kccu

Ohio Man Charged With Putting Spyware On Thousands of Computers

Jan 12, 2018
Originally published on January 15, 2018 9:16 pm

A 28-year-old man who allegedly hacked into thousands of computers to watch and listen to users has been indicted in Ohio. Federal prosecutors say Phillip Durachinsky created malware that enabled him to remotely access and turn on the cameras and microphones of computers.

Durcachinsky was indicted in the U.S. District Court for the Northern District of Ohio. Prosecutors say he has been hacking into computers for over 13 years. A source close to the case, who spoke on background, says Durachinsky was working from the basement of his parents' house.

Prosecutors did not say how Durachinsky got into the computers. But security researcher Patrick Wardle says people may have unwittingly opened an infected computer or file from a website. Wardle says once the malware gets on the computer "it has the ability to listen to people's conversations, turn on the webcam, take screen captures, record keystrokes. It's almost a complete surveillance device."

The malware was named Fruitfly because it was initially found on computers in medical labs where researchers were studying fruit flies. It was first detected on computers at Case Western Reserve University, which reported it to the FBI last year.

Wardle also discovered it around the same time. His research led him to computers in people's homes. Many were in Ohio, but they were also as far away as California. Wardle says the hacker had access to a 24/7 surveillance device.

"He could detect when the user is not sitting in front of their computer," Wardle says. "Then (he could) turn the webcam on to hopefully record or spy on the user perhaps as they're walking around their bedroom or something in that capacity."

Prosecutors would not speak with NPR because the case is ongoing. But among the charges in the 16-count indictment is the production of child pornography. The indictment indicates that Durachinsky used the computers to store pornographic images and to transmit them over the Internet. The computers helped to power his operation and spread the malware to computers in schools, companies, a subsidiary of the U.S. Department of Energy, and a police department.

It also appears that he programmed the malware to alert him if a user was watching pornography.

An attorney representing Durcachinsky could not be reached for comment.

Thomas Reed, with Malwarebytes, an anti-virus software maker, also discovered Fruitfly independently. He says the code was old — going back to the 1990s. "We were surprised to see that it had been undetected for so long and that we found it still active on somebody's computer," Reed says.

Fruitfly was found in both PCs and Macs. Many cybersecurity researchers were surprised it was on so many Macs. There are far more PCs in the world, so most hackers don't bother with Apple computers. But, Reed says, "as much as people like to say that Macs don't get viruses, there actually is malware out there for Macs."

Reed, whose company makes antivirus software for Macs, claims there was a 270 percent increase last year in new strains of malware for Macs.

There is also a reason Reed thinks the virus went undetected for so long. It was only targeted at thousands of computers — a relatively small number in the world of malware where millions of PCs can be targeted.

"If stuff like this is used in a very targeted manner so it's only being used to affect a small number of people, it can be really hard for security researchers to find it," Reed says. "We may never know about it for years."

That means there may be other spyware out there similar to Fruitfly that hasn't been found, he says. However, the FBI says it has not seen a lot of spyware cases like this.

The best protections against spyware are rather analog. One way is to cover the camera on your computer. That's what the Pope, Facebook CEO Mark Zuckerberg and former FBI Director James Comey do.

Reed advises everyone to do the same and to turn off their computer when they're not at it. And use the latest antivirus software.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.

KELLY MCEVERS, HOST:

A computer programmer who allegedly hacked into thousands of computers, activating webcams and microphones, has been indicted in Ohio. Authorities say the hacker started as a teenager, infecting computers with malware. And then for years he watched and listened in on people who had no idea it was happening. NPR's Laura Sydell has more.

LAURA SYDELL, BYLINE: The malware was discovered last year on computers at Case Western Reserve University, and it was brought to the attention of the FBI. Two security researchers also independently uncovered the virus. One of them is Patrick Wardle. Here's what he found.

PATRICK WARDLE: It has the ability to listen to people's conversations, turn on the webcam, take screen captures, record keystrokes. Pretty much it's almost in some ways a complete surveillance device.

SYDELL: A complete and total 24/7 surveillance device. For over 13 years, this hacker allegedly spied on his Ohio neighbors and around the country. The malware is called Fruitfly because they initially found it on computers in medical labs where they were studying fruit flies. But Wardle's research took him down a much darker path. The hacker allegedly had broken into American homes.

WARDLE: He could detect when the user was not sitting in front of their computer and then turn the webcam on to hopefully record or spy on the user perhaps as they're walking around their bedroom or, you know, something in that capacity.

SYDELL: The alleged hacker is 28-year-old Phillip Durachinsky. He was indicted on 16 criminal counts in federal court in Ohio. Among the charges is the production of child pornography. Prosecutors would not speak with NPR about an ongoing case. The indictment indicates that Durachinsky used the computers to store pornographic images and to transmit them over the Internet.

To help power and spread his operation, he infected computers in schools, companies, a subsidiary of the U.S. Department of Energy and a police department. Thomas Reed works with Malwarebytes, an anti-virus software maker. He's one of the researchers who found the virus. He says the code in Fruitfly was old, going back to the 1990s.

THOMAS REED: We were surprised to see that it was - you know, one, that it had been undetected for so long, and, two, that we found it still active on somebody's computer.

SYDELL: Reed says Fruitfly was found on Macs and PCs. But the Mac intrusion surprised him. Because there are more PCs in the world, most hackers don't bother with Macs. That means there isn't as much anti-virus software or fear about viruses among Mac users.

REED: And as much as people like to say that Macs don't get viruses, there actually is malware out there for Macs.

SYDELL: In fact, Reed claims there was a 270 percent increase last year in malware for Macs. Apple has not confirmed that figure. But there is a reason that Reed thinks the virus went undetected for so long. It was only targeted at thousands of computers, not hundreds of thousands or millions. In the world of malware, that's not a lot.

REED: If stuff like this is used in a very targeted manner - so it's only being used to affect a small number of people - it can be really hard for security researchers to find it. And we may never know about it for years.

SYDELL: Reed says that means there may be other spyware out there similar to Fruitfly that hasn't been found. However, the FBI says it has not seen a lot of spyware cases like this. It isn't clear how these computers got infected. Reed says users might have opened an infected email or downloaded something from a website.

The best protections against spyware are rather analog. One way is to cover the camera on your computer. That's what the pope does - same with Facebook CEO Mark Zuckerberg and former FBI Director James Comey. Reed advises everyone to do the same and to turn off the computer when you are not in front of it, and use the latest anti-virus software. Laura Sydell, NPR News.

(SOUNDBITE OF LA ORQUESTA VULGAR'S "FANTOCHE A LA REALIDAD") Transcript provided by NPR, Copyright NPR.