The first-ever UK-wide cyber crime operation has netted 17 suspected users of Blackshades malware, which is designed to take over control of computers and steal information.
Co-ordinated by the new National Crime Agency, the week-long operation has involved nearly every UK regional organised crime unit as well as Police Scotland and the Metropolitan Police.
The UK investigation is part of global activity targeting developers and prolific users of Blackshades, a set of malware tools sold online for less than £100.
In an operation initiated by the FBI and co-ordinated in Europe through Eurojust and the European Cybercrime Centre (EC3) at Europol, police forces internationally have apprehended dozens of suspected users.
The UK arrests took place in Derbyshire; Birmingham; Halesowen; Wolverhampton; Newcastle-under-Lyme; Brixham, Devon; Andover, Hampshire; Ashford, Kent; Liverpool; Manchester; Warrington; London; St Andrews; Glasgow; and Leeds.
Further arrests took place in the Netherlands, Belgium, Finland, Austria, Estonia, Denmark, Canada, Chile, Croatia and Italy, taking the total number of arrests in connection with Blackshades to 97.
The most common Blackshades product is a remote access tool (RAT), which enables cyber criminals to remotely take over and control the operations of an infected computer.
The malware can be used to perform various actions, including taking screenshots and accessing files and documents.
It can also be used to hijack computers and use them as part of botnets to carry out distributed denial of service (DDoS) attacks.
Blackshades is also designed to infect USB devices to aid further spreading of malware and infect other computers via peer-to-peer communications.
However, typical infections are spread through malicious links planted on social networking platforms.
More on the NCA
- NCA competition launches 2015 Cyber Security Challenge UK
- NCA begins major cyber recruitment campaign
- NCA notches up first phishing conviction
- NCA changed UK cyber crime fighting, says NCCU head
- Legitimate users of Tor need not worry, says NCA
- NCA investigates “deep web” after UK Silk Road arrests
- BT, GCHQ and NCA set challenge to find UK cyber defenders
- British man arrested over hacking into US military systems
- Police forces still struggling on cyber front
A password recovery application within the malware is designed to capture usernames and passwords, enabling the criminal to view the stolen data in a similar way to an email inbox.
Investigators believe that about 200,000 usernames and passwords of victims across the world may have been extracted by Blackshades users in the UK.
Andy Archibald, deputy director of the NCA’s National Cyber Crime Unit (NCCU), said criminals throughout the UK and across the world are finding that remote crime is no protection from arrest.
“The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together,” he said.
Archibald said cyber crime is one of the most significant criminal threats to the UK and the NCA is helping to build the capacity of its partners across the country and co-ordinating the UK’s collective efforts.
“The commitment of our police partners in the cyber arena has been clearly demonstrated by the work culminating in this week’s dramatic activity,” he said.
National Policing lead on e-crime, Deputy Chief Constable Peter Goodman, described the operation as a “superbly co-ordinated, intelligence-led” international policing response to the cyber crime threat.
“It demonstrates the determination of the NCA, its partners overseas and the UK’s newly-established regional cyber crime units to identify, trace and disrupt those whose potential criminal activity presents a threat to the public’s lawful use of the intranet,” he said.
Goodman said the operation also demonstrates that law enforcement has the technology, capability and expertise to track criminals down.
“It should also reassure the public that the police can and will respond effectively to the reports we receive about the criminal use of computer networks and malware to bypass security measures we rely on to keep our personal data safe,” he said.
In addition to the arrests, the NCA is warning individuals who have downloaded the malware, but have not yet deployed it, that they are now known to the agency.
The NCA has urged members of the public to keep antivirus software updated regularly, and to back up their computer and other electronic devices to ensure they can recover files, including important documents and photographs.
Anyone who believes they have lost money through malware should report it through the national Action Fraud website.