“Blackshades” Malicious Software Creator Sentenced to Nearly Five Years in Prison (News Video)

Posted on June 24, 2015

NEW YORK

FBI LogoThe creator of “Blackshades,” a malicious software that since 2010 has been sold and distributed to thousands of people in more than 100 countries, was sentenced to four years and nine months in prison, officials said.

The malware allowed  users around the world to secretly and remotely control victims’ computers, officials stated.  It was used to infect more than half a million computers worldwide. Blackshades generated sales of more than $350,000 between September 2010 and April 2014.

On Tuesday, U.S. District Judge P. Kevin Castel sentenced Alex Yucel, the owner of an organization known as “Blackshades,” after he plead guilty to computer hacking on Feb. 18, according to authorities.

“Alex Yucel created, marketed, and sold software that was designed to accomplish just one thing—gain control of a computer, and with it, a victim’s identity and other important information,” said Manhattan U.S. Attorney Preet Bharara.  “This malware victimized thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.”

Yucel, 24, a Swedish national, was arrested in Moldova in November 2013. He was the first defendant ever to be extradited from Moldova to the United States.

In addition to the prison term, Yucel was sentenced to three years’ supervised release, and forfeiture of $200,000 and the computer equipment used.

The evidence indicated the following facts and circumstances:

  • Beginning in 2010, the “Blackshades” organization, which YÜCEL owned sold and distributed malware to thousands of cybercriminals throughout the world.
  • Blackshades’ flagship product was the RAT—a sophisticated piece of malware that enabled cybercriminals secretly and remotely to gain control over a victim’s computer.
  • After installing the RAT on a victim’s computer, a user of the RAT had free rein to, among other things, access and view documents, photographs, and other files on the victim’s computer, record all of the key strokes entered on the victim’s keyboard, steal the passwords to the victim’s online accounts, and even activate the victim’s web camera to spy on the victim—all of which could be done without the victim’s knowledge.
  • A Blackshades user could also exploit victims’ computers for Distributed Denial of Service attacks by commanding Blackshades-infected computers to repeatedly send requests to targeted websites in an effort to disable those websites and deny service from those websites to legitimate visitors.
  • The RAT was typically advertised on forums for computer hackers and marketed as a product that conveniently combined the features of several different types of hacking tools.
  • Copies of the Blackshades RAT were available for sale, typically for $40 each, on a website maintained by Blackshades.
  • After purchasing a copy of the RAT, a user had to install the RAT on a victim’s computer—i.e., “infect” a victim’s computer.
  • The infection of a victim’s computer could be accomplished in several ways, including by tricking victims into clicking on malicious links or by hiring others to install the RAT on victims’ computers.
  • The RAT contained tools known as “spreaders” that helped users of the RAT maximize the number of infections. The spreader tools generally worked by using computers that had already been infected to help spread the RAT further to other computers.
  • For instance, to lure additional victims to click on malicious links that would install the RAT on their computers, the RAT allowed cybercriminals to send those malicious links to others via the initial victim’s social media service, making it appear as if the message had come from the initial victim.
  • For example, a RAT user could send an instant message, or IM, to potential victims that appeared to come from the initial victim, inviting them to click on a link that appeared to lead to a legitimate website, but would instead install the RAT on the potential victim’s computer.
  • Yucel co-created the Blackshades RAT with Michael Hogue and operated the Blackshades organization with the help of several employees whom Yucel paid to advertise the RAT on various Internet forums and to provide customer support

Brendan Johnston, an administrator for the Blackshades organization, pled guilty in November 2014, before U.S. District Judge Jesse M. Furman to conspiracy to commit computer hacking.

On June 19, 2015, Johnston was sentenced to one year and one day in prison.

Marlen Rappa, a customer of Blackshades who purchased the RAT and used it to infect victims’ computers, spy on those victims using their web cameras, and steal personal files from their computers, pled guilty in October 2014, before U.S. District Judge Valerie E. Caproni.

On April 22, 2015, Rappa was sentenced to one year and one day in prison.

Kyle Fedorek, a customer of Blackshades who purchased the RAT and used it to steal financial and other account information from more than 400 victims, pled guilty in August 2014 before U.S. Magistrate Judge Gabriel W. Gorenstein.

On February 19, 2015, Fedorek was sentenced to two years in prison.

Michael Hogue, the co-creator of the RAT, pled guilty before Judge Castel in January 2013, and is awaiting sentencing.

The FBI investigated this case.