WASHINGTON (CNN) — The FBI and police in several countries have arrested more than 100 people and conducted hundreds of searches in recent days in a global crackdown on hackers linked to the malicious software called Blackshades, two law enforcement officials told CNN.
The years-long investigation is targeting one of the most popular tools used by cybercriminals to hijack computers around the world.
The malware, nicknamed “creepware” by some, sells for as little as $40. It can be used to hijack computers remotely and turn on webcams, access hard drives and capture keystrokes to steal passwords without the victim’s knowledge.
Criminals have used it for everything from extortion to bank fraud, the FBI says. In one well-publicized extortion case last year, a hacker used Blackshades to spy on Cassidy Wolf, Miss Teen USA.
Computers seized, suspects questioned
People familiar with the investigation say U.S. prosecutors were expected to announce some of the results of the law enforcement effort later Monday.
The FBI recently promised to make arrests and indictments to combat what it says are increasing criminal intrusions.
Hints of the crackdown emerged last week as Internet forums used by hackers lit up with reports from Blackshades users in Europe, Canada and the United States.
Word quickly spread that the FBI and police in several other countries were knocking on doors, seizing computers and questioning suspects.
So far, the combined international law enforcement effort has made 101 arrests, completed 365 searches and conducted 102 interviews, officials told CNN.
The software is called a remote administration tool, or RAT, and isn’t necessarily illegal to own. Legitimate versions of similar software allow computer owners to access their computers remotely.
Miss Teen USA hacked
But the booming business in Blackshades malware is intended to commit cybercrime, the FBI and other law enforcement agencies say.
Authorities say the software is one of several kinds that hackers use to carry out a variety of Internet crimes that target victims across national borders, which makes it tough for law enforcement officials to pursue outside their jurisdiction. Increasingly, police in multiple countries are working together.
For victims whose personal computers were turned into weapons against them, the arrests bring reassurance.
Wolf, the reigning Miss Teen USA, received an ominous e-mail message in March 2013.
The e-mail, from an unidentified sender, included nude photos of herself, obviously taken in her bedroom from her laptop. “Either you do one of the things listed below or I upload these pics and a lot more … on all your accounts for everybody to see and your dream of being a model will be transformed into a porn star,” the e-mail said.
And so began what Wolf describes as three months of torture.
‘I felt completely violated’
The e-mail sender demanded better-quality photos and video, and a five-minute sex show via Skype, according to FBI documents filed in court. He told her she must respond to his e-mails immediately — software he had installed told him when she opened his messages.
“I felt completely violated,” Wolf said in an interview. “I felt scared because I didn’t know if this person was a physical threat. My whole sense of security and trust was gone.”
A former classmate she knew, Jared Abrahams, had installed Blackshades malware on Wolf’s laptop. In March, the 20-year-old computer science student was sentenced to 18 months in prison after pleading guilty to extortion and unauthorized access to a computer.
Abrahams had been watching her from her laptop camera for a year, Wolf later learned. The laptop always sat open in her bedroom, as she played music or communicated with her friends.
According to FBI documents, Abrahams had used Blackshades to target victims from California to Maryland, and from Russia to Ireland. He used the handle “cutefuzzypuppy” to get tips on how to use malware and told the FBI he had controlled as many as 150 computers.
CNNMoney’s Rich Barbieri and CNN’s Tom Cohen contributed to this report.