By Danny Yadron and Christopher M. Matthews
The Federal Bureau of Investigation and foreign police agencies
have launched a series of raids around the world at the homes of
people linked to a type of hacking software called Blackshades,
according to posts on hacker forums and people familiar with the
investigation.
The software is what experts call a "rat"--remote access
tool--that allows people to control computers from a distance. The
targets of the raids are suspected of buying and selling
Blackshades and were subjected to searches and seizures in recent
days, according to people familiar with the case.
The searches are part of a coordinated crackdown on an
international ring of suspected criminal hackers, according to the
people familiar with the investigation. Federal prosecutors in New
York plan to announce the results of the raids as soon as Monday,
said those familiar with the situation.
The people familiar with the case said hackers sold the
Blackshades software from a website--called bshades.eu--that was
part of an underground hacking marketplace in which people write
programs for others to buy. The website, which has been taken
offline, and the maker of the Blackshares software couldn't be
immediately reached for comment.
Blackshades can be used for legitimate purposes, such as
accessing a work computer from home. When used for illegal means,
however, it can allow hackers to access files on a computer, track
keyboard strokes to learn passwords or even to take over a
computer's camera.
Hackers sometimes use the software to take over of a computer
and then demand a ransom to return control, said law-enforcement
officials and computer security experts. Symantec Corp., a computer
security company, recorded thousands of Blackshades infections as
of last year.
U.S. law-enforcement officials increasingly are targeting the
architecture of the "dark Web"--the corners of the Internet where
people can buy illegal goods and services on Amazon-like sites.
Earlier this year, federal prosecutors in New York began
investigating several exchanges that handle bitcoin, the virtual
currency that is a preferred form of payment for Internet
transactions that users want to keep anonymous.
Their concern is that illegal activity is spreading online
because it has become increasingly easy to purchase hacking tools
that require little technical expertise. Stopping the spread of
those tools could make it harder to participate in Internet crime,
cybercrime experts contend.
Blackshades, the target in the latest raids, is more common in
Europe, said Tom Kellerman, Chief Cybersecurity Officer at Trend
Micro Inc., a cybersecurity company. The software is one of
hundreds of hacking tools for sale in a "robust arms bazaar," Mr.
Kellerman said. "The elite hackers of 2014 have evolved to become
developers of crime kits as there is an economy of scale around the
provision of cyberattack capabilities."
The raids came in recent days and sometimes targeted
students.
One user in the U.K. said the police knocked on his door when
his parents were on vacation, according to a post on Hack Forums, a
widely used message board for Internet fraudsters. Another in
Germany wrote, "I got a call from my mother" that five officers
took all of the family's computers.
On Tuesday, several Netherlands-based users of Hack Forums said
they had been raided by the police. "They took all my stuff," one
named "Vert0x" wrote. "Be warned." The operators of the message
board couldn't be reached for comment.
"Razor" who said he was from Germany, added, "Hey guys, guess
what happened today? I got a visit from the German police because I
bought Blackshades."
The takedown is likely to involve charging people in Eastern
Europe and other countries, said those familiar with the matter. It
wasn't clear whether prosecutors will be able to extradite everyone
who is charged, the person said.
Bshades.eu was taken offline recently, and there is some
evidence the FBI took over the website weeks ago, said Charles
Tendell, a cybersecurity consultant who monitors hacking
forums.
In 2012, the FBI arrested Michael Hogue in Tucson, Ariz., as
part of a similar Internet crime takedown. Mr. Hogue, who went by
the username xVisceral, sold and promoted Blackshades, according to
federal officials and Symantec researchers. But even after Mr.
Hogue's arrest, use of Blackshades still rose, Symantec staffers
wrote last year.
Mr. Hogue pleaded guilty and is awaiting sentencing, according
to court records. Mr. Hogue's lawyer couldn't immediately be
reached for comment.
Devlin Barrett contributed to this article.
Write to Danny Yadron at danny.yadron@wsj.com and Christopher M.
Matthews at christopher.matthews@wsj.com
Subscribe to WSJ: http://online.wsj.com?mod=djnwires