vrijdag 16 mei 2014

International -ongoing- BlackShades customers raid -Summary

Rumours within the cybercrime underground started to appear early May about people getting arrested and their equipment getting seized. Nothing uncommon so far, apart from that this time more and more people started to arise, with all the same stories, everywhere from Europe. At one point people even started posting 'proof'. Convincing proof.
If all turns out to be true we are being witness of one of the biggest international raids -ever- related to cybercrime.

Below is a summary of what the uproar is about. It contains user posts on different unrelated forums. 'Proof' users posted, some news articles that could be related, and probably most convincing, a domain seized by the FBI.

The domain bshades.eu went offline on Wednesday. According to its whois information the domain is seized by the FBI:


Most uproar is on hackforums.net where a dozen topics have been started some with even more than 70 pages of comments and more and more people showing up saying they have been a victim of the raid.
The image below show a Dutch hackforums user saying he was victim of the raid.

On this Belgium forum a user tells his story in Dutch.

He even posts some proof, most important sentence is: "Uw betrokkenheid inzake de aankooop, het bezit, de verspreiding en het gebruik van hackerools (Software om computers van derden te misbruiken)"
Translated: "Your involvement in buying, possesing, spreading and the use of hackertools."

The officer that signed the document is indeed, according to his linkedin profile, a ICT investigator.

This user from Finland posts another piece of 'proof'.
According to Mikko Hypponen this translates to: "It's a warrant for search and seizure, related to 'importing Blackshades XXXX' into Finland."

Below is a picture of someone claiming the Police is in front of his house because of a search warrant regarding BlackShades, as proof he posts this picture.

Here's a German user posting evidence of his arrest:

Another German person posting his comments:

And last one, here's a Dutch user talking about his arrest on a sole Dutch forum.

Then the newspapers. Most remarkable is that only French newspaper RTL seems to have inside information. They reported about a raid going on in France with in France alone 70 search warrants(!!) related to the use of BlackShades malware.

Dutch police declines to comment.

But most fascinating is this article from Reuters: "REUTERS SUMMIT-FBI plans cyber crime crackdown, arrests coming in weeks".
It says: "expects to announce searches, indictments and multiple arrests over the next several weeks, the agency's official in charge of combating cyber crime said on Wednesday."

What connects all these arrests is that they are all connected to the BlackShades RAT. Most users complain they once bought the BlackShades RAT and that is why are being arrested right now.

If all the above is true we are just seeing the tip of the iceberg. And are probably being witness of one of the biggest international raids ever related to cybercrime.

UPDATE #1:

The Dutch person provided me with some evidence.
According to the paper the investigation in the Netherlands has the name: "Rouwmantel".

12 opmerkingen:

  1. Hallo,
    Gebeurt dit echt als je Blackshades gebruikt?
    Dat de politie langs je deur komt en je electronica weg haalt?
    Leuk Blog trouwens!

    BeantwoordenVerwijderen
  2. I've been using Kaspersky Anti-virus for a few years, I'd recommend this product to everybody.

    BeantwoordenVerwijderen
  3. I wanted to thank you for this websites! Thanks for sharing. Great websites! for More visit:- YoWhatsApp & GBInstagram.

    BeantwoordenVerwijderen
  4. Thanks for sharing this wonderful information with us. WOuld like to share it on my website: - YoWhatsapp & iOS emulator

    BeantwoordenVerwijderen
  5. i am so much impressed with you . i mean you explain everything with so much details. very helpful thanx buddy.
    Yowhatsapp APK Free Download

    BeantwoordenVerwijderen
  6. It was a great pleasure reading your article. I would like to thank the web admin for this awesome layout of the site. Also, have a look at the FMWhatsApp and Stylish Facebook Names

    BeantwoordenVerwijderen
  7. It was a great pleasure reading your article. I would like to thank the web admin for this awesome layout of the site.

    BeantwoordenVerwijderen
  8. Nice Article! Please visit ApkGlo to download latest version of Thanks For This Information fmwhatsapp

    BeantwoordenVerwijderen