A Google search of the word RATters reveals either people with a passion for little dogs chasing rats and mice or perverted men using remote access software (RAT) to take control of young girls webcams, take compromising pictures of them to display and swap on slaver forums. The pervert spying came to light in early 2013 in a comprehensive article in Ars Technica. The article claimed that one of the ‘slave forums’ had 23 million total posts.
The technology is not new so it begs the question of which came first, the chicken or the egg. Were government surveillance agencies already using it and young perverts adapting it later, or were young perverts leading the way for government agencies to emulate? A recent article in the Washington Post has claimed that the FBI has been spying on its “persons of interest” via their webcams for several years already, without triggering the webcam indicator light.
At least one judge in a rare case of protecting individual privacy rejected an FBI request for remotely activating video feeds in a bank fraud case in Houston, Texas, in December last year. The judge ruled that the risk of accidentally obtaining information of innocent people was too great.
FBI surveillance teams use the same technique as ratters, by infecting the computer with a malicious software (malware – through phishing). By sending an email with a link, which could be to a website, an image or a video, the user is tricked into downloading a small piece of software onto their machine. Once installed, the malware allows the FBI to take control of the computer and the webcam at any time, working similarly to the system large corporations use to update software and fix IT problems.
“We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate. Judges are having to make up these powers as they go along.”
Christopher Soghoian, principal technologist for the American Civil Liberties Union.
It is not only governments that are employing RAT techniques but activist and political groups are using it as a protest and spying tool against their rivals. Hackers have been discovered using a tampered-with version of a legitimate remote access tool (RAT) to target activists, industrial, research and diplomatic targets. Hungary-based security firm CrySys Lab discovered an attack on diplomatic targets in Hungary which installs legitimate software first, but then remotely alters the program to enable it spy on victims. This had been going on since 2008.
“The attackers control the victim’s computers remotely by using [a] legal remote administration tool. This application is signed with legitimate digital certificates and is used by more than 100 million users around the world. To avoid alerting the user that somebody is spying on him, the attackers dynamically patch [the program] in memory to remove all signs of its presence.” – Kaspersky Lab
High profile targets ranging from a high-profile victim in Hungary, multiple victims in Iran, the Ministry of Foreign Affairs of Uzbekistan and attacks on Belarusian pro-democracy activists last year. The malware searches for multiple document formats, disk images and file names that suggest they contain passwords or encryption keys.
The leaked Snowdon files suggest that spy teams around the world have been using these techniques since 2004. Their usage of remote administration tools (RATs) comes to light as the world’s most powerful technology firms call on Barack Obama to curb government spying on internet users.