Threat Management, Malware

Historic global cyber crime bust takes down ‘BlackShades’ users

An FBI-led investigation involving law enforcement agencies in 17 countries has led to one of the biggest cyber crime busts in recent history.

On Monday, officials charged nearly 100 individuals around the world, who were arrested over the weekend for using or distributing the malicious remote administration tool (RAT) dubbed “BlackShades.”

The malware could give an attacker nearly complete control over a compromised machine, including the ability to siphon sensitive data, take screenshots, record video, and meddle with messaging applications and social networks, according to researchers at Symantec.

The FBI detailed its investigation in criminal complaints filed Monday in Manhattan federal court against five individuals. Cooperation between the European Union's Judicial Cooperation Unit (EUROJUST) in The Hauge and the European Cybercrime Centre (EC3) at Europol led to a two-day operation involving 359 home raids carried out worldwide and resulting in 97 arrests, according to a release by EUROJUST.

During a Monday press conference, Leo Taddeo, special agent in charge of the Cyber and Special Operations Division for the FBI's New York Office, announced that one of the five men, Alex Yucel, is the alleged head of the cyber crime organization behind BlackShades, as well as the software's co-creator.

The busts may have been foreshadowed in comments made by an FBI official at a recent Reuters Cybersecurity summit, when he indicated that the agency expected to announce “searches, indictments and multiple arrests over the next several weeks,” according to a report by Reuters.

Last week, a flood of posts on hackforum.net indicated that raids had begun at the homes of BlackShades users and that law enforcement organizations were seizing any electronic equipment associated to the RAT. According to EUROJUST more than 1,000 data storage devices were seized, in addition to cash, firearms, and drugs.

The malicious software was by its authors on a dedicated website, bshades.eu, for prices ranging from $40 to $50.

According to information on whois.com, the domain went offline on Wednesday after the FBI seized the domain. Shortly after, posts on various forums by BlackShades buyers indicated that police raids in Europe had begun, according to a blog post by cyber crime investigator Rickey Gevers.

Security experts at Symantec aided authorities during their investigation, providing technical information on the malware's infrastructure and command-and-control servers, Kevin Haley, director of Symantec Security Response, told SCMagazine.com in a Monday interview.

While BlackShades wasn't the only RAT on the market, its ease of use may have had a big impact on its popularity.

“It's pretty point-and-click and it doesn't take a lot of technical skill [to use],” Haley said. “It's going to allow you to get malware on the system and it will give you control over anything and everything you want it to do on that system.”

In Monday press conference Taddeo said that the recent arrests should serve as a warning to cyber criminals.

“If you think you can hide behind your computer screen – think again,” Taddeo said. “Just like in the physical world, the FBI will follow the digital trail to your doorstep. If you think operating in a foreign country puts you out of reach – think again. We have many law enforcement partners around the world who are with us in this right. If we can't reach you, they can.”

Taddeo went on to add that the malicious software was purchased by thousands of individuals in more than 100 countries, leading to hundreds of thousands of infected machines.

Following Monday's announcement of the international effort, Troy Gill, senior security analyst at AppRiver, said that he believes there will be a drop of in BlackShades use.

“Any cyber criminals still using [it] will likely turn towards other forms of malware as the continued use of BlackShades will pose an inherent risk of getting caught,” Gill said in an email statement sent to SCMagazine.com Monday.

With 17 countries in on the investigative and judicial processes, Ed Stroz, executive chairman and co-founder at computer forensic consulting firm Stroz Friedberg, said he believes that the international effort is a massive success.

“That kind of cooperation requires bridges that are built in advanced between the legal process and international investigations,” Stroz told SCMagazine.com in a Monday interview. “For something this big and for this many countries, this would take quite a bit of work. I think this is pretty impressive in the time.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.