FBI Cybercrime Crackdown - Blackshades

It would seem the FBI is cracking down on cybercrime (well script-kiddies at least), with a bunch of international raids carried out in the past few days and more said to come. As of today it seems that the raids are only targeting users of "blackshades" a popular remote administration tool.



Blackshades is a remote administration tool (RAT) used for remotely accessing and controlling computers over the internet. Although RATs have many legal uses and are sold by software companies, they can also be used for malicious purposes such as data theft, spying and distributed denial of service attacks. Due to the fact that most legitimate RATs require a user to go through the standard installation process, hackers write their own versions that can invisibly infect a computer by running a single executable, this is what blackshades does.


In almost all international law, there is a grey area between what constitutes a legal RAT and an illegal one, as there is no black and white definition that separates software from malware. The authors of blackshades used the gray area to sell their malware for many years, with absolutely no legal implications. When it comes to the actual use of remote administration tools, the law is pretty clear cut: If you have permission from the owner of the computer, it's legal; if you don't it's not. Although the sales team were only marketing their product on hacking forums full of criminals, it had little legal implications for them and they made a lot of money. Blackshades was structured a lot like a regular company in the way they had a website, were registered as an LLC, accepted payments with paypal through a payment gateway, and kept detailed transaction logs; Most of this leading customers to believe that because the software was "legal", what they were doing with it was also legal, as a result most customers were paying for the software with their personal accounts, not making any effort to cover their tracks, and even posting threads about how many people they had infected online.

Threads with users bragging about how many computers
they had infected are not uncommon.

On Tuesday 13th May 2014 the FBI appears to have begun executing international raids with the help of local law enforcement. Although there appears to have been no arrests as of yet, many users of blackshades have reported police or federal officers entering their homes and confiscating any computer equipment. It is widely believe the FBI came into possession of the transaction log kept by the blackshades staff, which contained personal information of customers such as: names, addresses, and IPs. The raids coincide with a statement released by the FBI at the "Reuters Cybersecurity Summit", where they stated they would be taking "a much more offensive approach to cybercrime".

Rickey Gevers also has some interesting information on the raids: http://rickey-g.blogspot.nl/2014/05/international-ongoing-blackshades.html

Update 19th Nay 2014:
The FBI has released an official statement here, confirming that it was them orchestrating the international raids against blackshades users. The statement also confirms what many suspected for a while now, that Alex Yucel AKA marjinz, the creator of blackshades, had been arrested in Moldova (now waiting extradition to the US).

Also interesting is that they mention "operation card shop" as what put them onto the scent of blackshades. For those who don't know: Operation card shop was an FBI string operation that involved undercover agents running a carding forum for about 2 years. During the sting operation, "omniscient", the owner of hackforums, urged members to register on the carding forum and even gave the owner a  free upgraded account, it was later revealed that the same FBI agent had tried to buy hackforums a few months earlier. a member of the blackshades team, xviceral, fell victim to this trap after he accidentally gave away a free copy of blackshades (complete with free bots) to an undercover FBI agent, in return for vouching for his product.

You can see a copy of the indictments below:
http://www.justice.gov/usao/nys/pressreleases/May14/BlackshadesPR/Blackshades,%20Hogue%20Information%2013%20Cr.%2012.pdf
http://www.justice.gov/usao/nys/pressreleases/May14/BlackshadesPR/Blackshades,%20Yucel%20Indictment%20S1%2013%20Cr%20%20834_Redacted.pdf

Now for the bit I'm sure everyone is waiting for.












SHARE

MalwareTech

Hi. I’m a 20 year old programmer and security enthusiast currently living in the UK, my skills include: Malware Analysis, Reverse Engineering, and Windows Internals. I also have experience programming in the following languages: C/C++, ASM, PHP, Python, C#, Objective-C, as well as a few web scripting languages. Hope you enjoy reading my blog!

    Blogger Comment
    Facebook Comment

8 comments:

  1. OMG! THIS IS FKING SERIOUS! LUCKLY I DID NOT BUY IT!
    Sadly a friend of mine did, he also seriously had FBI agents at his home and took his PC, he was talking to me with his phone. He told me that 3 of his other friends got raided a few days earlier and he almost had guessed it could happened to him as well, but he did not take notice of it. This is FKING SERIOUS SHIT >.>

    ReplyDelete
  2. HAHAHHAHAH! So funny!

    ReplyDelete
  3. Its also happening in Belgium

    ReplyDelete
  4. God bless Algeria ( no feds, no FBI ) hhhhhhhhhhhhh

    ReplyDelete
  5. Criminals you got what you deserve. Good job FBI.

    ReplyDelete
  6. That's Some serious shit xD

    ReplyDelete
  7. "infect computers throughout the world to spy on victims through their web cameras, steal files and account information, and log victims’ key strokes.”
    Does it need an access to the computers? Like micro keylogger?

    ReplyDelete