer users, he says, should be vigilant in maintaining their Internet security systems.

Mr. Yücel faces up to 45 years in prison for his alleged roles as owner and operator of the BlackShades organization and co-creator of the RAT. Brendan Johnston of Thousand Oaks, Calif., is accused of helping to market the malware and of providing technical assistance to hackers who are using the RAT.

Prosecutors have also charged two of BlackShades’ customers with computer hacking.

Kyle Fedorek of Stony Point, N.Y., allegedly bought the RAT in September 2012 and used it to steal financial and other account information from more than 400 victims before his arrest in March.

Marlen Rappa of Middletown, N.J., also faces two counts of computer hacking.

Co-creator Mr. Hogue of Maricopa, Ariz., was arrested in June 2012 and pleaded guilty to two counts of computer hacking in January 2013. He faces a maximum sentence of 20 years, according to the newly released documents. He is currently awaiting sentencing.

Individuals who suspect they may have fallen victim to such an attack can visit www.fbi.gov for information on how to scan their computers for BlackShades files.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to International bust targets BlackShades malware. Is your computer safe now?
Read this article in
https://www.csmonitor.com/World/Passcode/2014/0519/International-bust-targets-BlackShades-malware.-Is-your-computer-safe-now
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe