International operation hits BlackShades users - Main contents

​The Hague, 19 May 2014

Worldwide operation coordinated by Eurojust

During the course of a worldwide investigation, creators, sellers and users of BlackShades malware were targeted by judicial and law enforcement authorities in 16 different countries. The investigation culminated in a two-day operation, coordinated by Eurojust in The Hague and supported by the European Cybercrime Centre (EC3) at Europol.

During both action days, 359 house searches were carried out worldwide, and 97 people were arrested. Over 1 100 data storage devices suspected of being used in illegal activities were seized, including computers, laptops, mobile telephones, routers, external hard drives and USB memory sticks. Substantial quantities of cash, illegal firearms and drugs were seized. Authorities also succeeded in seizing the domain of the BlackShades website.

A recent case in the Netherlands of BlackShades malware being used for criminal purposes was that of an 18-year-old man who infected at least 2 000 computers, controlling the victim’s webcams to take pictures of women and girls.

Countries that undertook action against creators, sellers and users of the malware included the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, Italy, Croatia, USA, Canada, Chile, Switzerland and Moldova. Three coordination meetings were held at Eurojust prior to the action days, attended by most of the involved countries. During the action days, a coordination centre was set up at Eurojust, assisting the different countries by delivering overviews of the state of play in the countries involved, as well as providing judicial assistance. Representatives of Eurojust, Europol and the FBI were present at the coordination centre.

As a further demonstration of the level of cooperation achieved by this coordination centre, EC3 was present during the action days and provided real-time analytical support. EC3 will be instrumental in the follow-up, identifying victims and promoting technical solutions to protect computers against this malware.

Mr Lodewijk van Zwieten, Prosecutor of the Dutch Public Prosecutor’s Office, and Mr Koen Hermans, Assistant to the National Member for the Netherlands, commented on the success achieved: ‘Operation BlackShades is a fine example of cross-border judicial cooperation in practice. The Internet is not a safe environment for criminals. This case, involving so many Member States and third States, with the common goal of stopping further cyber-attacks, shows the potential of worldwide joint actions and points the way to future common efforts. We are very pleased with the outcome.’

Key figures at a glance

Operations conducted in the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, Italy, Croatia, USA, Canada, Chile, Switzerland and Moldova

97 arrests

359 house searches

Over 1 100 data storage devices seized

Eurojust background information

Eurojust’s coordination meetings are the first step in bringing together law enforcement and judicial authorities from Member States and third States. Coordination meetings allow legal and practical difficulties resulting from the differences in the 30 existing legal systems in the European Union to be resolved prior to the action day.

Eurojust’s coordination centres are held on the action day and used to coordinate the operations at judicial level in the involved countries. Eurojust’s coordination centres facilitate real-time information exchange between judicial and law enforcement authorities and enable on-the-spot decision-making and immediate response by national judicial authorities to new developments. Coordination centres also provide all involved countries with an up-to-date overview of the operations and results.

BlackShades background information

BlackShades is a malicious form of software (malware) that was sold and distributed to thousands of individuals throughout the world. BlackShades' flagship product was the BlackShades RAT, a sophisticated piece of malware that enables its users to remotely and surreptitiously gain complete control over a victim's computer. Once installed on a victim's computer, a user of the RAT is free to, among other things, access and view documents, photographs and other files, record all of the keystrokes entered and even activate the webcam on the victim's computer - all of which could be done without the victim's knowledge. BlackShades also makes it possible to carry out large-scale distributed denial-of-service (DDoS) cyber-attacks.

A particularly harmful aspect of this software is the ability to encrypt, deny access to files and demand money. BlackShades provides sample letters such as the following for users of the software to modify:

Screenshot obtained from blog.malwarebytes.org

For more information, please contact:

EUROJUST

Ms Leen DE ZUTTER, Media & PR

Press & PR Service

Tel: +31 70 412 5508 - E-mail: info@eurojust.europa.eu EUROPOL

Ms Lisanne Kosters

Corporate Communications

Tel: +31 70 302 5001