Blackshades Explained

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows.^[1] According to US officials, over 500,000 computer systems have been infected worldwide with the software.^[2]

In 2014, the United States Federal Bureau of Investigation (FBI) arrested hundreds of people who had Blackshade in their computer. Before the FBI crackdown, Blackshades was sold for US$40 on Hack Forums, and reportedly generated US$350,000 in sales.

Functionality

Blackshades infects computer systems by downloading onto a victim's computer when the victim accesses a malicious webpage (sometimes downloading onto the victim's computer without the victim's knowledge, known as a drive-by download) or through external storage devices, such as USB flash drives.^[3] Blackshades has the ability to infect and hack multiple computers from the release of a bait that the hacker can make use of, an improved version of blackshades was released shortly after the original release of the primary version, when hacking organizations like Octagonun and Cyber-Sec, decided to develop special features for coupling to the software such as undetectability, DDoS / TCP Flood, and backdoor persistence features.^[4]

Blackshades can reportedly be used remotely to access an infected computer without authorization. Blackshades allows hackers to perform many actions on an infected computer remotely without authorization, including the ability to:^[5]

• Access and modify files on the victim's computer.
• Log keystrokes on the victim's computer.
• Access to the webcam of the victim.
• Make all infected computers subordinate to DDoS attack commands, using them as robots to carry out extremely effective attacks against targets.
• Download and execute files on the victim's computer.
• Use the victim's computer as a proxy server.

Blackshades reportedly can be used by computer hackers with little experience or by script kiddies, hackers that use programs developed by others to attack computer systems.

Blackshades can also act as ransomware. Hackers using Blackshades can restrict access to the victim's computer and demand a ransom paid to the hacker in order for the restriction to be lifted.

Detection and removal

Many antivirus programs can successfully detect and remove Blackshades, however hackers using the Blackshades software usually avoid detection of Blackshades infections by using software that obfuscates the Blackshades binary to avoid detection by antivirus programs, which the Blackshades organization also sold along with the Blackshades software.^[6]

Blackshades in the media

In 2012, Citizen Lab and EFF reported on the use of Blackshades to target opposition forces in Syria.^[7]

In 2015, Stefan Rigo from Leeds was given a 40-week suspended sentence for using BlackShades against 14 people, 7 of whom he knew personally. It is reported he paid for the software using his ex-girlfriend's payment card.^[8]

In 2013, Cassidy Wolf was a victim of sextortion, after photographs of her were hacked and used in an attempt to blackmail her after being Miss Teen USA 2013.^{[9] [10] [11]} The FBI ran a probe after Wolf reported a threatening email demanding a 'special performance' for the hacker, whom she suspected to be Jared James Abrahams, her former high school classmate. Wolf never created the video demanded, and on September 26, 2013, Abrahams surrendered to FBI agents in Orange County. In November 2013, Abrahams pleaded guilty to hacking over 100-150 women and installing the highly invasive malware Blackshades on their computers in order to obtain nude images and videos of them. One of his victims was a 14-year-old girl.^[12] On March 18, 2014; Abrahams was sentenced to 18 months in federal prison.^[13] Legal scholar Star Kashman speculates that Abrahams used the technique of Google Dorking to find and target Cassidy Wolf's webcam online, leading to the act of sextortion.^[14]

FBI crackdown

In 2012, the FBI ran a sting operation called "Operation Card Shop", which led to 24 arrests of hackers in eight countries. One of those arrested was Michael Hogue (also known as xVisceral in online hacking communities). Hogue, a co-creator of Blackshades, was arrested and indicted on charges under, more commonly known as the Computer Fraud and Abuse Act. He was sentenced to five years of probation, 20 years suspended prison sentence.^[15]

In 2014, the FBI coordinated a worldwide operation to combat the use of the malware, leading to the arrest of almost one hundred people in nineteen countries. On May 19, charges were laid in the United States against five individuals: two men identified as developers of Blackshades and three other men who sold the software or used it to infiltrate other people's computers.^[16] Exactly 359 searches were conducted and more than 1,100 electronic devices have been seized as part of the operation. According to the FBI, over 500,000 computers in more than 100 countries were infected by the malware.^[17] Blackshades sold typically for US$40, and reportedly generated US$350,000 in sales.

External links

• International Blackshades Malware Takedown - FBI
• International Blackshades Malware Takedown - The Guardian
• Blackshades – Coordinated Takedown Leads to Multiple Arrests - Symantec

Notes and References

1. Web site: Could your Computer be Infected by Blackshades? . . May 20, 2014.
2. News: BlackShades: Arrests in computer malware probe. 2014-05-19. BBC News. 19 May 2014.
3. Web site: U.S. v. Michael Hogue Complaint. June 19, 2012. blackshades.net . United States Department of Justice. Loyd. Jordan. dead. https://web.archive.org/web/20141226012840/http://www.justice.gov/usao/nys/pressreleases/June12/cardshop/hoguemichaelcomplaw.pdf. December 26, 2014.
4. Web site: Manhattan U.S. Attorney And FBI Assistant Director-In-Charge Announce Charges In Connection With Blackshades Malicious Software That Enabled Users Around The World To Secretly And Remotely Control Victims' Computers. May 19, 2014. December 13, 2014. United States Department of Justice.
5. Web site: You Dirty RAT! Part 2 – BlackShades NET. June 15, 2012. December 31, 2014. Malwarebytes UNPACKED. Malwarebytes Corporation. Kujawa. Adam.
6. Web site: U.S. v. Brendan Johnston Complaint 14 Mag 1086. May 16, 2014. United States Department of Justice. Hoffman. Patrick. 8.
7. Web site: Marquis-Boire . Morgan . Hardy . Seth . Syrian Activists Targeted with Blackshades Spy Software . June 19, 2012.

   Web site: Marquis-Boire . Morgan . Galperin . Eva . Eva Galperin . New Malware Targeting Syrian Activists Uses Blackshades Commercial Trojan . July 12, 2012.

8. News: Rigo . Stefan . Webcam hacker spied on sex acts with BlackShades malware - BBC News . BBC News . October 8, 2015.
9. Web site: Cassidy Wolf: Miss Teen USA 'Sextortion Victim' . . August 16, 2013 . September 12, 2013 . June 10, 2016 . https://web.archive.org/web/20160610225015/http://news.sky.com/story/1129659/cassidy-wolf-miss-teen-usa-sextortion-victim . live .
10. Web site: Cassidy Wolf, Miss Teen USA, claims she was extorted by an online hacker, report says . . August 14, 2013 . September 12, 2013 . November 21, 2013 . https://web.archive.org/web/20131121025131/http://www.cbsnews.com/8301-504083_162-57598489-504083/cassidy-wolf-miss-teen-usa-claims-she-was-extorted-by-an-online-hacker-report-says/ . live .
11. News: Miss Teen USA hacker jailed for 18 months . BBC News . March 18, 2014 . June 20, 2018 . November 22, 2017 . https://web.archive.org/web/20171122135204/http://www.bbc.co.uk/news/technology-26616913 . live .
12. Web site: Hacker Who 'Sextorted' Miss Teen USA Gets 18 Months In Prison . Business Insider . March 18, 2014 . March 19, 2014 . Moss, Caroline . December 25, 2016 . https://web.archive.org/web/20161225032733/http://www.businessinsider.com/jared-james-abrahams-gets-18-months-in-prison-2014-3 . live .
13. Web site: Miss Teen USA webcam hacker Jared James Abrahams sentenced to 18 months in prison. The Independent. March 18, 2014. March 19, 2014. October 5, 2017. https://web.archive.org/web/20171005210015/http://www.independent.co.uk/news/world/americas/miss-teen-usa-webcam-hacker-jared-james-abrahams-sentenced-to-18-months-in-prison-9200575.html. live.
14. Kashman . Star . GOOGLE DORKING OR LEGAL HACKING: FROM THE CIA COMPROMISE TO YOUR CAMERAS AT HOME, WE ARE NOT AS SAFE AS WE THINK . Wash. J. L. Tech. & Arts . 2023 . 18 . 2.
15. Web site: Manhattan U.S. Attorney And FBI Assistant Director-In-Charge Announce 24 Arrests In Eight Countries As Part Of International Cyber Crime Takedown. The United States Attorney Office for the Southern District of New York. dead. https://web.archive.org/web/20150101040233/http://www.justice.gov/usao/nys/pressreleases/June12/cardshoparrests.html. 2015-01-01.
16. News: BlackShades malware bust ends in nearly 100 arrests worldwide . May 19, 2014 . CBS Interactive . 20 May 2014.
17. News: More than half million computers worldwide infected with BlackShades malware. May 20, 2014. Big News Network.