The U.S. Department of Justice has shuttered the Blackshades malware operation, which sold potentially pernicious software that was installed on as many as 500,000 computers worldwide.
The U.S. Attorney’s Office for the Southern District of New York arrested three alleged key members of the Blackshades organization, as well as two individuals in the New York area who the DOJ said used the software to break into hundreds of computers, it announced Monday. The DOJ coordinated efforts with law enforcement agencies across 19 countries to make the arrests. Authorities arrested 97 people globally.
The DOJ also disabled the Blackshades Web domain, where the invasive software was sold.
“I think the days when people thought they could very simply and anonymously buy malware to invade other people’s privacy and steal their property are over,” said Preet Bharara, U.S. attorney for the Southern District of New York, at a press conference announcing the arrests.
“You can’t just hide in another country anymore. The nations of the world appreciate that [malware] is a global threat, not just one that affects the United States,” Bharara said.
Blackshades allegedly sold a remote access tool, or RAT, which could capture information on a user’s computer, including photographs, documents and passwords to access online accounts. It could record every keystroke made on a user’s keyboard, which could be used to steal credit card numbers and other sensitive information.
The software could also be used to activate a computer’s webcam to spy on someone in their own home without their knowledge.
RAT software was purchased by users in more than 100 countries and infected more than 500,000 computers, the DOJ estimated. The software was most often surreptitiously installed on a user’s computer when they clicked on a Web address link that would download and install the software. Once on a user’s computer, the software could propagate itself to other computers by sending messages to people in the computer’s address book.
The DOJ had already arrested the suspected creators of Blackshades, Michael Hogue, aka “xVisceral,” and Alec Yucel. Yucel, a Swedish national, was arrested in Moldova in November 2013, and is awaiting extradition to the U.S. The indictment for Yucel remained under seal until Monday.
Hogue was arrested in Arizona in June 2012, subsequently pled guilty in January 2013 and has been cooperating with the government investigation, the DOJ said.
He and Yucel have been charged with multiple counts of computer hacking, with each count carrying a maximum penalty of up to 10 years in prison.
Brendan Johnston, a former Blackshades employee who allegedly helped sell RAT and provided technical assistance, has also been arrested.
Two New York buyers of the RAT were also arrested, Kyle Fedorek and Marlin Rappa. They are accused of using the software to steal online information and spy on users through webcams.
The DOJ also seized the domain name for the website that sold the Blackshades RAT and obtained warrants to seize assets of Blackshades’ owners.
Bharara advised users of the RAT to come forward and present themselves to the DOJ, or, “at the very least” stop using the software.