FBI: It's Curtains For Blackshades


A popular automated attack toolkit is being taken out as part of an international crackdown against the malware known as Blackshades, leading to the arrest of more than 90 people for using it to steal credit cards, drain bank accounts, and obtainl other sensitive data from individuals and small businesses.

The arrests include the computer programmers and others who are alleged to have developed, marketed and sold the Blackshades toolkit. The FBI said Monday that it handed down an indictment against Swedish national Alex Yucel and that Michael Hogue, 23, of Maricopa, Ariz., pled guilty for their roles in co-developing Blackshades, an automated attack toolkit that could be purchased on underground hacking forums for as little as $40. It was sold and distributed to thousands of people in more than 100 countries and used to infect at least 500,000 computers globally, according to the FBI.

The FBI is also charging a man, Brendan Johnston, 23, of Thousand Oaks, Calif., for allegedly marketing and selling the toolkit and Kyle Fedorek, 26, of Stony Point, N.Y., and Marel Rappa, 41, of Middletown Township, N.J., for allegedly using Blackshades to conduct attacks against computer users. The marketing and sales activity is believed to have generated sales of more than $350,000 between September 2010 and April 2014, the FBI said.

[Related: Blackhole Author Arrested: 10 Facts About The Automated Attack Toolkit]

"Armed with $40 and a computer, an individual could easily get the Blackshades remote access tool and become a perpetrator," said George Venizelos, assistant director at the FBI, in a statement.  "It required no sophisticated hacking experience or expensive equipment."

Blackshades, known as a remote access Trojan, was highly configurable, enabling an attacker to deploy other malware on the victim's system. An attacker can view documents, photographs and other files on the victim’s computer, record all the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim. Investigators also seized more than 1,900 domains used by Blackshades users to control victims’ computers. The infected computers could also be used to conduct distributed denial-of-service attacks designed to cripple or bring down a website.

Law enforcement officials have been taking action globally against the authors of popular automated attack tools, Last year, the programmer allegedly behind the notorious Blackhole exploit kit was arrested by Russian authorities.

Solution providers say security researchers have been tracking Blackshades over the past several years. Symantec documented increased use of the toolkit it calls Shadesrat over the six months prior to Hogue's arrest in 2012. The company also found a connection between Blackshades and another notorious exploit kit called Cool. Blackshades targets a wide variety of credentials including email services, Web services and instant messaging applications that could be used to help bolster spam campaigns, the company said.

The FBI action might help deter some developers from creating automated attack toolkits, said Rick Doten, chief information security officer at Digital Management, a Bethesda, Md.-based mobility solution provider. Doten told CRN that automated attack toolkits are behind much of the broad attack activity against computer users. The automated tools are designed to put sophisticated hacking techniques in the hands of less sophisticated hackers, he said.

"It's good to see all the work law enforcement has been doing building public, private partnerships with the industry, which has a lot of good evidence to track these people down and establish some attribution to this criminal activity," Doten said. "Even with limitations of laws and lack of precedents they are still stepping up and showing some deterrence."

Doten and other solution providers advocate a variety of measures against Blackshades and other financially motivated attacks. In addition to technical security measures, user security awareness training can be effective in getting employees to stop clicking on suspicious links or opening unsolicited file attachments, Doten said.  

"The botnets are the engine that runs this cybercrime, and the biggest weakness is human fallibility," Doten said. "It's important to educate [people] not just what to look out for at work, but also how to protect their information at home."

PUBLISHED MAY 20, 2014