Tue May 20, 2014
To Combat Malware Tool, U.S. Undertakes Massive Cyber Crackdown
Originally published on Wed May 21, 2014 8:20 am
ROBERT SIEGEL, HOST:
U.S. law enforcement calls it the biggest international cyber crackdown ever. Yesterday, more than 90 people in 19 countries were arrested for using and distributing something called the Blackshades Remote Access Tool, RAT for short. It's a wordy name for malware that makes hacking very simple, even for novices. And it gave cyber criminals unfettered access to more than a half a million computers worldwide.
Joining me on the line is Brian Krebs of Krebs on Security. Welcome to the program, Brian.
BRIAN KREBS: Hey, Robert, thanks for having me.
SIEGEL: And first, how does the Black Shades program work?
KREBS: Sure. So it really does typify the sorts of fraud tools that are widely available and usable to just about anybody. The only thing a buyer of this product would really need to know how to do is figure out how to get the militia software installed on the would-be victim's computer in the first place.
SIEGEL: And then, what could they do with the would-be victim's computer?
KREBS: Right. Well, they could do anything that that user could do and that includes taking a peek at their files, locking up those files or deleting those files. It could include turning on their webcams so they can see the victim behind their keyboard. Anything, essentially, that the user could do, the attacker could do. Like any other trojan, the lure usually comes via email or social networking sites like Twitter or Facebook and it works when it tricks you into clicking a link that sends you to a booby-trapped website.
And essentially, you know, if you're not running the latest version of the browser software, if you're not up-to-date on your security updates, you're going to have a bad day.
SIEGEL: Black Shades was openly distributed. There was even online support for it. It wasn't so hard to find in forums. Was that unprecedented?
KREBS: No, I don't think so. I think, first of all, there are dozens of these remote access trojans for sale in the underground. What was interesting about this was it was very cheap. They initially sold for $40. And, you know, customers could pay for it using PayPal, which made it very accessible. So, you know, I think in that respect, that has a lot to do with how many users ultimately and customers there were.
SIEGEL: Do you think that these arrests will actually deter lots of other people from doing similarly in the future or will the attackers still be at it trying to outsmart officials?
KREBS: Well, in this case, I mean, that's a good question. I think a lot of these guys were sort of low-hanging fruit. The government did some targeted arrests and sting operations a couple of years ago that should've given anyone who had a clue or was paying attention as a customer of this heads-up that this day would be coming.
You know, I don't know if this is going to serve as a deterrent. There are just an enormous number of these tools being marketed and sold every day and the fact that these guys manage to hack into half a million computers in all these different countries and the fact that there are just so many of these other tools out there, it gives you an idea of the size of the problem.
SIEGEL: Does this mean, by the way, that there's no longer such a thing as Black Shades remote access tool or just the people who have been trafficking in it in trouble?
KREBS: Well, I wouldn't be surprised to see the resurrection of this thing. You know, first of all, if you have a copy of this, it's still functional. If you have a license to it, you could still resell it. It has a strong brand, right? I mean, you could see somebody taking this up and running with it. Brand loyalty goes a long way.
SIEGEL: Brian Krebs, thanks for talking with us.
KREBS: Hey, Robert, thanks very much for having me.
SIEGEL: Brian Krebs runs the website, KrebsOnSecurity.com. Transcript provided by NPR, Copyright NPR.