As the leader of a shadowy online criminal gang, Alex Yucel sold “Blackshades” malware to hackers seeking to steal identities and secretly control computers.
As a prison inmate, he may occasionally get to send e-mail.
Yucel was sentenced Tuesday to four years and nine months in a U.S. prison after pleading guilty to computer hacking. He sold his malicious software, known as the Blackshades Remote Access Tool, or RAT, to thousands of customers who used it to infect more than 500,000 computers.
“We rely on our computers as an extension of how we live our lives,” U.S. District Judge Kevin Castel in Manhattan said at a sentencing hearing. “This is spreading misery to the lives of thousands.”
Prosecutors had asked the judge to sentence Yucel, a Swedish citizen who was arrested in Moldova in 2013 and extradited to the U.S., to as long as seven years and three months in prison.
Yucel, who has already served 13 months in U.S. custody after being held for a month in Moldova, asked for a term of 2 1/2 years. His lawyer told Castel that Yucel’s mother is very ill and not expected to live much longer. He said his client is sorry for his crime and won’t break the law again.
Yucel, 25, was among 90 people arrested in a U.S.-led crackdown on the Blackshades RAT that was announced last year. He pleaded guilty in February. Michael Hogue, who helped Yucel create the software, pleaded guilty and agreed to cooperate with the government. He’s due to be sentenced next month.
Three New York-area Blackshades customers were arrested and charged. Juan Sanchez pleaded guilty to using the RAT to spy on his girlfriend and was sentenced to one year’s probation. Kyle Fedorek admitted using it to steal user names and passwords. He got two years in prison. Marlen Rappa was sentenced to a year after pleading guilty to spying on unsuspecting women through their webcams.
Blackshades users paid $40 for the malware, prosecutors said. The program used tools called “spreaders” to infect other computers through instant messages or links on social websites that appeared to come from the victims’ friends and contacts. It contained a “keylogger,” which allowed users to record their victims’ keystrokes and gain access to account numbers and passwords.
The software also had a tool called a “file hijacker,” which allowed users to encrypt their victims’ computer files and then demand payment to unlock them.
The case is U.S. v. Yucel, 13-cr-00834, U.S. District Court, Southern District of New York (Manhattan).