UK raids against Blackshades malware users

May 19th 2014

Seventeen suspected users of a suite of malware tools designed to take over, control and steal information from personal computers have been arrested in the first ever UK-wide cyber crime operation. The arrests highlight the importance for everyone, of following simple procedures in order keep themselves and their online devices protected.

For information and advice on viruses and spyware, click here

Coordinated by the National Crime Agency (NCA), a week of arrests, searches and seizures has involved nearly every UK Regional Organised Crime Unit (ROCU), as well as Police Scotland and the Metropolitan Police.

The arrests – all of males – took place at geographically widespread addresss in England and Scotland. The UK investigation forms part of global activity targeting the developers and prolific users of the malware, called Blackshades. Dozens of suspected users have been apprehended around the world following an investigation led by the FBI and coordinated in Europe through Eurojust and the European Cybercrime Centre (EC3) at Europol.

Blackshades is a set of tools available online for £100. The most common is Remote Access Tool (RAT), which enables criminals to remotely take over and control the operations of an infected computer. It can be used to:

– Access the webcam of the victim, turning it on without the user’s knowledge and taking screen shots
– Access personal files and documents, and download new content
– Engage in unsolicited chat with the victim
– Infect USB devices to aid further spreading of malware
– Instruct the victim’s computer to help commit Distributed Denial of Service (DDOS) attacks
– Infect other computers via peer-to-peer communications

The toolkit also includes a password recovery application designed to capture usernames and passwords inputted on a victim’s machine. The criminal can then view the stolen data in a similar way to an email inbox. Infection by the malware typically takes place by the user clicking on external links on social networking and communication platforms. Instead of viewing the promised picture or video, the victim unwittingly installs the malware – in many cases having no idea they are infected. Investigators believe that around 200,000 usernames and passwords of victims across the world may have been extracted by Blackshades users in the UK.

Law enforcement comment

Deputy Director of the NCA’s National Cyber Crime Unit, Andy Archibald, said: “Criminals throughout the UK and across the world are finding out that committing crimes remotely offers no protection from arrest. The unique scale of this cyber operation shows what can happen when law enforcement agencies at local, national and international level work together to tackle the perpetrators and help keep people safe." Mr Archibald continued: "Cyber crime is one of the most significant criminal threats to the UK. The NCA is helping to build the capacity of its partners across the country and coordinating the UK’s collective efforts as part of the response. The ommitment of our police partners in the cyber arena has been clearly demonstrated by the work culminating in this week’s dramatic activity.”

National Policing lead on e-crime, Deputy Chief Constable Peter Goodman, said: “This has been a superbly co-ordinated intelligence-led international policing response to a specific emerging cyber crime threat, which could have given offenders access to personal security information held by citizens of the UK and overseas It demonstrates the determination of the National Crime Agency, its partners overseas and the UK’s newly-established regional cyber crime units to identify, trace and disrupt those whose potential criminal activity presents a threat to the public’s lawful use of the intranet." He continued: "It also sends out a clear message to cyber criminals that we have the technology, capability and expertise to track them down, and should, I hope, reassure the public that the police can and will respond effectively to the reports we receive about the criminal use of computer networks and malware to by-pass security measures we rely on to keep our personal data safe.”

The NCA is not only making arrests of people believed to be using Blackshades, but is using a variety of approaches to warn individuals who have downloaded the malware – but not deployed it – that they have been detected and will be subject to action if it is used.

The NCA urges members of the public to ensure they keep antivirus software regularly updated, and to back up their computer and other electronic devices to ensure they can recover files, including important documents and photographs.

Anyone who believes they have lost money through malware should report it at

Written by

In partnership with