By Tomáš Foltýn
A hacking tool that was able to give full remote
control of a victim’s computer to anyone with nefarious intentions has
been taken down in an international law-enforcement operation, according to
announcements by the United Kingdom’s National Crime Agency (NCA) and by Europol.
The remote access Trojan (RAT), called Luminosity
Link, was peddled on a dedicated website for as little as £30. It claimed to
offer a trifecta of “surveillance, security and administration”, purporting to
be a legitimate system administration utility, a client-monitoring tool, and,
wait for it, an “anti-malware solution”.
The insidious RAT, once installed undetected,
gave digital crooks free rein on the victim’s machine. They were able to “disable
anti-virus and anti-malware software, carry out commands such as monitoring and
recording
keystrokes, steal data and passwords, and watch victims via their
webcams”, said the NCA. Obviously all of that could be done without the
victim’s knowledge.
The investigation showed that the tool, which
required little technical knowledge to deploy, had over 8,600 users in 78
countries. Victims are believed to be in the thousands.
Forensic analyses have found a range of evidence of
stolen personal details, passwords, private photographs, video footage and
data. However, the amount of evidence is “expected to rise significantly as
seized devices are examined”, said the NCA, which has confiscated more than 100
“exhibits” during the UK operation.
“Through our work with forces and international
partners the RAT is no longer available for sale and no longer works,” said
senior investigating officer David Cox of the NCA’s National Cyber Crime Unit.
Coordinated by the NCA and supported by Europol,
the investigation also involved law-enforcement agencies across 13 countries in
Europe, Australia and North America. The crackdown itself took place during a
“week of action” in September of 2017, with authorities across the UK and
Europe working together to target the RAT’s purchasers. The probes have
resulted in a number of search warrants, arrests, and cease-and-desist
notifications across Europe, Australia and the US.
Citing “operational reasons”, the authorities
didn’t disclose the information about the clampdown until earlier this week.
Luminosity Link was initially found on the computer
of an alleged offender in the southwestern English city of Bristol, who was
nabbed in September 2016 on suspicion of computer misuse offenses in an
unrelated investigation, said the NCA.
“Through such strong, coordinated actions across
national boundaries, criminals across the world are finding out that committing
crimes remotely offers no protection from arrests. Nobody wants their personal
details or photographs of loved ones to be stolen by criminals. We continue to
urge everybody to ensure their operating systems and security software are up
to date”, Steven Wilson, head of Europol’s European Cybercrime Centre, is
quoted as saying.