An FBI-led investigation involving law enforcement agencies in 17 countries has led to one of the biggest cyber crime busts in recent history.
On Monday, officials charged nearly 100 individuals around the world, who were arrested over the weekend for using or distributing the malicious remote administration tool (RAT) dubbed “BlackShades.”
The malware could give an attacker nearly complete control over a compromised machine, including the ability to siphon sensitive data, take screenshots, record video, and meddle with messaging applications and social networks, according to researchers at Symantec.
The FBI detailed its investigation in criminal complaints filed Monday in Manhattan federal court against five individuals. Cooperation between the European Union's Judicial Cooperation Unit (EUROJUST) in The Hauge and the European Cybercrime Centre (EC3) at Europol led to a two-day operation involving 359 home raids carried out worldwide and resulting in 97 arrests, according to a release by EUROJUST.
During a Monday press conference, Leo Taddeo, special agent in charge of the Cyber and Special Operations Division for the FBI's New York Office, announced that one of the five men, Alex Yucel, is the alleged head of the cyber crime organization behind BlackShades, as well as the software's co-creator.
The busts may have been foreshadowed in comments made by an FBI official at a recent Reuters Cybersecurity summit, when he indicated that the agency expected to announce “searches, indictments and multiple arrests over the next several weeks,” according to a report by Reuters.
Last week, a flood of posts on hackforum.net indicated that raids had begun at the homes of BlackShades users and that law enforcement organizations were seizing any electronic equipment associated to the RAT. According to EUROJUST more than 1,000 data storage devices were seized, in addition to cash, firearms, and drugs.
The malicious software was by its authors on a dedicated website, bshades.eu, for prices ranging from $40 to $50.
According to information on whois.com, the domain went offline on Wednesday after the FBI seized the domain. Shortly after, posts on various forums by BlackShades buyers indicated that police raids in Europe had begun, according to a blog post by cyber crime investigator Rickey Gevers.