The full BlackShades RAT crackdown details

You won't be needing those sunglasses

A couple of days have passed an the information regarding the results of the international crackdown on the BlackShades RAT have been pilling up. We have made a massive collection of resources which can be used to research the global BlackShades RAT operation. The BlackShades RAT which infected 500 000 computers has been the target of a international operation led by Europol, The FBI and other government agencies.

In 2012, 23 people were arrested, these people where behind the creation of the BlackShades RAT.

Now we are two years further and it seems that hundreds of people are being arrested because they are being suspected of using the BlackShades RAT.

The FBI stated the following on the operation against the BlackShades RAT users:

We uncovered the existence of the Blackshades malware during a previous international investigation called Operation Cardshop, which targeted “carding” crimes—offenses in which the Internet is used to traffic in and exploit the stolen credit cards, bank accounts, and other personal identification information of hundreds of thousands of victims globally. We spun off a new investigation and ultimately identified one of the Cardshop subjects—Michael Hogue—and Alex Yucel as the Blackshades co-developers. Yucel, the alleged head of the organization that sold the malware, was previously arrested in Moldova and is awaiting extradition to the U.S.

Symantec published a report which showed various statistics from the BlackShades RAT. Symantec reported that during the Arab Springs the BlackShades RAT was used.

Blackshades was also observed in politically motivated attacks during The Arab Spring. Political activists were targeted in Libya and Syria during the uprisings with one variant Blackshades (W32.Shadesrat.C).

The report on WSJ.com shows how people in Germany were contacted by the German police as they would have bought the BlackShades RAT. The Dutch article from security.nl reads that 70 homes were accessed by the French police during the BlackShades RAT operation. The Australian news website states that hackers in Australia, Canada, Asia and Europe had flooded chatrooms, online forums and websites, to complain about the raids that are being performed by government agencies. Rickey Gevers collected various letters that were send by government agencies to hackers that are being suspected to have bought the BlackShades Rat.

The BlackShades RAT operation was held in the following countries:

  • Austria
  • Belgium
  • Canada
  • Chile
  • Croatia
  • Denmark
  • Estonia
  • France
  • Germany
  • Italy
  • The Netherlands
  • The United States
you wont be needing those sunglases
NCSC 2014 conference: You won’t be needing those sunglasses

The official website which provided the BlackShades RAT has been seized by the FBI. The Dutch police already decided that they are going to publish a talk about the BlackShades RAT operation during the NCSC conference in The Netherlands.