International Police Forces Arrest 80 Members Of The BlackShades Malware Gang

International police forces have arrested 80 people involved in creation, distribution and use of malware sold under the BlackShades brand, 17 of them in the UK.

The two-day operation across 16 countries involved 359 house searches, and resulted in the seizure of 1100 devices believed to be used for criminal purposes, as well as “substantial quantities” of cash, illegal firearms and drugs.

The UK National Crime Agency (NCA) said this is the first cyber crime operation to involve police forces from every part of the UK.

“Criminals throughout the UK and across the world are finding out that committing crimes remotely offers no protection from arrest. The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together to tackle the perpetrators and help keep people safe,” commented Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit.

All about cooperation

According to Interpol, BlackShades is a loosely organised group that has been developing and selling malware to thousands of ‘customers’ all over the world. What makes its products especially dangerous is their affordable nature – a full kit of BlackShades tools is typically sold online for less than £100.

A young man in the Netherlands was recently arrested after it emerged that he infected at least 2000 computers with BlackShades Remote Access Tool (RAT) in order to connect to webcams and collect images of women and girls.

A different BlackShades tool has been used to encrypt files on a user’s system and on the local network it is attached to, thus making them inaccessible. It then asked the victim to transfer ‘ransom’ to a specified account in order to receive an encryption key. This type of malware is generally known as ‘ransomware’ – similar to Cryptolocker, which became popular at the end of 2013.

In addition, investigators believe that around 200,000 usernames and passwords of victims worldwide may have been extracted by UK-based BlackShades users.

As part of the international operation, police forces raided properties in the UK, Netherlands, Belgium, France, Germany, Finland, Austria, Estonia, Denmark, USA, Canada, Chile, Croatia, Italy, Moldova and Switzerland.

The crackdown was initiated by the FBI, coordinated by Eurojust and supported by the European Cybercrime Centre (EC3), a recently established division of Europol.

The UK part of the operation involved nearly every Regional Organised Crime Unit across the country, from Glasgow to Liverpool, Leeds and London.

“It sends out a clear message to cyber criminals that we have the technology, capability and expertise to track them down, and should, I hope, reassure the public that the police can and will respond effectively to the reports we receive about the criminal use of computer networks and malware to by-pass security measures we rely on to keep our personal data safe,” said deputy chief constable Peter Goodman, National Policing lead on e-crime.

How well do you know network security? Try our quiz and find out!