Blackshades RAT co-author sentenced to 57 months in prison

Swedish national Alex Yucel, 25, co-creator of the Blackshades Remote Access Trojan (RAT), has been sentenced for selling and distributing the malware since 2010.

Yucel was arrested in Moldova back in November 2013 as part of a large-scale takedown conducted by the FBI and other law enforcement agencies spanning 18 countries.

He was the first ever defendant to be extradited from Moldova to the United States.

Also caught in the takedown was US citizen and co-creator Michael Hogue and nearly 100 more individuals.

What is a RAT?

A RAT is a type of trojan that is specifically designed to spy on users and steal their data.

There are some that claim RATs have legitimate uses.

I completely disagree.

Anything that is surreptitiously foisted on users – meaning without consent or knowledge – is malware.

That’s not to say accessing computers remotely is strictly for the crooks, obviously. There are plenty of legitimate remote access software options, both free and commercial, that do not involve deception and criminality.

And just because IT didn’t tell you they were using software to remotely access your their machine doesn’t make it malware.

But, in the case of a RAT, I think we can safely say it is malware.

What is Blackshades RAT?

The FBI has a good description of the functionality provided by Blackshades in particular:

[Blackshades RAT] allows criminals to steal passwords and banking credentials; hack into social media accounts; access documents, photos, and other computer files; record all keystrokes; activate webcams; hold a computer for ransom; and use the computer in distributed denial of service (DDoS) attacks

One notable case involving Blackshades – and another RAT called Darkcomet – was that of Jared James Abrahams who was sentenced to 18 months in federal prison for spying on and extorting Miss Teen USA, Cassidy Wolf, in 2014.

As co-creator of Blackshades, Yucel ran his operation like a business – including updating his product based on customer feedback and hiring staff responsible for website development, marketing and customer care.

The software could be purchased for $40-$100 and customized by the buyer to suit their own needs.

It is estimated that the sale of Blackshades generated over $350,000 from September 2010 to April 2014.

Getting infected with a RAT follows much of the same pattern as with other malware.

In particular, Blackshades infections came as a result of downloading free software from dodgy sources, or opening enticing attachments or clicking on links in an email that led to compromised sites serving up exploits and consequently, malware.

On a lighter note, I was doing some research on RATs for a talk at RSA earlier this year and wandered into the shady world of RAT purveyors.

What I found was that RAT servers – the part that controls all the clients – can be tricky to acquire if you don’t want to pay the crooks for them. I ended up RATing myself several times when attempting to find server software.

The people offering these downloads often advertise them as “TOTALLY LEGIT!!” or “REAL!!” on message boards as a way to suck you into grabbing their source which is just a RAT client disguised as a server.

They even publish YouTube instructional videos with links to their “working” copy of the software.

Even the RATs are RATing the would-be RATers.

Caveat acquisitor.

The Takedown

The Blackshades takedown involved a massive coordinated effort between the FBI and both domestic and foreign law enforcement agencies.

Incidentally, the Blackshades operation was a spinoff of a separate operation, Operation Cardshop, aimed at taking down carder gangs.

According to the press release, the takedown involved 40 FBI field offices, more than 100 email and physical searches and seizure of over 1900 domains.

The indictment lists 5 counts:

1. Conspiracy to commit computer hacking
2. Distribution of malicious software
3. Conspiracy to commit access device fraud
4. Access device fraud
5. Aggravated identity theft

In February 2015, Yucel pleaded guilty to distribution of malicious software which carries a maximum sentence of 10 years in prison.

In the end, US District Judge P. Kevin Castel sentenced Yucel to nearly 5 years in federal prison.

The prosecutor in the case, Manhattan US Attorney Preet Bharara is quoted as saying:

Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing - gain control of a computer, and with it, a victim’s identity and other important information. This malware victimized thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.

Small victories

While news stories about compromises and vulnerabilities seem to dominate the landscape, it’s comforting to know that law enforcement and judicial bodies are making some headway in the fight against cybercrime.

It may not come as quickly and as broadly as we would want but due process ensures that these cybercriminals are justly tried and convicted.

For those of you that are keeping score at home, this means another tick in the “W” column.

Image of rat in cage courtesy of Shutterstock.