Inside FBI's massive cybercrime bust

May 19, 2014: 1:20 PM ET
See how FBI made global hacker bust
NEW YORK (CNNMoney)

Computer hacker forums lit up last week as Federal Bureau of Investigation agents and police in 17 countries began knocking on doors, seizing computers and making arrests.

On the popular websites where cyber criminals buy and sell software kits and help each other solve problems, hackers issued warnings about police visits to their homes.

The hackers quickly guessed that a major crackdown was underway on users of the malicious software known as Blackshades.

The FBI and prosecutors in the Manhattan U.S. attorney's office announced the results of that probe on Monday: More than 90 arrests worldwide.

The malware sells for as little as $40. It can be used to hijack computers remotely and turn on computer webcams, access hard drives and capture keystrokes to steal passwords -- without victims ever knowing it.

Related: Beware, your computer may be watching you

Criminals have used Blackshades to commit everything from extortion to bank fraud, the FBI said.

Last week, watching it all play out were about two dozen FBI cybercrime investigators holed up in the New York FBI's special operations center, high above lower Manhattan.

Rows of computer screens flickered with updates from police in Germany, Denmark, Canada, the Netherlands and elsewhere. Investigators followed along in real time as hundreds of search warrants were executed and suspects were interviewed.

The sweep, capping a two-year operation, is one of the largest global cybercrime crackdowns ever. It was coordinated so suspects didn't have time to destroy evidence. Among those arrested, in Moldova, was a Swedish hacker who was a co-creator of Blackshades.

"The charges unsealed today should put cyber criminals around the world on notice," said Leo Taddeo, chief of the FBI's cybercrime investigations in New York. "If you think you can hide behind your computer screen -- think again. "

hackers
Officials say Blackshades was used to illegally access the computers of 700,000 victims around the world, as shown in this FBI heatmap.

700,000 victims around the world: Inside the FBI special operations center, six large computer monitors displayed key parts of the probe. Agents kept an eye on one screen showing a popular website where Blackshades was sold. The site was taken down by the FBI.

Another monitor showed a heatmap of the world displaying the locations of the 700,000 estimated victims, whose computers have been hijacked by criminals using the Blackshades software. Splotches of green on the map indicated concentrations of infected computers in highly populated parts of the U.S., Europe, Asia and Australia.

The FBI said that in just a few years Blackshades has become one of the world's most popular remote-administration tools, or RATs, used for cybercrime.

Taddeo said the unprecedented coordination with so many police agencies came about because of concern about the fast growth of cybercrime businesses.

"These cyber criminals have paid employees, they have feedback from customers -- other cyber criminals -- to continually update and improve their product," Taddeo said recently. While he spoke, agents took calls from counterparts working the case in more than 40 U.S. cities.

Blackshades had grown rapidly because it was marketed as off-the-shelf, easy to use software, much like legitimate consumer tax-preparation software.

"It's very sophisticated software in that it is not very easy to detect," Taddeo said. "It can be installed by somebody with very little skills."

cassidy wolf
Cassidy Wolf, the reigning Miss Teen USA, was a victim of a Blackshades cyber attack.

'I felt completely violated': For victims whose personal computers were turned into weapons against them, the arrests bring reassurance.

Cassidy Wolf, the reigning Miss Teen USA, received an ominous email message in March 2013.

The email, from an unidentified sender, included nude photos of herself, obviously taken in her bedroom from her laptop. "Either you do one of the things listed below or I upload these pics and a lot more ... on all your accounts for everybody to see and your dream of being a model will be transformed into a porn star," the email said.

And so began what Wolf describes as three months of torture.

The email sender demanded better quality photos and video, and a five-minute sex show via Skype, according to FBI documents filed in court. He told her she must respond to his emails immediately -- software he had installed told him when she opened his messages.

"I felt completely violated," Wolf said in an interview. "I felt scared because I didn't know if this person was a physical threat. My whole sense of security and trust was gone."

A former classmate she knew, Jared Abrahams, had installed Blackshades malware on Wolf's laptop. In March, the 20-year-old computer science student was sentenced to 18 months in prison after pleading guilty to extortion and unauthorized access of a computer.

Abrahams had been watching her from her laptop camera for a year, Wolf later learned. The laptop always sat open in her bedroom, as she played music or communicated with her friends.

Abrahams had used Blackshades to target victims from California to Maryland, and from Russia to Ireland. He used the handle "cutefuzzypuppy" to get tips on how to use malware, according to FBI documents. In all, he told the FBI, he had controlled as many as 150 computers.

Related: Your hackable house

Cybercriminals like Abrahams often rely on weak links in computer security, and mistakes by victims, to infect computers.

Many computer users don't update anti-virus software. Many click on links sent in messages on social media sites such as Facebook, or in email, without knowing what they're clicking on. In seconds, malware is downloaded. Often computer users have no idea infection has taken place.

"A hacker is going to go for the low-hanging fruit," said Tyler Cohen Wood, a cybersecurity expert at the Defense Intelligence Agency and author of the book "Catching the Catfishers."

Victims often don't realize how easy they make themselves to be targeted and can better protect themselves by being careful about what they reveal online, Wood said.

Taddeo, the FBI cyber chief, said the most common way criminals have used Blackshades to target victims is by sending emails that seem legitimate, perhaps with a marketing offer, and with a link to click. "Anyone who signs on to the internet is potentially a victim of this tool," he said.

In Wolf's case, she received a Facebook message related to teen pageants. When her computer was infected it sent messages to other friends, whose computers also became infected.

The episode has made Wolf into a campaigner to urge young people to be better educated about online safety. She said her passwords are now more complicated and unique for each account, and she changes them often. She uses updated security software.

"I really didn't think that everything I worked for could be lost because of this," she said. "This can happen to anybody."

Join the Conversation

Search for Jobs