BlackShades: Arrests in Computer Malware Probe
Seventeen men have been arrested in the UK as part of a worldwide crackdown on a malicious computer program. The FBI-co-ordinated operation targeted BlackShades software which can remotely control computers and webcams. The “malware” was said to have infected more than 500,000 computers since 2010.
The UK’s National Crime Agency said 15 arrests took place in England and two men were held in Scotland.
Eighty others were held in 15 countries including the US, France and Germany.
The NCA said the inquiry focused on the developers and “prolific users” of BlackShades. It said investigators believe about 200,000 usernames and passwords of victims across the world may have been taken by UK users of BlackShades. The software typically infects computers when people click on external links on social networking sites and in emails that purport to lead to pictures, videos or other items of interest, said the NCA.
Once installed, criminals can use the software to capture personal information, or take photographs of computer users – which may be used to blackmail them. BlackShades also allows users to take control of a computer secretly and encrypt its data, which is only released on payment of a ransom.
The worldwide operation is reported to have come after the FBI arrested two BlackShades developers and obtained a list of the malware’s customers.
The software was advertised on forums for computer hackers and copies were available for sale for about $40 (£23) each on a website maintained by Blackshades, US officials said. The FBI said BlackShades has been bought by several thousand people since it was created in 2010, generating sales of more than $350,000 (£208,000).
US officials said more than 500,000 computers in more than 100 countries had been infected by BlackShades. Security experts have also linked the program to attacks on Syrian dissidents in 2012 and attempts to steal data from more than a dozen French organisations.
Details of the raids were outlined at a press conference by Preet Bharara, US Attorney for the Southern District of New York, who announced charges against five men. He described BlackShades as a “frightening form of cybercrime” saying the program’s capabilities were “sophisticated and its invasiveness breathtaking”. Blackshades “enabled anyone anywhere in the world to instantly become a dangerous cyber-criminal able to steal your property and invade your privacy,” he said. The malware could also be used to bring down websites and send out “ransom notes” to extort cash after telling a user they had lost control of their computer, he added.
The Association of Chief Police Officer’s lead on e-crime, Deputy Chief Constable Peter Goodman, said the operation “sends out a clear message to cyber criminals that we have the technology, capability and expertise to track them down”.
The NCA said its officers were also to warn people who had downloaded the malware but not deployed it that they were now known to the agency.
In total more than 300 properties were searched across the world and 1,000 data storage devices seized.
The arrests in the UK took place in Derbyshire; Birmingham; Halesowen; Wolverhampton; Newcastle-under-Lyme; Brixham, Devon; Andover, Hampshire; Ashford, Kent; Liverpool; Manchester; Warrington; London; St Andrews; Glasgow, and Leeds.
Further arrests abroad took place in Moldova, Switzerland, the Netherlands, Belgium, Finland, Austria, Estonia, Denmark, Canada, Chile, Croatia and Italy.