Earlier this week, the Canadian Radio-Television and Telecommunications Commission (CRTC) got off their collective overpaid asses and did something for the country. Sort of.
The chief compliance and enforcement officer for the commission penalized John Paul ‘Armada’ Revesz and Vincent Leo Griebel, proprietors of a company called Orcus Technologies, for the development, sale, and promotion of malware.
Normally hackers are portrayed as basement dwelling malcontents digitally sniping at society under advanced and obscure technological protection. Shows like The Blacklist and books like Girl With the Dragon Tattoo extend the reach of this social myth into raw hyperbole. It’s not only the precedent that states that creation and support of malware comes with huge penalties, it’s that this variety of criminal can and will be caught.
“We are pursuing our efforts to intervene in online threats that compromise Canadians’ personal information and disrupt their online activities. By working closely with our partners, we were able to take down this cyber threat. I’d like to thank the RCMP National Division and the threat researchers at Palo Alto Networks for their collaboration and assistance,” said Steven Harroun, chief compliance and enforcement officer for the CRTC.
The total amount of the fines levied by the CRTC amounted to $100,000 for the two, and an extra $15,000 for Revesz for operating a secure dynamic domain name service used as a nexus between hackers and a variety of infected machines.
So, basically this:
Let’s put this in perspective.
Hacker tech support
The RCMP led investigation uncovered that Orcus Technologies had been marketing and selling a Remote Administration Trojan (RAT), which would let system administrators manage their computers remotely. Revesz has maintained since 2016 that he carries no responsibility for how his licensed customers use his product, and insisted that it was Remote Access Tool, rather than a trojan. Although if Armada and his team were marketing it more like a trojan back in 2016, and even providing ongoing tech support for customers having trouble figuring out how to infect new machines or hide their activities online.
This is the software used commonly by hackers at the business end of a phishing or cryptojacking scheme. They write their malware and attach it to an e-mail with one of those pithy catchlines to get you to click on the extension, which downloads a virus onto your computer. This virus won’t be immediately apparent—you may not even see it downloading—but it’s there. Next up? Someone’s putting cryptocurrency mining equipment on your computer from afar while you’re asleep, using it to mine cryptocurrency and rerouting it to their wallet, and you won’t find out until your next electric bill.
This particular RAT included a list of features and plugins advertised such as DDoS-for-hire capabilities, and the ability to mute the webcam indicator light, so it can record you without your knowledge. The RCMP filed the charges eight months after executing a search warrant at Revesz’ home, where they seized several hard drives containing Orcus RAT customer names, financial transactions, and other information.
“The evidence obtained shows that this virus has infected computers from around the world, making thousands of victims in multiple countries,” the RCMP said.
A growing concern
The biggest and most lucrative use of this type of scam has been the business email compromise (BEC).
It’s when Karen from accounting opens the e-mail from the Nigerian prince she’s been chatting with on skype, and finds that he’s included a picture of himself and what used to be his palace. Or that’s what he says it is, anyway. When she opens it she’s saddened and confused that there’s no palace. Instead, it’s downloading a file onto her hard drive.
This file takes root and spreads through the network, eating data like passwords and credit card numbers and other important data. Maybe it sets up a keystroke logger, and then suddenly it’s got all of the usernames and passwords, including those for corporate and personal online banking, any cryptocurrency exchanges, etc, for everyone on the network. (Orcus RAT had one of these) You get the idea.
BEC has been escalating over the years:
And become something of a major international concern:
But the CRTC was fine with giving these guys a six-figure fine, which they’ll either probably pay in monero just for laughs, or maybe from the coins in their couch cushions.
Our tax dollars at work, folks.
It sends a terrible precedent, and says to all the various victims (and future perpetrators) of this growing type of theft that the government either doesn’t understand the gravity of the crimes being committed here (which they probably don’t) or they don’t really care.
Until next time, keep hodling and don’t open any suspicious emails.
—Joseph Morton