FBI arrests over 100 hackers over the use of BlackShades malware

Cyber-attacks are commonplace these days; so commonplace in fact that they tend to be overlooked or ignored by many of us. We assume that as hacking is generally carried out by determined and seasoned criminals targeting specific institutions, it’s not a problem that will affect us. Sadly that assumption is incorrect. Anybody can be a target, so it’s imperative to remain vigilant to the all potential threats. We should also be aware that cyber-attacks are not just the preserve of the professional criminal class either: new malicious remote-administration computer programmes mean that any criminally-inclined individual from anywhere in the world can now instantly become a dangerous cyber-criminal and steal your property and invade your privacy.

How can we be so sure about this? Well, more than 100 people worldwide have recently been arrested following an FBI-led crackdown on hackers linked to a “remote administration tool” called BlackShades. BlackShades software is able to remotely control computers and webcams. The FBI believes that the malware has infected more than 500,000 computers worldwide since 2010.

Law enforcement agencies targeted developers and ‘prolific users’ of BlackShades and raided properties in more than a dozen countries across Europe, Asia, Australia and North America. Seventeen of the arrests took place in Derbyshire, Birmingham, Halesowen, Wolverhampton, Newcastle-under-Lyme, Brixham, Andover, Ashford, Liverpool, Manchester, Warrington, London, St Andrews, Glasgow, and Leeds according to the National Crime Agency. Further arrests were also made by law enforcement agencies in Moldova, Switzerland, the Netherlands, Belgium, Finland, Austria, Estonia, Denmark, Canada, Chile, Croatia and Italy.

The NCA have said that this type of RAT or backdoor malware typically infects computers when individuals or businesses click on external links on social networking sites and in emails that purport to lead to pictures, videos or other items of interest. Once installed, criminals can use the software to capture personal information, or take photographs of computer users – which may then be used to blackmail them. BlackShades malware also allows users to take control of a computer secretly and encrypt its data: only after paying a ransom will cyber-criminals release the data.

The worldwide operation is reported to have come after the FBI arrested two BlackShades developers and obtained a list of the malware’s customers. According to U.S. officials the software was advertised on forums for computer hackers and copies were available for sale for about $40 (£23) each on a website maintained by BlackShades. The FBI believes BlackShades has been bought by several thousand people, generating sales of more than $350,000, and has infected in excess 500,000 computers in more than 100 countries.  The National Crime Agency believes that about 200,000 usernames and passwords of victims across the world may have been taken by UK users of BlackShades alone. Security experts are also linking the programme to attacks on Syrian dissidents in 2012 and attempts to steal data from more than a dozen French organisations.

Details of the raids were outlined at a press conference by Preet Bharara, US Attorney for the Southern District of New York. He described BlackShades as a “frightening form of cybercrime” saying the program’s capabilities were “sophisticated and its invasiveness breath-taking”. He also claimed that it was vital for agencies worldwide to come down hard on malicious malware like BlackShades because of its devastating potential. He said it “enabled anyone anywhere in the world to instantly become a dangerous cyber-criminal able to steal your property and invade your privacy.”

The Association of Chief Police Officer’s lead on e-crime, Deputy Chief Constable Peter Goodman, said the operation “sends out a clear message to cyber criminals that we have the technology, capability and expertise to track them down”. He also warned users who had downloaded the malware but not yet deployed it to be aware that they were now known to law enforcement agencies.

If you are concerned about the escalating security challenges facing businesses today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping you assess your security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services.We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.

Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].