In the battle against terrorism, we've learned this the hard way: it's nearly impossible to stop a "lone wolf" who is isolated and plots in secret to do something terrible.
People run down on the sidewalk in New York City and those shot in Las Vegas come to mind most recently. Lone wolf. Dangerous.
The same thing is true in the cyber world. There are groups of criminals, and even governments, doing what is expected of them: spreading ransomware to make money, stealing trade secrets to save on R&D, and attempting to sabotage our infrastructure.
Leaders in cybersecurity know how to fight back against most of these attacks because tactics and tools are often used repeatedly. It's a battle, back and forth, with your known cyber enemy.
It is a different story, entirely, when you look at a lone wolf in the cyber world. Just like the lone wolf in the physical world, a skilled one acting alone can do a lot of damage before being caught. And it leaves you with an unsettled feeling about the world. That's what this story is about.
Cybercrime lone wolf wrote code, watched the world for years
Phillip Durachinsky is 28 years old, and he may have been watching you.
According to grand jury documents, he wrote malicious computer code as a teenager that could secretly turn on your computer's microphone and camera, live-stream the images and sound to his own system, and then save it for later. And he set triggers that would alert him when his targets were doing something he was interested in.
Prosecutors say he was able to collect and store millions of things from victims around the world: tax records, medical records, bank records, internet searches performed, and video and audio files.
And he did this for 13 years without getting caught. In fact, his secret was only revealed after he got arrested for allegedly hacking Case Western Reserve University near his Cleveland home in early 2017.
How did Fruitfly malware work?
According to court documents filed on January 10, 2018, he wrote malicious computer code, known as malware, and was able to spread it to "thousands of computers" around the world, running on both macOS and Windows operating systems.
These computers belonged to "local, state and federal governments, a police department, schools, companies, and individuals," the indictment says.
Cybersecurity researchers nicknamed his custom computer code as "Fruitfly," and speculated online and at computer conferences that the person behind it must be using it for some sort of surveillance.
Researcher Patrick Wardle, an ex-NSA analyst, told Forbes last summer the malware was disturbing to him: "Its features had looked like they were actions that would support interactivity: it had the ability to alert the attacker when users were active on the computer, it could simulate mouse clicks and keyboard events."
Now, only now, we know everything that was happening, because of the court documents filed this week:
- Fruitfly allowed Durachinsky to control a victim's computer by "accessing stored data, uploading files... taking and downloading screenshots, logging a user's keystrokes and turning on the camera and microphone to surreptitiously record images and audio recordings."
- "He saved millions of images and regularly kept detailed notes of what he observed."
- "Had a visual interface that allowed Defendant to view live images and data from several infected computers simultaneously"
- Would create "virtual machines" on Fruitflly victims' computers
- Used "the computing power and infrastructure of certain Fruitfly victims to spread the Fruitfly malware across the Internet"
- And he "created storage containers on certain Fruitfly victims' computers to store and process images and files obtained from other Fruitfly victims
So in plain English, that last allegation means that if your computer fell victim to his malware, another victim may have your screenshots, your tax records, your medical history. That is disturbing, isn't it?
Phillip Durachinsky faces 16 counts in the criminal indictment, and if convicted, he could be in jail for decades.
But how many other lone wolf cyber criminals are out there?
How many cybercriminals have also written code to watch us—and are doing it right now in secret?
