Heard of RATs? We are not speaking of rodents but digital RATs. These guys are equally “dirty” & enter your houses with malicious intent.
Digital Citizens Alliance (DCA), a coalition of consumers, businesses, & Internet experts focused on educating the public + policymakers on the threats people faced on the Internet, has released a fresh report of a study on malware which is troubling, to say the least.
DCA said its investigation had found some troubling trends: using popular search engines to scour the Web, people were found offering RATs to anyone interested in obtaining the malware. The results of this study had confirmed findings from others’ previous research that RATs “were an inexpensive & technically simple to use tool.”
So what or who exactly were RATs? Here’s an explanation by the Alliance: The vast majority of digital creators wanted to do good things, but a few had used their talents to develop a new generation of malware. Unfortunately making malware, & the disruption it caused, was “a growth industry”, said the report.
This malware was slowly finding its way into the hands of teens & young adults. With this weapon at their disposal, a growing subset of hackers—or Ratters—were disrupting the lives of families across America using Remote Access Trojans (RAT).
For its study, DCA said it went looking for how these ratters were sharing ideas & tools. It found an increasingly sturdy infrastructure built to cater to aspiring hackers. DCA researchers found that these hackers relied on established, trusted companies as well as more nefarious networks to find the resources they need to develop their skills.
Law enforcement had confirmed that RATs used in 1 on 1 attacks against consumers were “a growing problem”. It took ratters little time to enslave 100s of devices. From there, they could gather private information off those devices, which they could then use to “sextort” the owners of the devices. The ratters frequently took control of gadgets & devices in girls’ bedrooms, took pictures of the girls when they were unaware of the hack, then threatened to release the pictures to wider audiences unless they complied with a ratter’s demands. It was difficult to know how many people’s computers had been “slaved” as a result of a Remote Access Trojan attack, because victims were often scared and ashamed to come forward.
What was even more shocking was that using the popular hacker chat page Hack Forums, the study also found ratters selling slaved devices & thereby making money from their malicious attacks on consumers. Girls’ devices sold for more than boys. The study also captured multiple chats with ratters saying that YouTube & “content theft” sites (i.e., The Pirate Bay, Kickass Torrents, & other Sites that provided unlicensed movies & music) were the best places to “spread” RATs. In almost 8 months of searches on YouTube, the DCA team had found thousands of RAT tutorials. These included many that showed how to use & spread RATs; links where ratters could download the malware; & examples of RATs successfully deployed showing victims’ faces & IP addresses. The study found IP addresses potentially connected to devices in 33 states & dozens of other countries.
About 38% of the tutorials for the best-known RATs & advertisements running alongside the videos, the team found. “The advertising we found included well-known car companies, cosmetics, & even tickets to New York Yankees’ baseball games. YouTube’s parent company, Google, is positioned to get revenue from the sharing of these malicious tutorials that target innocents”, said the report in its findings.
By allowing advertising to remain next to these tutorials, YouTube also provided another stream of revenue for ratters. Using the partner program, ratters were poised to get a cut of advertising revenue from Google. On Hack Forums, the study found experienced ratters recommending Content theft sites to script kiddies looking for tips on how to spread RATs. It found YouTube tutorials demonstrating how ratters can use known Content theft sites like Pirate Bay & t411 to build deceptive materials like malicious links and PDFs. These materials were left on Content theft sites like traps left for animals, said the report.
So what could be done about it? Based on its investigation, Digital Citizens has recommended:
>> The creation of awareness programs to alert parents & young people to the potential threat they could be exposed to when clicking on unfamiliar Websites & ads or downloading sketchy programs.
>> That parents talked with their teen/pre-teen children about computer safety & let them know to come to them if any Online behavior made them uncomfortable or nervous. Digital Citizens investigation found that teens were apprehensive about letting their parents know their computers were compromised.
>> That law enforcement got additional resources to increase regulation & awareness of computer-related crimes. One of the best deterrents was seeing hackers punished for illegally invading the privacy of their victims.
A solution exists, it said, but it would “require Google to change the way it approached this issue”. When Google was serious about solving a problem, it assigned a human team to do what an algorithm clearly could not. Bringing in human teams helped block tens of thousands of search queries for child pornography & also ensured the quality of apps on Google Play. Hacking victims deserved the same concern & protection, felt the Alliance.
Among the many recommendations made by the DCA team, 1 of them was that search engine Google assign a human team to review these videos & immediately cease advertising on such video platforms.
“These victims should not be clickbait & ad revenues from slaving tutorial videos can’t be worth the pain and suffering they cause”, was one of its key suggestions.
In its Summary & Recommendations section, the report has said:
The DCA said it was time for Google to stop running advertising next to videos showcasing ratters’ purges of private personal moments & sensitive information. Slaving a device may not be a physical attack, but it could be just as devastating & painful to the victims of RAT attacks.
Such steps would cost Google money, agreed the study team. But would Google take action to stem a rising tide of RATs spreading across devices all over America? Or, would it continue to put profits before people, were some of the uncomfortable questions raised by DCA.
The Alliance also clarified that it was not asserting Google had committed a crime. But, as a consumer advocacy group, it said, it believed that the company could use its tools & skills to help ward off the ratters that are selling “slaving” in these YouTube videos & the slow the spreading of their evil activities. Google was in a position to help solve the “slaving” problem, instead of profiting from it.
Here’s one way how: All the screen shots in this report included advertising at the time the researchers had found them. Many of the people posting the videos were part of YouTube’s Partner Program. They had given YouTube permission to include the ad while, in return, YouTube had agreed to give them a split of the advertising revenue. In order to be a member of the YouTube Partner Program, the content creator must start a Google AdSense account to begin monetizing their content. The YouTube Partner Program’s guidelines on monetization stated that each video must be “approved for monetization” to enable advertising which, in turn, allows the “YouTube Partner” to receive a split of the revenues. So someone, or something, had “approved” the videos running with Partner Program advertising. Who, or what, would approve advertising next to videos that humiliate children, is a question that the report has raised.
Right now, Google splits revenues 55:45 with eligible YouTube Partner Program participants. The report said there was no incentive for Google to end such a program — unless the company heared from the very advertisers who — unintentionally — made this revenue possible. It were these companies that saw their ads running next to these videos marketing ‘slaving’ that could force Google to act; this would likely result in more aggressive monitoring & rejection of videos that put money in the pockets of the pushers of malicious materials, the report summarized.
One thing was clear, this was a serious issue that could not be swept under the rug. That was what the hackers were counting on so that they didn’t get caught & punished, said the report. Given the increasing sophistication of technology & therefore criminal opportunity, this problem was only likely to get more complex.
To stop the hackers will take a concerted effort of parents, young Internet users, safety groups & law enforcement, said DCA.
Image Credit: DCA
•Share This•
