5 scary things about the ‘Blackshades’ RAT


A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture. (Kacper Pempel/Reuters)

On Monday, in what was called largest ever international cyber crackdown, law enforcement officials announced that more than 90 people were arrested in 19 countries for use and distribution of malicious software that has infected more than 500,000 computers worldwide.

U.S. authorities arrested Alex Yucel, the 24-year-old Swedish man who helped create the malicious software or “malware” – his partner, Michael Hogue, was nabbed in 2012 – along with Brendan Johnston,  Marlen Rappa and Kyle Fedorek, who were charged with hacking.

The Blackshades Remote Access Tool, or RAT, which targets Microsoft Windows-based operating systems, allows cybercriminals to take control of your computer. Once inside, they can spy on you through your web camera, steal your files and account information and see what you are typing.

You don’t have to be a sophisticated hacker to wreak havoc with the tool, which has been sold via PayPal for as little as $40. “Blackshades was a tool created and marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag,” wrote Brian Krebs of Krebs on Security. “The product was sold via well-traveled and fairly open hacker forums, and even included an active user forum where customers could get help configuring and wielding the powerful surveillance tool.”

 

“The RAT is inexpensive and simple to use, but its capabilities are sophisticated and its invasiveness breathtaking,” said U.S. Attorney for the Southern District of New York, Preet Bharara, in a press release. “As today’s case makes clear, we now live in a world where, for just $40, a cybercriminal halfway across the globe can – with just a click of a mouse – unleash a RAT that can spread a computer plague not only on someone’s property, but also on their privacy and most personal spaces.”

What do you need to know about Blackshades?

1. It’s just a tricked-out version of a really common tool.

Anyone can buy a remote access tool. Office IT departments use RATs so they can fix problems with employees’ computers when they don’t happen to be in the office. The difference is that the IT guy has administrative access – he isn’t sneaking into your computer without permission.

Hackers, however, infect their victims with Blackshades by tricking them into clicking links that install the malware, or by hiring others to install the RAT.

Once installed, cybercriminals can lure other victims by sending malicious links through the first victim’s social media accounts. The instant message or e-mail would look like it came from the victim, making it more likely that the recipient would click on it.

Unlike regular RATs, Blackshades includes sinister bells and whistles such as Java exploits and the ability to launch DDoS attacks. It can be used to encrypt and lock files, forcing users to pay ransom to regain access. The program also modifies itself to elude antivirus software.

“It was sort of like the Swiss Army knife of criminal hacking tools,” Thomas Brown, senior managing director at FTI Consulting and former assistant U.S. attorney for the Southern District of New York, told The Washington Post’s Andrea Peterson.

2. It’s been used for sextortion.

Remember Miss Teen USA, Cassidy Wolf? She was a victim of Blackshades. A 20-year-old kid named Jared James Abrahams used Blackshades to take nude photos of Wolf and others through their webcams. He threatened to post the photos online if the girls refused to video chat with him or send more nude pictures. He was sentenced to 18 months for his efforts.

3. Governments use tools such as Blackshades RAT for espionage and intelligence gathering.

Here’s what the FBI press release doesn’t tell you: Blackshades is just a cheaper version of similar spying software legally marketed for government and law enforcement use. Programs sold by Hacking Team and Gamma, for example, also allow users gain unauthorized access to someone else’s computer. A recent report from Toronto-based surveillance watchdog Citizen Lab showed Hacking Team’s software was being used in 21 countries, including some that suppress civil liberties and have poor human rights records. Hacking Team told Mashable the report was inaccurate. Citizen Lab also reported in 2012 that RATs were used to target journalists and activists in Syria.

4. The bad guys might get away. 

“The 16 governments bringing charges may have a tough time with their cases if they were arresting people for possession of the software package,” writes the Daily Beast’s Quinn Norton. “Without logs or other evidence of the purchasers using the software against unsuspecting targets, most of those governments will have to prove that the purchasers intended to use the software in an illegal way.

5. Your computer might be infected.

The FBI has this list of signs that your computer has been compromised plus instructions for how to search for telltale files.

The Washington Post’s Ellen Nakashima breaks down the significance of the Justice Department’s decision to charge the Chinese military with cyber-espionage against American companies. (Jackie Kucinich/The Washington Post)
Gail Sullivan covers business for the Morning Mix blog.
Comments
Show Comments

national

morning-mix

Most Read National
Next Story
Fred Barbash · May 20, 2014