BlackShades malware hijacked half a million computers, FBI says

Last Updated May 19, 2014 9:45 PM EDT

The FBI says more than a half million computers in more than 100 countries were infected by sophisticated malware that lets cybercriminals take over a computer and hijack its webcam.

The FBI described its investigation in criminal complaints unsealed in Manhattan federal court Monday as charges against five individuals were announced.

Law enforcement sources told CBS News the criminal operation allegedly involved stealing information, controlling computers, and exploiting people whose computers were hacked. This investigation was separate from another major hacking case announced today, in which the Justice Department announced charges against five Chinese military hackers for allegedly stealing U.S. trade secrets.

The FBI said the BlackShades Remote Access Tool has been sold since at least 2010 to several thousand users. The agency said one of the program's co-creators is now cooperating with the government and has provided extensive information.

cassidy.jpg
Cassidy Wolf, Miss Teen USA 2013, was targeted by a hacker who used the malware to hijack her computer's webcam.
CBS News

Among the victims of the malware was Miss Teen USA 2013, Cassidy Wolf. Authorities say a hacker used Wolf's personal computer webcam to take nude photos of her and threatened to post them online if Wolf didn't send him more revealing photos. She went to police. The hacker was arrested and sentenced to 18 months in prison.

Acting on an FBI tip, police worldwide have arrested 97 people in 16 countries suspected of developing, distributing or using the malicious software called BlackShades, which allows criminals to gain surreptitious control of personal computers, European law enforcement officials announced Monday.

The malware allows hackers to steal personal information, intercept keystrokes and hijack webcams to make secret recordings of their users. BlackShades also can be used to encrypt and lock a computer's data files, blocking the rightful owners from regaining access unless they pay a ransom.

French officials said last week's raids happened after the FBI arrested two BlackShades developers and distributed a list of their international customers who purchased the malware.

Coordination agencies Europol and Eurojust, based in The Hague, Netherlands, said Monday that police in 13 European countries - Austria, Belgium, Britain, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, Moldova, the Netherlands and Switzerland - as well as in the United States, Canada and Chile raided 359 properties and seized cash, firearms, drugs and more than 1,000 data storage devices.

"This case is a strong reminder that no one is safe while using the Internet," said Koen Hermans, a Eurojust official representing the Netherlands. "It should serve as a warning and deterrent to those involved in the manufacture and use of this software."

The two European agencies declined to provide country-by-country breakdowns of arrests, details of items seized, or the specific days when last week's raids occurred.

In Paris, the state prosecutor's office said French detectives arrested more than two dozen people during May 13 raids and described the global nature of the arrests and searches as an unprecedented "new form of judicial action." It said those arrested were identified by the FBI as French "citizens who had acquired or used this software."

In a BlackShades-related related investigation before the latest global arrests, Dutch police earlier this year arrested a 18-year-old man for using the malware to take pictures of women and girls using about 2,000 computers.

Comments