Spy RATter’s

A Google search of the word RATters reveals either people with a passion for little dogs chasing rats and mice or perverted men using remote access software (RAT) to take control of young girls webcams, take compromising pictures of them to display and swap on slaver forums. The pervert spying came to light in early 2013 in a comprehensive article in Ars Technica. The article claimed that one of the ‘slave forums’ had 23 million total posts.

The technology is not new so it begs the question of which came first, the chicken or the egg. Were government surveillance agencies already using it and young perverts adapting it later, or were young perverts leading the way for government agencies to emulate? A recent article in the Washington Post has claimed that the FBI has been spying on its “persons of interest” via their webcams for several years already, without triggering the webcam indicator light.


At least one judge in a rare case of protecting individual privacy rejected an FBI request for remotely activating video feeds in a bank fraud case in Houston, Texas, in December last year. The judge ruled that the risk of accidentally obtaining information of innocent people was too great.

FBI surveillance teams use the same technique as ratters, by infecting the computer with a malicious software (malware – through phishing). By sending an email with a link, which could be to a website, an image or a video, the user is tricked into downloading a small piece of software onto their machine. Once installed, the malware allows the FBI to take control of the computer and the webcam at any time, working similarly to the system large corporations use to update software and fix IT problems.

“We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate. Judges are having to make up these powers as they go along.”
Christopher Soghoian, principal technologist for the American Civil Liberties Union.

It is not only governments that are employing RAT techniques but activist and political groups are using it as a protest and spying tool against their rivals. Hackers have been discovered using a tampered-with version of a legitimate remote access tool (RAT) to target activists, industrial, research and diplomatic targets. Hungary-based security firm CrySys Lab discovered an attack on diplomatic targets in Hungary which installs legitimate software first, but then remotely alters the program to enable it spy on victims. This had been going on since 2008.
“The attackers control the victim’s computers remotely by using [a] legal remote administration tool. This application is signed with legitimate digital certificates and is used by more than 100 million users around the world. To avoid alerting the user that somebody is spying on him, the attackers dynamically patch [the program] in memory to remove all signs of its presence.” – Kaspersky Lab

High profile targets ranging from a high-profile victim in Hungary, multiple victims in Iran, the Ministry of Foreign Affairs of Uzbekistan and attacks on Belarusian pro-democracy activists last year. The malware searches for multiple document formats, disk images and file names that suggest they contain passwords or encryption keys.
The leaked Snowdon files suggest that spy teams around the world have been using these techniques since 2004. Their usage of remote administration tools (RATs) comes to light as the world’s most powerful technology firms call on Barack Obama to curb government spying on internet users.

Related Articles:
FBI’s search for ‘Mo,’ suspect in bomb threats, highlights use of malware for surveillance
Hackers use legit remote IT support tool in spy attack


A Slave Ratting on a RATer.

“Cutefuzzypuppy” he called himself. This was the not so cute online handle of 19 year old Jared James Abrahams who captured Miss Teen USA Cassidy Wolf’s laptop webcam using RAT technology and revelled in getting unbeknown naked pictures of her.

I mean even in the privacy of your own room how much time do you spend naked? It’s probably inversely proportional to your age. The older you are the less time you spend naked. From a baby when you are always naked to a 90 year old that’s never naked even in the shower. Jared had over 150 “slaves” at the height of his career as a RAT. That’s controlling the webcams of the 150 girls Jared monitored, many he snapped “nuddy” images of to boast about, post and share with his forum friends. Now this is a serious investment of time. To catch these girls in the buff would require near constant monitoring. It probably took all of Jared’s time to watch and wait. It makes him not so much a cute puppy but a very sick puppy. The American term “Jerk off” probably literally applied to Jared.

Jared is no good with people, no surprise there, so he distributed software like DarkComet to victims because that was the only way he could connect with them, secretly as a virus. He admitted “He sucked at social engineering.”  This of course means he had no face to face social skills. His first major success was to use a girl he went to school with. Cassidy Wolf the new Miss Teen USA innocently communicated with an old school acquaintance to have him infect her laptop with a RAT tool.
In May 2012 he announced on hackforums.net:
Recently I infected a person at my school with Darkcomet. It was total luck that I got her infected because I suck at social engineering. Anyway, this girl happens to be a model and a really good looking one at that: D. I was hoping I could use her and her Facebook account to further spread my darkcomet rat. I want to mass message all her friends on Facebook but I have no idea what to message them to get them to download the rat. Any ideas or suggestions would be greatly appreciated :).” 
Reported by Nate Anderson (ars Technica Sep 28th)

Cassidy became suspicious when someone attempted to change her passwords to Facebook, Twitter, Tumblr and Yahoo. The first semi-nude of her turned up on Twitter. Only 30 minutes later she received an email from our Jared demanding  that she either send him “good quality” nude pictures, a video of herself, or that she “go on Skype with him and do what I tell you to do for 5 minutes.” Any refusal to his demands would result in the release of compromising images of her, some of which he sent her to show he meant business.
The idiot tried to blackmail her. What is it with men and our obsession with the pursuit of status and influence? Of any kind. Even if it’s only to be the biggest fish in the tiniest ocean we will go for it. From the dickhead Dad with his Hitler control trip over the under 10 basketball team from a town you can spend a year in, in a single day to Jared wanting to be the “Man” on a forum full of sickos by showing them a video of his “slave” obeying his every command. What’s more she is Miss Teen USA so beat that!

To her credit Cassidy called the cops.
The FBI looked at her laptop and found evidence of both DarkComet and another RAT known as Blackshades, which confirmed how Jared had taken his photos.
Jared thinking he was smart used a VPN (Virtual Private Network) to conceal his identity but his own RAT buddies betrayed his location because of his bragging. These RATs had connected back to Jared by accessing no-ip.org. This is a service which allows users to dynamically map their IP address to a domain name. This allows the “slaves” to phone home while Jared remains safe using a dynamic IP address from a home Internet account or so he thought. The resulting No-ip.org records however allowed the FBI to establish the existance of a no-ip.org account in the name of Jared’s father and the username on the account was “cutefuzzypuppy.” A Google search and there is our Jared alias “cutefuzzypuppy” writing about RATs online.
Facebook gave the FBI, Jared’s personals including his college.  He was staked out and secretly observed in the computer room accessing the “no logging” VPN from the college network. The FBI had a case, Jared James caught red handed, done and dusted.

Yet to realise and making matters much worse for himself Jared continued to threaten Cassidy Wolf. Unless she complied with his demands, he threatened to post her picture to hacked accounts of her friends on Facebook, and said that nothing she could do would stop him.
“Block all the people, delete your account, whatever, just know that I finally decided I have enough Facebook’s and will upload your picture on all of them,” Jared wrote.
Jared turns out to be a multinational RAT, making similar threats to girls from Canada, Ireland and the list went on. He forced some to strip for him on Skype while he recorded it.
An Irish girl had pleaded “Please remember I’m only 17. Have a heart,”
Jared replied: “I’ll tell you this right now! I do NOT have a heart!!!”

Later after his arrest, Jared was to tell FBI officers that he was “not normally aggressive.”

Of those who did not comply with his demands some had their photos released. While the FBI was interviewing one of the victims she discovered nude photos of her had been posted on Instagram.

Closing the case was the discovery on June 4th in a raid on Jared’s family home of numerous videos of his victims along with RAT software tools. He admitted to everything. This master RAT knew every major webcam type and driver and had got “no lights” RATting down to a fine art. That is monitoring a captured webcam ensuring the light on the camera is remotely turned off during operation.

Jared can perhaps consider himself lucky he will not be convicted and sentenced to a custodial term in an Australian prison. In the informal prisoner ranking system a RAT would probably rank just above a “rock spider.” This is an Australian prison term for a paedophile. They are considered the very bottom of the bottom feeders. Australian inmates in our prisons go out of their way to ensure a “rock spider” does really hard time. Jared would be the object of some very tough love.

Related Articles:

Dark Google and the RATTER’S

In a previous post called ratters and slaves I said a smart girl forewarned and armed with a band-aid to stick over her web-cam can prevent a pimply pervert turning her into a photo slave and presenting her in a forum to other socially dead ratters like himself.

As like attracts like and birds of a feather flock together Karma insures that these loathsome lads will fall in love with a harridan from hell who will one day leave and take from them everything they own and love, and anything they could ever own and love. You can only hope, because they deserve it.

Perhaps a ratter’s future fate is in even worse hands, in a Russian ratter’s hands that is. In another web-cam scam Australian men watching pornography have been captured through the cam with their pants down and blackmailed using “Ransomware” software.
The victims are instructed by the hackers to pay a fine and if the fine is not paid within 72 hours, the incriminating images are released to the world or data files on their computer encrypted until payment or wiped.

Sean Kopelke, technology director with IT security firm Symantec has identified 16 versions of malware linked to organised crime gangs in Russia, Europe and the Middle East.
A recent Symantec study of one virus found 68,000 computers were infected within a month, with 2.9 per cent of those ensnared by the scam making payments of almost $400,000.

Another tool in the tool box for a RAT (Remote Administration Tools) is Shodan. Named after a bad guy in the “RPG” Game System Shock this search engine adds information on half a million new devices every month.
The ‘scariest search engine’ is peering in the darkest corners of the internet and finding servers, webcams, traffic lights and even power plants open to anyone with a computer.” CNN Reports

Anyone on the prowl in this “Dark Google” search engine can roam from causing brainless, spur of the moment idiocy to some very dark and dirty stuff! From making your mates garage roller door go up and down forever, to a suspected killing of a journalist by controlling his cars computer and doing a “Top Gear” high speed assassination on him.

Few of these thousands of devices even have passwords and were never intended to go online in the first place. Even if they do have passwords its ‘admin’ or ‘1234’ and you are in. It’s becoming like another Millennium bug mania at the time the clock turned 12 into the year 2000.

From nuisance raids on your home security system and lighting to the local pubs cooler rooms, the local crematorium and to turning the traffic lights off in the whole town or city, the possibilities are numerous. Then what about power stations, a particle-accelerating cyclotron or nuclear power plant, many may be open to device hacking.

Tens of thousands of webcams, hydrogen fuel cells used in military instillations, power meters, theatre lighting, heat pumps are all online. You could really do some damage with this” – Independent security tester Dan Tentler, said at a Defcon cybersecurity talk.

The darkest rumour so far, from the “Dark Google” world is that of Rolling Stone reporter Michael Hastings who friends said “drove like a Grandma” dying in an unusual high speed crash on June 20th.
I’m not a conspiracy guy. In fact, I’ve spent most of my life knocking down conspiracy theories. But my rule has always been you don’t knock down a conspiracy theory until you can prove it wrong. And in the case of Michael Hastings, what evidence is available publicly is consistent with a car cyber attack. And the problem with that is you can’t prove it.”
Richard Clarke, Former U.S. National Coordinator for Security, Infrastructure Protection, and Counter-terrorism.

Considering the possibility of a cyber attack on your car or your roller door going up and down mindlessly forever reminds me of the Steve Wozniak quote: “Never trust a computer you can’t throw out a window”

Related Articles

Ratter’s and Slaves

When I was first asked as a teacher by parents concerned about protecting their children from inappropriate online content I used to say that rule number one, was don’t have an internet connection in a teenagers bedroom. Have internet connected computers in the lounge room. That way everybody in the family can see what everybody else is looking at. Probably not applicable anymore with wi-fi networks and portable devices. Impossible to police.

Which makes this post scary for any parent with a teenage daughter. There is a group of “slime-balls”, mostly young men who use “RAT” applications, (Remote Administration Tools) to gain access to computers with webcams, take them over, capture images of the girls they spy on, the more exposed the better. They call them “slaves”. Swap them, boast about them, find ways to get more of them and construct galleries of them. The hardest task is to remotely turn the camera light off so they go unnoticed as they prank and “perve”.
They give each other advice on forums about how to do this and how to get maleware methods of delivering this software on the target computer. Read more in this article, one of many references I’ve found to these “Ratters“. They use the “Hackers” search engine to find online devices.

So if you visit a family and see that smart teenage daughter with a band-aid over the web cam on her laptop, don’t pay out and laugh, she is probably smarter than you.

Related Articles

RAT Technology    JD Journal