Science

BlackShades cybercrime ring busted in global raids

Police raids in Canada and 15 other countries have led to charges against more than 100 people accused of distributing malware that let cybercriminals take over computers and hijack webcams around the world.

Malware linked to attacks on Syrian dissidents, French organizations

BlackShades global cybercrime ring busted

11 years ago
Duration 5:18
Half million computers in over 100 countries were infected by sophisticated malware that lets cybercriminals take over computers. Interview with tech analyst Carmi Levy

More than a half million computers in over 100 countries were infected by sophisticated malware that lets cybercriminals take over a computer and hijack its webcam, authorities said as charges were announced Monday against more than 100 people worldwide.

The FBI described its investigation in criminal complaints unsealed in Manhattan federal court against five individuals. Meanwhile, police worldwide said they had recently arrested 97 people in 16 countries suspected of using or distributing the malicious software called BlackShades.

"This case is a strong reminder that no one is safe while using the iInternet," said Koen Hermans, an official representing the Netherlands in the European Union's criminal investigation coordination unit, Eurojust. "It should serve as a warning and deterrent to those involved in the manufacture and use of this software."

Sold to criminals since 2010

The FBI said the BlackShades Remote Access Tool has been sold since at least 2010 to several thousand users. The agency said one of the program's co-creators is now cooperating with the government and had provided extensive information.

The malware lets hackers steal personal information, intercept keystrokes and hijack webcams to make secret recordings of users. BlackShades also can be used to encrypt and lock a computer's data files, blocking the rightful owners from regaining access unless they pay a ransom.

Security experts have linked the program to attacks on Syrian dissidents in 2012 and attempts to steal data from more than a dozen French organizations last year. The low cost of the hacking tool has made it increasingly popular across the hacker underground, where variants have been circulating online for years.

Last year, security firm Symantec said that use of BlackShades was going up, with licenses for the program going for $40 to $100.

French officials said raids occurred last week after the FBI arrested two BlackShades developers and distributed a list of customers who had purchased the malware.

Worldwide raids

Law enforcement coordination agencies Europol and Eurojust, based in The Hague, Netherlands, said Monday that police in 13 European countries — Austria, Belgium, Britain, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, Moldova, the Netherlands and Switzerland — as well as in the United States, Canada and Chile raided 359 properties and seized cash, firearms, drugs and more than 1,000 data storage devices.

The two European agencies declined to provide country-by-country breakdowns of arrests, details of items seized or the specific days when last week's raids occurred.

In Paris, the state prosecutor's office said French detectives arrested more than two dozen people during May 13 raids and described the global nature of the arrests and searches as an unprecedented "new form of judicial action." It said those arrested were identified by the FBI as French "citizens who had acquired or used this software."

In a BlackShades-related investigation before the latest global arrests, Dutch police earlier this year arrested an 18-year-old man for using the malware to take pictures of women and girls using about 2,000 computers.