The Federal Bureau of Investigation and foreign police agencies have launched a series of raids around the world at the homes of people linked to a type of hacking software called Blackshades, according to posts on hacker forums and people familiar with the investigation.
The software is what experts call a “rat”—remote access tool—that allows people to control computers from a distance. The targets of the raids are suspected of buying and selling Blackshades and were subjected to searches and seizures in recent days, according to people familiar with the case.
The searches are part of a coordinated crackdown on an international ring of suspected criminal hackers, according to the people familiar with the probe. Federal prosecutors in New York plan to announce the results of the raids as soon as Monday, said those familiar with the situation.
The people familiar with the case said hackers sold the Blackshades software from a website—called bshades.eu—that was part of an underground hacking marketplace in which people write programs for others to buy. The website, which has been taken offline, and the maker of the Blackshares software couldn’t be immediately reached for comment.
Blackshades can be used for legitimate purposes, such as accessing a work computer from home. When used for illegal means, however, it can allow hackers to access files on a computer, track keyboard strokes to learn passwords or even to take over a computer’s camera.
Hackers sometimes use the software to take over of a computer and then demand a ransom to return control, said law-enforcement officials and computer security experts. Symantec Corp.
A computer security company, recorded thousands of Blackshades infections as of last year.
U.S. law-enforcement officials increasingly are targeting the architecture of the “dark Web”—the corners of the Internet where people can buy illegal goods and services on Amazon-like sites.
Earlier this year, federal prosecutors in New York began investigating several exchanges that handle bitcoin, the virtual currency that is a preferred form of payment for Internet transactions that users want to keep anonymous. Their concern is that illegal activity is spreading online because it has become increasingly easy to buy hacking tools that require little technical expertise. Stopping the spread of those tools could make it harder to participate in Internet crime, cybercrime experts contend.
Blackshades, the target in the latest raids, is more common in Europe, said Tom Kellerman, Chief Cybersecurity Officer at Trend Micro Inc., a cybersecurity company. The software is one of hundreds of hacking tools for sale in a “robust arms bazaar,” Mr. Kellerman said. “The elite hackers of 2014 have evolved to become developers of crime kits as there is an economy of scale around the provision of cyberattack capabilities.”
The raids came in recent days and sometimes targeted students.
One user in the U.K. said the police knocked on his door when his parents were on vacation, according to a post on Hack Forums, a widely used message board for Internet fraudsters. Another in Germany wrote, “I got a call from my mother” that five officers took all of the family’s computers.
On Tuesday, several Netherlands-based users of Hack Forums said they had been raided by the police. “They took all my stuff,” one named “Vert0x” wrote. “Be warned.” The operators of the message board couldn’t be reached for comment.
“Razor” who said he was from Germany, added, “Hey guys, guess what happened today? I got a visit from the German police because I bought Blackshades.”
The takedown is likely to involve charging people in Eastern Europe and other countries, said those familiar with the matter. It wasn’t clear whether prosecutors will be able to extradite everyone who is charged, the person said.
Bshades.eu was taken offline recently, and there is some evidence the FBI took over the website weeks ago, said Charles Tendell, a cybersecurity consultant who monitors hacking forums.
In 2012, the FBI arrested Michael Hogue in Tucson, Ariz., as part of a similar Internet crime takedown. Mr. Hogue, who went by the username xVisceral, sold and promoted Blackshades, according to federal officials and Symantec researchers. But even after Mr. Hogue’s arrest, use of Blackshades still rose, Symantec staffers wrote last year.
Mr. Hogue pleaded guilty and is awaiting sentencing, according to court records. Mr. Hogue’s lawyer couldn’t immediately be reached for comment.