Ruslan Grumble - Fotolia

Cyber criminal RAT busted by cops

Police forces around the UK have arrested nine people as part of an international operation targeting users of a remote access trojan

A website that sold more than 14,500 copies of a remote access trojan (RAT) to cyber criminals in 124 countries has been taken down, and nine people arrested in the UK, following an international effort spearheaded by the North West Regional Organised Crime Unit (NWROCU) with support from the National Crime Agency (NCA) and Australia’s Federal Police force (AFP).

The Imminent Monitor RAT was sold for as little as $25 (€23 or £19), and gave full remote control of the endpoint if installed on a victim’s computer, enabling cyber criminals to disable other cyber security protections, steal data or passwords, record keystrokes, and activate webcams.

“Working with the NWROCU, AFP and a range of international and European partners, we were able to support the takedown of a website that was distributing malware and facilitating hacking offences,” said Phil Larratt of the NCA’s National Cyber Crime Unit.

“The IM RAT was used by individuals and organised crime groups in the UK to commit a range of offences beyond just the Computer Misuse Act, including fraud, theft and voyeurism. Cyber criminals who bought this tool…were able to commit serious criminality, remotely invading the privacy of unsuspecting victims and stealing sensitive data.”

The international operation began on 25 November with enforcement action taking place in nine different countries. A total of 85 warrants were executed and 14 people taken into custody, with more than 400 pieces of equipment seized.

In the UK, 21 search warrants were executed in Essex, Hull, Lancashire, Leeds, London, Manchester, Merseyside, Milton Keynes, Nottingham, Somerset, Surrey and Walsall, targeting suspected RAT users. Nine people were arrested and 100 items seized.

Following this, on the morning of 29 November, Australian law enforcement effected a takedown of the website Imminent Methods, meaning the tool can no longer be used by anybody else who has acquired it.

“This has been a complex, challenging cyber investigation with international scope. We have been supported throughout by the AFP, the NCA and our partners in Europol and Eurojust. The UK’s Regional Organised Crime Unit (ROCU) network and Force Specialist Cyber Crime Units were pivotal during this phase of enforcement activity,” said detective inspector Andy Milligan of the NWROCU.

“The illicit use of IM RAT is akin to a cyber burglary, with criminals stealing data, including images and movies, secretly turning on web cams, monitoring keystrokes and listening in to people’s conversations via computer microphones.

“Cyber crime is not an anonymous victimless crime as some believe. There are real-world consequences to people’s actions in cyber space and the international activity this week has shown how serious the UK treats this sort of criminality,” said Milligan, who urged users to keep up to date with current National Cyber Security Centre guidance on how to protect oneself.

Read more about cyber crime

  • It’s nearly Christmas, and cyber attacks and fraud attempts in the retail sector are ramping up. Is it time to panic?
  • Manifesto also says Tories would “empower the police to safely use new technologies like biometrics and artificial intelligence, along with the use of DNA, within a strict legal framework”.
  • Domain suspensions for criminal activity in the UK over the past year has dropped for the first time since 2014, says Nominet.

Read more on Hackers and cybercrime prevention

Data Center
Data Management