The tool is part of a much larger trend toward user-friendly hacking tools, developed and distributed by corporate-like entities that are becoming like the Oracles or Microsofts of the malware world.
There's now a fully fledged |market for groups offering access to easy-to-use malware on a subscription basis, experts say.
And because the tools require little to no technical skill, the barrier to a life of cybercrime is much weaker than it was in the early years of the internet.
The result has been an explosion in criminal activity that has left consumers vulnerable to having their financial information used for fraudulent transactions or having their personal information sold.
"It's gone from being a couple of guys developing malicious software to actual organised crime groups" on the development side, said
Malware groups often have a hierarchical leadership structure and pay for development of software as well as marketing and distribution, researchers and federal investigators say. In the big leagues of this underground economy, malware rings mirror the economic models of legitimate businesses.
But they're also widely distributed - with groups often having members all over the world, experts say. "You might have a developer in
That's an awful lot of co-ordination and managerial skills. "If you want to excel as a cyber-criminal," Shield said, "go get an MBA."
The reason for the explosion in the commercial malware market is simple, Shields said: There's money in hacking - through the sale of sensitive data or the tools that can enable breaches - and the market has moved to take advantage of the situation. Pursuing a life of crime online also can be safer than pursuing one in the physical world, said
Now, almost anyone can be a hacker. "There are a lot of them |who don't have technical skills, but just want to get into crime," Haley said. As a result, law enforcement officials say they are beginning to focus on those who develop the malware, not just the people who use it.
"We tackled this malware starting with those that put it in the hands of the users - the creators and those who helped make it readily available, the administrators," said
Blackshades, the target of the recent
These types of tools are migrating to mobile devices, too.
Once the tool is installed, the user can do almost anything. And like Blackshades, it's easy to use.
"There's a nice user interface that allows the hacker to control not only that phone but multiple phones if they've infected them," he said.
Users are infected with the program through a social engineering hack that tricks them into thinking a bank or social network needs to install an app on their device with a pop up when the device is connected to a desktop already infected with malware.
As the groups behind malware become more organised, so must the law enforcement tactics used to fight them, experts say - as evidenced by the Blackshades action. "Law enforcement has had to change from tracking down individuals to more of the traditional organised crime levels of infiltration," Shields said.
Haley hopes the Blackshades crackdown is a wake-up call to those in the cybercrime business, reminding them that there's a risk to becoming involved in the industry.
But overall, experts say, software as a service has enabled a growth in the number of cybercriminals - and that growth leaves consumers and businesses at greater risk.
"In total, over 552 million identities were breached in 2013, putting consumers' credit card information, birth dates, government ID numbers, home addresses, medical records, phone numbers, financial information, e-mail addresses, log-ins, passwords and other personal information into the criminal underground," the company said. As bad guys become more organised and professional, their onslaughts are harder to defend against.
Retail firms also have been hit with credit card breaches in recent months - including Target, where a breach compromised up to 40 million customers' financial information as well as other personal data related to 70 million customers.
But hackers aren't always going for mega-chains,
For consumers, personal computing use has become more risky - a bad link or attachment could mean the installation of the next Blackshades. But there's also more risk when you hand over data to third parties, Samani said.
Even if consumers are taking measures, anything they give to a third party puts them at the mercy of someone else's security measures, he said. And if those security measures are breached, the data is at the mercy of whoever gets their hands on it. -
Most Popular Stories
- Criminal Investigation Opened Into James Foley's Death
- Swiss Suicide Tourism Doubled Since 2009
- Wealth Gap Widened in Past Decade: Census
- Florida's Largest Insurer Says 'Bailout' Attacks Unfair
- Gap Reports Higher Profits, India Plans
- James Foley Beheading Sparks Anger, Little Action
- International Revulsion Grows Over James Foley Death
- Beyonce, Jay-Z Cuba Trip Was Legal After All
- Chinese Stock Funds Are a Late-summer Bloomer
- Sears Holdings Loses $573 Million