U.S. Malware Probe Yields Dozens of Global ArrestsBob Van Voris and Patricia Hurtado
Law enforcement officials in more than a dozen countries arrested about 90 people in a U.S.-led crackdown on the makers and users of software designed to steal identities and remotely control computers without their owners’ knowledge.
The U.S. government today unsealed charges against five people, including Alex Yucel, 24, alleged to be the co-creator of the Blackshades Remote Access Tool. The malware, known as RAT, gives users access to computer files and lets them activate webcams to spy on the computer’s owners, according to the charges.
“Deciding between a RAT, a host booter, or controlling a botnet has never been easier,” said one online ad for the Blackshades RAT in discussing different types of malware which was cited by the Federal Bureau of Investigation. “With Blackshades … you get the best of all three -- all in one with an easy to use, nice looking interface.”
The Blackshades RAT, which cost $40, was purchased by thousands of users in more than 100 countries since 2010, according to the government. The RAT was used to infect more than 500,000 computers worldwide, the government said.
German officials raided 111 sites in the Blackshades investigation, the Frankfurt general prosecutors’ office said in a statement today. There were 67 raids in France, 38 in Belgium, 34 in the Netherlands, 27 in Finland, 14 in Canada, 10 each in Denmark and the U.S., and six in the U.K., according to the statement.
An undercover FBI agent got a copy of the RAT from William Hogue, 23, the other co-creator of the software. Hogue was arrested in 2012 in Arizona in an earlier investigation called “Operation Cardshop.” He pleaded guilty to two counts of computer hacking, the U.S. said. He’s cooperating with the government investigation in a bid for leniency in sentencing.
The latest FBI investigation also included physical search warrants, more than 100 e-mail search warrants, the search of a computer server controlled by Blackshades and the seizure of more than 1,900 Internet domain names used by buyers of RAT to control victims’ computers.
“The charges unsealed today showcase the top to bottom approach the FBI takes to its cases,” George Venizelos, FBI assistant director, said in an e-mail. “We tackled this malware starting with those that put it in the hands of the users -- the creators -- and those who helped make it readily available -- the administrators.”
The Blackshades RAT used tools called “spreaders” to infect other computers by using instant messages or links on social websites which appeared to come from the victims’ friends and contacts. It contained a “keylogger,” which allowed users to record their victims’ keystrokes and gain access to account numbers and passwords. The software also had a tool called a “file hijacker,” which allowed the users to encrypt their victims’ computer files and then demand payment to unlock them.
Yucel, a Swedish citizen, was charged with five crimes, including conspiracy, distribution of malicious software, access device fraud and aggravated identity theft. He was arrested in Moldova in November, according to Jerika Richardson, a spokeswoman for U.S. Attorney Preet Bharara in Manhattan. He remains in custody there awaiting extradition.
If convicted, Yucel faces as long as 15 years in prison on the access device fraud charge.
In addition to Yucel and Hogue, prosecutors said they have charged a Blackshades employee, Brendan Johnston, who allegedly marketed and sold the RAT and other malware and provided technical help to users.
Also charged are two New York-area buyers of the Blackshades RAT. Prosecutors claimed Kyle Fedorek, 26, of Stony Point, New York, used the software to steal online financial information. Marlen Rappa, 41, of Middletown Township, New Jersey, used it to spy on at least 45 victims through their computer webcams and to steal sexually explicit photographs.
Johnston was arrested yesterday in Thousand Oaks, California. Fedorek and Rappa were both arrested at their homes today.
Blackshades had sales of more than $350,000 from September 2010 to April 2014, according to prosecutors.
“As today’s case makes clear, we now live in a world where, for just $40, a cyber-criminal halfway across the globe can -- with just a click of a mouse -- unleash a RAT that can spread a computer plague not only on someone’s property, but also on their privacy and most personal spaces,” Bharara said in a press conference today.
The Yucel case is U.S. v. Yucel, 13-cr-00834, U.S. District Court, Southern District of New York (Manhattan).