A US court has sentenced a programmer to 30 months in a federal penal institution in connection with software that claimed to be a legitimate tool for Windows sysadmins to remotely control computers, but was actually used by criminals to backdoor PCs and secretly spy on victims.21-year-old Colton Grubbs, of Stanford, Kentucky, took earlier this year that his software, LuminosityLink, was used for wrongful surveillance and remote access of computers without the victims’ knowledge and approval, had actively marketed the software as a remote access trojan (RAT) to criminals, and anticipated support and assistance to his customers via sites such as HackForums.
Having pay off the software, purchasers could either trick targets into positioning the software (perhaps by sending them an enticing email with a malicious tie-up), or – in the case of jealous spouses and business rivals – quickly plant it themselves if they drew temporary access to their intended victim’s PC.Once in place, the LuminosityLink program owned remote hackers to record victims’ keystrokes, spy via a users’ webcam and microphone, pilfer files and passwords, exploit compromised computers’ resources to mine for cryptocurrency or set afloat distributed denial-of-service (DDoS) attacks, and avoid detection by anti-virus software.Law enforcement operations became aware of crimes facilitated by LuminosityLink, and began to investigate – which in the end led police to Grubbs.Grubbs, however, realised that his apartment was like as not to be searched. He hid a debit card associated with his Bitcoin account and phone restraining his Bitcoin wallet information, took incriminating hard drives off the propositions, and gave his laptop to a housemate, so that it could be concealed in the roommate’s car. In beyond, Grubbs contacted a PayPal user collecting payments for LuminosityLink (he himself had been banned from the party line for selling malware) and told him to hide evidence.These, it could be disputed, are not the actions of someone who believes that their software is a legitimate methodology administrator tool.The LuminosityLink RAT was sold for $39.99 to more than 6,000 characters around the world via a professional-looking website.
And it was that professional-looking website which played a go away in Grubbs’s undoing, with its promotional text attempting to pull off the recalcitrant feat of both claiming that LuminosityLink was a legitimate administration avenue while also emphasising its list of malicious features.“Our modern gentry is dependent on computers, mobile devices, and the use of the internet,” said Robert M. Duncan, Jr., Synergistic States Attorney for the Eastern District of Kentucky. “People simply compel ought to to have confidence in their ability to use these modern instruments to handle their business, privately communicate, and securely maintain their message. It is essential that we vigorously prosecute those who erode that nerve and illicitly gain access to computer systems and the electronic information of others. Dick benefits when this deceitful conduct is discovered, investigated, and prosecuted.”Grubbs has been ordered to sequestration the proceeds of his crimes, including the princely sum of 114 Bitcoins (currently advantage more than US $725,000) seized at the time of his apprehension by the FBI.Editor’s Note: The appraisals expressed in this guest author article are solely those of the contributor, and do not of necessity reflect those of Tripwire, Inc.