Tuesday 20 May 2014 @ 09:20
National Crime Agency
Printable version

Unprecedented UK operation aids global strike against Blackshades malware

Seventeen suspected users of software designed to take over, control and steal information from personal computers have been arrested in the first ever UK-wide cyber crime operation.  

Coordinated by the National Crime Agency, a week of arrests, searches and seizures has involved nearly every UK Regional Organised Crime Unit (ROCU), as well as Police Scotland and the Metropolitan Police.
 
The arrests comprise:-

  • A male in Derbyshire by the East Midlands Special Operations Unit (EMSOU)
  • Four males by the West Midlands ROCU. These took place in Birmingham, Halesowen, Wolverhampton and Newcastle-under-Lyme respectively
  • A male in Brixham, Devon, by ZEPHYR, the south west ROCU
  • Two males by SEROCU, the south east ROCU. These took place in Andover, Hampshire, and Ashford, Kent respectively
  • Four males by TITAN, the north west ROCU. Two took place in Liverpool, one in Manchester and one in Warrington.
  • One male in Woodford Green, Essex, by ERSOU, the eastern ROCU.
  • Two males, in St Andrews and Glasgow respectively, by Police Scotland
  • One male in London by the Metropolitan Police
  • One male in Leeds by the Yorkshire and Humberside ROCU

The UK investigation forms part of global activity targeting the developers and prolific users of Blackshades, a set of malware tools sold online for under £100.  
 
Initiated by the FBI and coordinated in Europe through Eurojust and the European Cybercrime Centre (EC3) at Europol, police forces internationally have apprehended dozens of suspected users.
 
The most common Blackshades product is a Remote Access Tool (RAT), which enables cyber criminals to remotely take over and control the operations of an infected computer and can be used to:

  • Access the webcam of the victim, turning it on without the user’s knowledge and taking screen shots
  • Access personal files and documents, and download new content
  • Engage in unsolicited chat with the victim
  • Infect USB devices to aid further spreading of malware
  • Instruct the victim’s computer to help commit Distributed Denial of Service (DDOS) attacks
  • Infect other computers via peer-to-peer communications

The Blackshades inventory also includes a Password Recovery Application designed to capture usernames and passwords inputted on a victim’s machine. The criminal can then view the stolen data in a similar way to an email inbox.

People are typically infected by clicking on external links on social networking and communication platforms. Instead of viewing a picture or video, the victim unwittingly installs the malware. In many cases, those affected will have no indication they are infected.

Investigators believe that around 200,000 usernames and passwords of victims across the world may have been extracted by Blackshades users in the UK.


Andy Archibald, Deputy Director of the NCA’s National Cyber Crime Unit, said:
 
“Criminals throughout the UK and across the world are finding out that committing crimes remotely offers no protection from arrest. The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together to tackle the perpetrators and help keep people safe.
 
“Cyber crime is one of the most significant criminal threats to the UK. The NCA is helping to build the capacity of its partners across the country and coordinating the UK’s collective efforts as part of the response. The commitment of our police partners in the cyber arena has been clearly demonstrated by the work culminating in this week’s dramatic activity.”
 
National Policing lead on e-crime, Deputy Chief Constable Peter Goodman, said:
 
“This has been a superbly co-ordinated intelligence-led international policing response to a specific emerging cyber crime threat, which could have given offenders access to personal security information held by citizens of the UK and overseas.

“It demonstrates the determination of the National Crime Agency, its partners overseas and the UK’s newly-established regional cyber crime units to identify, trace and disrupt those whose potential criminal activity presents a threat to the public’s lawful use of the intranet.

“It also sends out a clear message to cyber criminals that we have the technology, capability and expertise to track them down, and should, I hope, reassure the public that the police can and will respond effectively to the reports we receive about the criminal use of computer networks and malware to by-pass security measures we rely on to keep our personal data safe.”
 
In addition to arresting people believed to have used Blackshades, the NCA is using a variety of approaches to warn individuals who have downloaded the malware but not deployed it that they are now known to the agency. Any movement into criminality will result in further action.
 
The NCA urges members of the public to ensure they keep antivirus software regularly updated, and to back up their computer and other elctronic devices to ensure they can recover files, including important documents and photographs. Further advice on internet safety can be found atGetsafeonline and Cyberstreetwise
 
Anyone who believes they have lost money through malware should report it at www.actionfraud.police.uk

Channel website: http://www.nationalcrimeagency.gov.uk/

Share this article

Latest News from
National Crime Agency

Arrests made over deadly Channel crossing

25/04/2024 16:15:00

Three men have been arrested on suspicion of facilitating illegal immigration and entering the UK illegally, as part of an investigation into a Channel boat crossing which resulted in the deaths of a number of migrants, including a child, off the French coast recently (23 April).

Dutch national faces decade behind bars for cocaine smuggle attempt

25/04/2024 11:15:00

A 41-year-old man who was caught with a car boot full of cocaine at an Essex port has been jailed for 10-and-a-half years following a National Crime Agency investigation.

Albanian people smuggler jailed over small boats crossings

23/04/2024 15:15:15

An Albanian man who organised small boats crossings for migrants, including children as young as five, has been jailed after a National Crime Agency investigation.

European police chiefs call for end-to-end encryption roll out to include public protection measures

22/04/2024 16:15:00

The Director General of the National Crime Agency and European Police Chiefs are calling for industry and governments to take urgent action to ensure public safety across technology platforms.

Pair jailed for attempt to smuggle migrants out of the UK

22/04/2024 09:15:00

Two men who attempted to smuggle migrants from the UK to France in the back of a lorry have been sentenced following a National Crime Agency (NCA) investigation.

Operation Venetic: Senior leader of Merseyside gang that shipped class A drugs between England and Scotland is convicted

17/04/2024 12:10:00

A high-ranking member of an organised crime group (OCG) that trafficked heroin and cocaine has been convicted following his extradition by the National Crime Agency.

Four arrested on suspicion of smuggling money from UK to Albania

16/04/2024 11:15:00

Four alleged members of an organised crime group that specialises in smuggling criminal cash out of the country and into Albania have been arrested in a National Crime Agency investigation.

Plumber who converted blank firing guns into lethal weapons jailed for seven years

15/04/2024 16:15:00

A plumber who converted blank firing guns into lethal weapons has been jailed for seven years and two months following a National Crime Agency investigation.

UK arrest in €645 million international investment scam

15/04/2024 10:10:00

The National Crime Agency has arrested a senior staff member of a scam company, joining law enforcement across the continent to crack down on “JuicyFields” – a notorious and elaborate Ponzi scheme.