November 14, 2017
Feds Drop Curtains on Blackshades
Posted March 17, 2015
Alex Yucel, Man Behind Software Used to Steal Payment Card Data and Passwords from Thousands Pleads Guilty. Faces up to 10 Years.
The 24-year-old Yucel, who co-created and sold Blackshades, pleaded guilty to one count of hacking as part of a plea agreement telling the court he “aided and abetted others by knowingly transmitting a program…which caused damage to a computer over the Internet without authorization.”
According to a pymnts.com article, Yucel actually caused quite a bit of damage. The following has been excerpted from the pymnts.com article and edited to fit our format. You may find the complete piece by clicking on this link.
Modern sales organization used to infect half-a-million computers
[The] Blackshades program was actually used to infect more than 500,000 computers. Prosecutors said Yucel ran a sales organization that included a marketing director and customer service reps, generating sales of more than $350,000 by April 2014.
[A] sweep by U.S. and European authorities shut down the Blackshades operation and arrested about 90 people.
$40 all it took to wreak havoc
The $40 program included a keylogger that, once a computer was infected, allowed a hacker to capture payment card information as it was entered at e-commerce websites. The Blackshades remote-access tool also let a cyberthief look through files on an infected machine, spy on users through the computer’s webcam, encrypt victims’ computer files and then demand ransom to unlock them, and infect other computers through instant messages or social website links.
Spurred Visa and MasterCard to Push for Tokenization
The ability of would-be cyberthieves to watch e-commerce customers type in payment card information is part of the reason for the current push by Visa and MasterCard to convert e-commerce sites to tokenization. While Apple Pay already is designed to use tokens for all transactions, the two biggest U.S. card brands have also said they want to dramatically expand use of tokens beyond Apple’s mobile payments system.