Blackshades malware co-creator pleads guilty

February 19 22:59 2015

Alex Yucel, the co-creator of the Blackshades malware that infected more than a half-million computers worldwide, pleaded guilty Wednesday in Manhattan federal court. The Swedish citizen faces up to 10 years in prison, plus thousands of dollars in forfeiture and restitution, for his role in a scheme federal investigators said distributed Blackshades to thousands of cybercriminals worldwide and harmed many computer users.635598701814386591-EPA-USA-CRIME-BLACKSHADES-HACKERS

In an alleged scheme that ran from 2010-2013, conspirators installed Blackshades’ Remote Access Tool — RAT — on the computers of unsuspecting users. The $40 program enabled them to access and view the victims’ files, documents and photos, record keystrokes, steal passwords and even use the machines’ cameras to spy on users. Blackshades users often sent electronic ransom notes to extort payments from victims for releasing the computers from secret control. Prosecutors said one such note warned: “Your computer has basically been hijacked, and your private files stored on your computer has now been encrypted, which means that they are impossible to access, and can only be decrypted/restored by us.”

Yucel, 24, was arrested in Moldova in November 2013 and was subsequently extradited to the U.S. In an agreement with prosecutors, he pleaded guilty to one count of distributing malicious software during a 35-minute hearing before U.S. District Court Judge P. Kevin Castel. Evidence amassed by federal investigators showed Yucel hired administrators, a marketing director and customer service representatives to build his Blackshades business. The operation rang up sales to thousands of users in more than 100 countries, generating more than $350,000 by April 2014, prosecutors charged.

Yucel, dressed in dark blue jail clothes, told Castel he had lived in Sweden and attended a university for two years as a computer science major. Had he gone to trial, Manhattan Assistant U.S. Attorney Sarah Lai said the government would have introduced transcripts of electronic chats between Yucel and an undercover federal agent, Blackshades marketing material and evidence of data stolen from computers. Although Yucel faces a maximum 10-year prison term, prosecutors and defense attorney Bradley Henry reached a stipulated agreement to imprisonment from 70 to 87 months. The final decision, however, rests with Castel, who set a tentative sentencing date of May 22.