Giant Malware Busts Around the World


MANHATTAN (CN) - Five federal lawsuits unsealed in New York Monday are part of a worldwide roundup accusing a cybercrime ring of selling malware that highjacked more than 500,000 computers and webcams in 100 countries around the world.
     Ninety-seven people suspected of selling or using the malware were arrested in 16 countries, U.S. and European officials said.
     U.S. Attorney Preet Bharara called the malware, called BlackShades "a frightening form of cybercrime."
     Five complaints in Manhattan Federal Court were unsealed Monday, each against one defendant.
     The complaints against BlackShades owner Alex Yucel , and the program's co-creator Michael Hogue , of Maricopa, Ariz., were bare-bones documents.
     Hogue pleaded guilty after being arrested in June 2012 and is cooperating with prosecutors, Bharara said.
     Yogue, who was arrested in Moldova in November 2013, is awaiting extradition to the United States.
     The malware, which has been sold as cheaply as $40, but allegedly brought in more than $350,000, can intercept keystrokes, highjack webcams, and encrypt and lock computer files, forcing victims to pay a ransom to get their own files back, Bharara said.
     The complaint against one of the five people charged in New York, Kyle Fedorek , provides a closer look at what the allegedly conspiracy is accused of allowing hackers to do.
     Fedorek is accused of conspiracy to commit computer hacking, computer hacking, and access device fraud.
     The complaint accuses Fedorek aka kbello of buying Blackshades over the Internet on Sept. 12, 2012.
     An unidentified co-conspirator is accused of sending the program to an undercover FBI agent on June 30, 2010 (sic).
     Sometime in 2013, an FBI agent in New York City bought a copy of the malicious software from a website maintained by Blackshades, according to the 16-page complaint.
     Count three, access device fraud, states: "From at least in or about September 2012, up to and including in or about March 2014, in the Southern District of New York and elsewhere, Kyle Fedorek, aka 'kbello,' the defendant, knowingly and with intent to defraud possessed fifteen and more access devices which were counterfeit and unauthorized access devices, to wit, Fedorek possessed at least thousands of access devices, including credit card numbers and financial account numbers, which were obtained through computer hacking."
     In the "Overview," the FBI agent states: "Since at least in or about 2010, an organization known as 'Blackshades' has sold and distributed malicious software to thousands of cybercriminals throughout the world. Blackshades' flagship product was the Blackshades Remote Access Tool, or R.A.T. (the 'RAT'), a sophisticated piece of malware that enabled cybercriminals to remotely and surreptitiously gain control over a victim's computer. After installing the RAT on a victim 1's computer, a user of the RAT had free rein to, among other things, access and view documents, photographs and other files on the victim's computer, record all of the keystrokes entered on the victim's keyboard, steal the passwords to the victim's online accounts, and even activate the victim's web camera to spy on the victim - all of which could be done without the victim's knowledge.
     "The FBI's investigation has shown that the RAT was purchased by at least several thousand users in more than 100 countries and used to infect more than half a million computers worldwide. The FBI's investigation has included, among other things, the execution of physical search warrants and more than 100 e-mail search warrants, the seizure of more than 1,900 domain names used by purchasers of the RAT to control victims' computers, and the execution of a search warrant for a computer server controlled by Blackshades. Further, an undercover FBI agent in New York, New York obtained a copy of the RAT from one of the RAT's co-creators, who subsequently cooperated with the government and provided extensive information about Blackshades ('CW-1'). The FBI's investigation has revealed that the Blackshades RAT was, in fact, used by Blackshades customers to, among other things, activate web cameras, steal files and account information, and log keystrokes.
     "Kyle Fedorek, aka 'kbello,' the defendant, was a customer of Blackshades who purchased the RAT in or about September 2012. From in or about September 2012 through in or about March 2014, when the FBI executed a search warrant at Fedorek's home and seized his computer, Fedorek used the RAT to steal financial and other account information from more than 400 victims. As detailed below, a search of Fedorek's computer also revealed that Fedorek was deploying a variety of other types of malicious software against his victims."
     The other two complaints unsealed Monday, similar to the one against Fedorek, are against Marlen Rappa , and Brendan Johnston .