International crackdown targets malware that infected half a million computers


A lock icon signifies an encrypted Internet connection. (Reuters/Mal Langsdon)

Federal prosecutors on Monday announced charges against five individuals accused of distributing a common malware used to infect more than half a million computers in 100 countries since 2010.

The indictments are part of a coordinated international effort, which U.S. officials call the "largest-ever global cyber law enforcement operation" and has already resulted in dozens of other arrests across the globe.

The suspected hackers have been linked to an international group trafficking the software, which has been purchased by thousands of people, said court filings released by U.S. Attorney Preet Bharara in New York City.  The malware, known as Blackshades Remote Access Tool, cost $40 on some sites. Its toolkit is capable of taking total control of a victim's computer and hijacking Web cams to secretly record what's visible.

This type of tool, commonly called RATs, is often sold in the hacker forums that make up the Internet's black market and have become notorious for their involvement in alleged "sextortion" cases in which hackers blackmail victims using photos obtained through Web cams or found on their computers. The tools are cheap and easy to use.

"Armed with $40 and a computer, an individual could easily get the Blackshades Remote Access Tool and become a perpetrator," George Venizelos, the FBI's assistant director-in-charge,  said in a statement. "It required no sophisticated hacking experience or expensive equipment."

Thomas Brown, a former assistant U.S. attorney in the Southern District of New York,  says the toolkit shows just how sophisticated cybercrime has become. "It was sort of like the Swiss Army knife of criminal hacking tools," said Brown, now senior managing director at FTI Consulting. The group that developed the software established an almost corporate-like infrastructure, including providing customer support and launching a marketing campaign, he said.

Michael Hogue, one of the co-creators of Blackshades, was arrested in Arizona in 2012. He has since cooperated with law enforcement and pleaded guilty to charges related to Blackshades in January, according to a statement from the U.S. attorney's office for the Southern District of New York. Since then, the government says, Hogue has been cooperating with law enforcement to bring the whole Blackshades operation down.

Another alleged co-creator, Alex Yucel, who the government says was the "owner" of the Blackshades organization, was among the five indictments announced Monday. Yucel was arrested in Moldova in November and is pending extradition to the United States, according to the indictment.

According to the Department of Justice, the organization pulled in $350,000 between September 2010 and April 2014.

U.S. investigators worked with international law enforcement in a coordinated takedown of the organization, in what is being billed as one of the largest cybercrime crackdowns ever. The Department of Justice statement says that more than 90 arrests have been made, along with over 300 searches worldwide as part of the ongoing investigation which has involved 19 countries.

While five U.S. indictments have been announced so far, Brown said more are likely.  "Internationally, law enforcement is saying we will coordinate to address the cybercrime threat," he said.

The others facing computer hacking charges are Brendan Johnston, who was arrested Sunday in California, and Kyle Fedorek and Marlen Rappa, who were arrested Monday in New York, federal authorities said.

Andrea Peterson covers technology policy for The Washington Post, with an emphasis on cybersecurity, consumer privacy, transparency, surveillance and open government.
Comments
Show Comments
Most Read Business
Next Story
Brian Fung · May 19