The FBI and law enforcement officials in more than a dozen countries have made scores of arrests in cases involving Blackshades, malicious software that allows users to surreptitiously peep into the computers and web cameras of others.
In what the FBI said was the largest global cyber operation to date, raids were carried out in 18 countries at the homes of people suspected of buying the malware, which was available for a $40 download. The targets for law enforcement included the creators and administrators of Blackshades.
The software was used last year against Miss Teen USA Cassidy Wolf in what became known as a cyber “sextortion” case. Wolf, then 19 years old, told reporters last August she had received an anonymous email in which the sender claimed to have nude photos of her, captured from her webcam, and threatened to post the photos online unless Wolf gave him more nude pictures or videos.
The suspect in that case, 20-year-old Jared James Abrahams, pleaded guilty in November and was sentenced to 18 months in prison.
A criminal complaint described Blackshades’ disturbing capabilities: “After installing the RAT [remote access tool] on a victim’s computer, a user of the RAT had free rein to, among other things, acess and view documents, photographs and other files on the victim’s computer, record all of the keystrokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim – all of which could be done without the victim’s knowledge.”
The FBI’s investigation showed that the RAT had been purchased by “at least several thousand users in more than 100 countries and used to infect more than half a million computers worldwide,” the complaint said.
FBI Assistant Director George Venizelos said nearly anyone could use the program.
"It required no sophisticated hacking experience or expensive equipment," he said. "We tackled this malware starting with those that put it in the hands of the users, the creators, and those who helped make it readily available, the administrators."
Law enforcement identified two co-creators of Blackshades as Alex Yucel and Michael Hogue. Hogue was arrested in Arizona in 2012, has pleaded guilty and is cooperating with law enforcement, officials said. Yucel was arrested in Moldova in 2013 and the U.S. is awaiting extradition.
"Working in close coordination with our partners, we conducted a series of arrests and other actions targeting the creators and purveyors of malicious computer software known as Blackshades, which can victimize ordinary Americans by stealing and exploiting their personal information," Attorney General Eric Holder said today. "We are stepping up our cyber enforcement efforts around the globe. We will simply not tolerate these activities."