Syrian Spying Tool DarkComet Killed

Tom Brewster is TechWeek Europe’s Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Remote access tool killed by its creator, but the Syrian government may still be using it

The DarkComet remote administration tool (RAT) project has come to an end, after the Syrian Government used the tool to spy on its opponents.

The creator of the DarkComet RAT, DarkcoderSc or Jean-Pierre Lesueur, said earlier this year that he was upset the software was being used by Syria to keep tabs on anti-government Web users. Now, he has decided to end the project due to “misuse of the tool”. A variant was also seen targeting Mac OS X systems last year.

DarkComet de-orbitted

“If there is something I will not tolerate [it] is to have to pay the consequences for your mistakes and i will not cover for you,” DarkcoderSc wrote in a valedictory note on the official website for the DarkComet RAT.

DarkcoderSc  said he would continue to work in security, but would not be creating anything close to  resemblinbg malware.

He claimed he “never cautioned small/huge hacker groups who used my software wrongly”, saying his goals were to provide “access to tools more powerful than any paying/private existing tool in terms of security and all for free”.

“DarkComet RAT ends like this after several years of res/dev and with thousands of users through the world,” DarkcoderSc  added. “The source codes will remain private and not for sale.”

Many can still use the DarkComet tool, but no more upgrades will be delivered and downloads will not be pushed by DarkcoderSc.

Symantec said that any closures of RAT projects were a positive thing, especially if the creators were compelled to do so by the threat of prosecution.

“While in the past authors of such tools believed that they were immune from prosecution by claiming that they were educational tools, arrests, starting with the alleged author of the infamous Mariposa botnet, have begun to wake up authors of such tools to the possibility that they could be breaking the law,” the security giant said in a blog post.

“These arrests are sending a message to the authors of such tools that they are not above the law and could face prosecution for their actions.”

Bashar al-Assad’s government has tried to trick citizens into downloading RATs, as TechWeekEurope was told earlier this year.  The regime used Skype and social engineering tricks to infect activist systems with surveillance tools.

Are you a security pro? Try our quiz!