All About Blackshades, the Malware That Lets Hackers Watch You Through Your Webcam

Is any computer safe?

Laptop: <a href="http://www.shutterstock.com/pic-170119073/stock-photo-customer-chatting-to-a-call-centre-online-with-an-image-of-the-female-operator-on-the-screen-of-his.html?src=_IVnFChhIxXIDyhV0t2npA-1-122">Gajus</a>/Shutterstock; Window: <a href="http://www.shutterstock.com/pic-115727878/stock-photo-colorful-computer-window-isolated-on-white-background.html?src=MquiqlLWm9nPOZ_3uAc4JA-1-0">Tashatuvango</a>/Shutterstock; Woman: <a href="http://www.shutterstock.com/pic-166796783/stock-photo-hiding.html?src=UfwzKB7bNe1VN-WXkNDpTQ-1-36">Nomad_Soul</a>/Shutterstock; Blackshades screen: <a href="www.symantec.com/connect/blogs/blackshades-coordinated-takedown-leads-multiple-arrests">Symantec</a>

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.


On Monday, US officials announced the arrest of more than 90 people allegedly connected to an organization called Blackshades, which sold software that allows hackers to easily take over a Microsoft Windows computer remotely. Last year, a college student used the tool to take nude photos of Miss Teen USA via her personal computer’s webcam. According to the FBI and law enforcement officials, the program has been sold and distributed to “thousands” of people in more than 100 countries since 2010, affecting some 700,000 victims. Here’s why you might want to update your anti-virus software, or, if you’re prone to dancing around your room naked, at least put a piece of tape over your webcam. 

What is Blackshades?
Blackshades is the name of an organization allegedly owned by a Swedish 24-year-old named Alex Yücel. According to government officials, Yücel and Michael Hogue?, a 23-year-old US citizen who was arrested in 2012 as part of the feds’ tangential investigation into Blackshades, codeveloped the Blackshades remote access tool (RAT). This tool, which sold for as little as $40 at bshades.eu and other sites, essentially allowed buyers to act as peeping Toms on strangers’ computers. The organization made more than $350,000 between September 2010 and April 2014, according to the FBI.

How does the Blackshades Remote Access Tool (RAT) work?
The Blackshades RAT isn’t any different than what your IT person at work uses to get remote access to your computer, explains Runa Sandvik, staff technologist at the Center for Democracy & Technology (CDT). But if your IT department were accessing your computer, “you’d have a heads up,” she says. “In this case you won’t even know [the hacker] is on your computer.”

After buying a copy of the RAT software, a hacker has to install the program on a target’s computer, by, say, deceiving a person into clicking on a malicious link. Then, once the hacker has access to a computer, he or she can then use the RAT software to easily record a person’s keystrokes or passwords, take screenshots, rummage through computer files, or turn on the person’s web camera, according to the feds. Anything you can do on your computer, the hacker can do, too. And the software makes it all super easy. In fact, it’s “marketed principally for buyers who wouldn’t know how to hack their way out of a paper bag,” writes Krebson Security. Here’s what the command and control panel looks like: 

The program also includes “spreaders,” which help hackers send out malicious links from peoples’ social-media accounts, and a file hijacker tool. That tool, according to the FBI press release, allows users “to encrypt, or lock, a victim’s files and demand a ‘ransom’ payment to unlock them. The RAT even came with a prepared script demanding such a ransom.”

What do hackers use remote access tools for?
The FBI says the Blackshades RAT has been used to exploit credit cards, bank accounts, and personal information. But perhaps the creepiest way people can use remote accessing tools is to take photos and video via webcam. In November of last year, a college student pleaded guilty to hacking the webcam of Miss Teen USA Cassidy Wolf with the Blackshades software, and attempting to blackmail her. He allegedly said he had up to 40 other “slave computers,” according to the original criminal complaint. 

Last year, Ars Technica wrote about a thread on a hacker forum that was more than 134 pages long and filled with images captured through unsuspecting women’s webcams. Hackers wielding remote accessing tools—it’s unknown whether they were using Blackshades or other software—called the women their “slaves” and wrote about picking out “the ‘good’ [sexual] stuff” and categorizing it using names and passwords, according to the news outlet. And last year, a 17-year-old boy in Detroit paid hackers in the Philippines more than $1,000 in blackmail money after they collected video of him via webcam. This tool has been used for political purposes as well. In 2012, the software was sent by alleged pro-government attackers to try and infect the computers of anti-government Syrian activists. 

Now that people have been arrested in connection with Blackshades, does this mean I’m in the clear?
Nope. While the sale of Blackshades software, whose main website has now been shut down, was already on the decline (there were more than 1,300 infections last spring, but fewer than 400 in April 2014, according to Symantec), there are other remote accessing tools out there. “Even if there are just 100 people using Blackshades, there are another 100 using a tool with a different name that works exactly the same way,” says CDT’s Sandvik. Additionally, it’s not clear that the FBI will be able to get the Blackshades charges to stick. As the Daily Beast notes, it may be hard for prosecutors to prove whether the defendants who possessed the software used it for illegal activity.

What should I do to keep my computer private?
Follow best security practices. The FBI and security experts recommend that you update your software, including anti-virus software, install a good firewall, don’t open suspicious email attachments or URLs—even if they come from people on your contact list—and create strong passwords. The FBI has also published a list of files that you can search for on your hard drive to see if your computer has been infected. “Regardless of the specific kind, if you get malware on your system, it’s bad,” says Christopher Budd, a spokesman for Trend Micro, a Japanese security software company. “But people shouldn’t worry about malware, they should take concrete steps.” And if you put tape over your webcam, too, no one will judge you. “I do,” says Sandvik.

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with the Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

AN IMPORTANT UPDATE

We’re falling behind our online fundraising goals and we can’t sustain coming up short on donations month after month. Perhaps you’ve heard? It is impossibly hard in the news business right now, with layoffs intensifying and fancy new startups and funding going kaput.

The crisis facing journalism and democracy isn’t going away anytime soon. And neither is Mother Jones, our readers, or our unique way of doing in-depth reporting that exists to bring about change.

Which is exactly why, despite the challenges we face, we just took a big gulp and joined forces with the Center for Investigative Reporting, a team of ace journalists who create the amazing podcast and public radio show Reveal.

If you can part with even just a few bucks, please help us pick up the pace of donations. We simply can’t afford to keep falling behind on our fundraising targets month after month.

Editor-in-Chief Clara Jeffery said it well to our team recently, and that team 100 percent includes readers like you who make it all possible: “This is a year to prove that we can pull off this merger, grow our audiences and impact, attract more funding and keep growing. More broadly, it’s a year when the very future of both journalism and democracy is on the line. We have to go for every important story, every reader/listener/viewer, and leave it all on the field. I’m very proud of all the hard work that’s gotten us to this moment, and confident that we can meet it.”

Let’s do this. If you can right now, please support Mother Jones and investigative journalism with an urgently needed donation today.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate