A hacking tool that was able to give full remote control of a victim’s computer to anyone with nefarious intentions has been taken down in an international law-enforcement operation, according to announcements by the United Kingdom’s National Crime Agency (NCA) and by Europol.
The remote access Trojan (RAT), called Luminosity Link, was peddled on a dedicated website for as little as £30. It claimed to offer a trifecta of “surveillance, security and administration”, purporting to be a legitimate system administration utility, a client-monitoring tool, and, wait for it, an “anti-malware solution”.
The insidious RAT, once installed undetected, gave digital crooks free rein on the victim’s machine. They were able to “disable anti-virus and anti-malware software, carry out commands such as monitoring and recording keystrokes, steal data and passwords, and watch victims via their webcams”, said the NCA. Obviously all of that could be done without the victim’s knowledge.
The investigation showed that the tool, which required little technical knowledge to deploy, had over 8,600 users in 78 countries. Victims are believed to be in the thousands.
Forensic analyses have found a range of evidence of stolen personal details, passwords, private photographs, video footage and data. However, the amount of evidence is “expected to rise significantly as seized devices are examined”, said the NCA, which has confiscated more than 100 “exhibits” during the UK operation.
“Through our work with forces and international partners the RAT is no longer available for sale and no longer works,” said senior investigating officer David Cox of the NCA’s National Cyber Crime Unit.
Coordinated by the NCA and supported by Europol, the investigation also involved law-enforcement agencies across 13 countries in Europe, Australia and North America. The crackdown itself took place during a “week of action” in September of 2017, with authorities across the UK and Europe working together to target the RAT’s purchasers. The probes have resulted in a number of search warrants, arrests, and cease-and-desist notifications across Europe, Australia and the US.
Citing “operational reasons”, the authorities didn’t disclose the information about the clampdown until earlier this week.
Luminosity Link was initially found on the computer of an alleged offender in the southwestern English city of Bristol, who was nabbed in September 2016 on suspicion of computer misuse offenses in an unrelated investigation, said the NCA.
“Through such strong, coordinated actions across national boundaries, criminals across the world are finding out that committing crimes remotely offers no protection from arrests. Nobody wants their personal details or photographs of loved ones to be stolen by criminals. We continue to urge everybody to ensure their operating systems and security software are up to date”, Steven Wilson, head of Europol’s European Cybercrime Centre, is quoted as saying.
Author Tomáš Foltýn, ESET