Inside FBI's massive cybercrime bust

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.kxly.com/news/money/Inside-FBI-s-massive-cybercrime-bust/26053216

Computer hacker forums lit up last week as Federal Bureau of Investigation
agents and police in 17 countries began knocking on doors, seizing
computers and making arrests.

On the popular websites where cyber criminals buy and sell software kits
and help each other solve problems, hackers issued warnings about police
visits to their homes.

The hackers quickly guessed that a major crackdown was underway on users of
the malicious software known as Blackshades.

The malware sells for as little as $40. It can be used to hijack computers
remotely and turn on computer webcams, access hard drives and capture
keystrokes to steal passwords -- without victims ever knowing it.

Criminals have used Blackshades to commit everything from extortion to bank
fraud, the FBI said.

Last week, watching it all play out were about two dozen FBI cybercrime
investigators holed up in the New York FBI's special operations center,
high above lower Manhattan.

Rows of computer screens flickered with updates from police in Germany,
Denmark, Canada, the Netherlands and elsewhere. Investigators followed
along in real time as hundreds of search warrants were executed and
suspects were interviewed.

One of the largest global cybercrime crackdowns has yielded the arrests of
over 100 people linked to the Blackshades malware.

The sweep, capping a two-year operation, was coordinated so suspects didn't
have time to destroy evidence. It included the arrest in Moldova of a
Swedish hacker who was a co-creator of Blackshades. Prosecutors in the
Manhattan U.S. attorney's office are expected to announce the results of
the probe later Monday.

700,000 victims around the world: Inside the FBI special operations center,
six large computer monitors displayed key parts of the probe. Agents kept
an eye on one screen showing a popular website where Blackshades was sold.
The site was taken down by the FBI.

Another monitor showed a heatmap of the world displaying the locations of
the 700,000 estimated victims, whose computers have been hijacked by
criminals using the Blackshades software. Splotches of green on the map
indicated concentrations of infected computers in highly populated parts of
the U.S., Europe, Asia and Australia.

The FBI said that in just a few years Blackshades has become one of the
world's most popular remote-administration tools, or RATs, used for
cybercrime.

Leo Taddeo, chief of the FBI's cybercrime investigations in New York, said
the unprecedented coordination with so many police agencies came about
because of concern about the fast growth of cybercrime businesses.

"These cyber criminals have paid employees, they have feedback from
customers -- other cyber criminals -- to continually update and improve
their product," Taddeo said recently. While he spoke, agents took calls
from counterparts working the case in more than 40 U.S. cities.

Blackshades had grown rapidly because it was marketed as off-the-shelf,
easy to use software, much like legitimate consumer tax-preparation
software.

"It's very sophisticated software in that it is not very easy to detect,"
Taddeo said. "It can be installed by somebody with very little skills."

Hack victim: 'I felt completely violated': For victims whose personal
computers were turned into weapons against them, the arrests bring
reassurance.

Cassidy Wolf, the reigning Miss Teen USA, received an ominous email message
in March 2013.

The email, from an unidentified sender, included nude photos of herself,
obviously taken in her bedroom from her laptop. "Either you do one of the
things listed below or I upload these pics and a lot more ... on all your
accounts for everybody to see and your dream of being a model will be
transformed into a porn star," the email said.

And so began what Wolf describes as three months of torture.

The email sender demanded better quality photos and video, and a
five-minute sex show via Skype, according to FBI documents filed in court.
He told her she must respond to his emails immediately -- software he had
installed told him when she opened his messages.

"I felt completely violated," Wolf said in an interview. "I felt scared
because I didn't know if this person was a physical threat. My whole sense
of security and trust was gone."

A former classmate she knew, Jared Abrahams, had installed Blackshades
malware on Wolf's laptop. In March, the 20-year-old computer science
student was sentenced to 18 months in prison after pleading guilty to
extortion and unauthorized access of a computer.

Abrahams had been watching her from her laptop camera for a year, Wolf
later learned. The laptop always sat open in her bedroom, as she played
music or communicated with her friends.

Abrahams had used Blackshades to target victims from California to
Maryland, and from Russia to Ireland. He used the handle "cutefuzzypuppy"
to get tips on how to use malware, according to FBI documents. In all, he
told the FBI, he had controlled as many as 150 computers.

Cybercriminals like Abrahams often rely on weak links in computer security,
and mistakes by victims, to infect computers.

Many computer users don't update anti-virus software. Many click on links
sent in messages on social media sites such as Facebook, or in email,
without knowing what they're clicking on. In seconds, malware is
downloaded. Often computer users have no idea infection has taken place.

"A hacker is going to go for the low-hanging fruit," said Tyler Cohen Wood,
a cybersecurity expert at the Defense Intelligence Agency and author of the
book "Catching the Catfishers."

Victims often don't realize how easy they make themselves to be targeted
and can better protect themselves by being careful about what they reveal
online, Wood said.

Taddeo, the FBI cyber chief, said the most common way criminals have used
Blackshades to target victims is by sending emails that seem legitimate,
perhaps with a marketing offer, and with a link to click. "Anyone who signs
on to the internet is potentially a victim of this tool," he said.

In Wolf's case, she received a Facebook message related to teen pageants.
When her computer was infected it sent messages to other friends, whose
computers also became infected.

The episode has made Wolf into a campaigner to urge young people to be
better educated about online safety. She said her passwords are now more
complicated and unique for each account, and she changes them often. She
uses updated security software.

"I really didn't think that everything I worked for could be lost because
of this," she said. "This can happen to anybody."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!