FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and Listen in On Conversations (zdnet.com) 111
The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years. From a report: The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018. US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone. Court documents reveal Durachinsky wasn't particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children. Durachinsky created the malware when he was only 14, and used it for the next 14 years without Mac antivirus programs ever detecting it on victims' computers. [...]
Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.
Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.
Queue Mac ... (Score:2)
... attack.
Re: (Score:2, Troll)
Well, shit.
I was going to match you IQ for IQ and say that your momma wears combat boots, but these days that's a compliment.
I want to express my "thanks," to all the moms who have served, are serving, and will serve, while wearing combat boots.
Re: (Score:2)
What about those that serve without wearing combat boot? And why you "thanks" and not your thanks?
Re: (Score:2)
Swoosh
Re: (Score:2)
When fruitflies get MAC addresses we know this whole Internet of Things is going too far!
Re: (Score:2)
I see what you did there.
What do you charge him with? (Score:3)
Re: (Score:1)
Charge, anything we can think off. "Computer hacking" since it's conveniently not defined in the law, "misuse of an electronic device", "unauthorised access of a protected computer" (there was a password, no matter how weak), and a handful of others on the technical side.
And surely we most certainly can charge him with sexual misconduct, stalking, child abuse, producing child porn (minor in the view and taking screenshots, anyone?) and whatnot else. He's 28 now, and we'll just conveniently forget the pictur
Re:What do you charge him with? (Score:5, Informative)
>Judging from TFS, he was just the cyber equivalent of a peeping tom.
Hardly.
2. During his more than thirteen years of accessing protected computers without the appropriate authorizations,
Defendant accessed protected computers owned by local, state and federal governments, a police department, schools, companies and individuals.
3. Defendant developed computer malware later named "Fruitfly" and wrote variants capable of infecting computers running macOS and Windows operating systems.
4. Defendant installed the Fruitfly malware on thousands of computers ("Fruitfly
victims").
5. The Fruitfly malware gave Defendant the ability to control a Fruitfly victim's computer by, among other things, accessing stored data, uploading files to a Fruitfly victim's computer, taking and downloading screenshots, logging a user's keystrokes and turning on the camera and microphone to surreptitiously record images and audio recordings.
Read the rest of the indictment here: https://www.justice.gov/opa/press-release/file/1024116/download [justice.gov]
I don't know what the guy's job is now, but after he gets out of prison I'm thinking the CIA may want to hire him.
Re: (Score:1)
The damage is not clear. Are you saying that the malware installed weakens the systems to further attack?
I'm not swayed by that lazy socially manipulative paedo b.s.
This a very valid concern! The crime here is very heavy on thought and less on actions. If we are prosecuting people for thoughts not actions then we're really screwed.
Why not highlight how the victim felt when they found out? That's a real effect and that has to be focussed on.
Re: (Score:2)
But you quoted something that IMO reinforce the idea that this was just a digital peeping tom instead of someone out for financial gain or the like.
Re: (Score:2)
This is the best reply I can think of. https://i.kym-cdn.com/photos/i... [kym-cdn.com]
Re:What do you charge him with? (Score:5, Interesting)
Re: (Score:3)
Re: (Score:3)
That is a load of pure horseshit. Just because you had a "thing" for your mother doesn't mean the rest of us did.
No, I definitely had a thing for his mother.
Re: (Score:2)
But if you're still interested in 14 year old girls after 18, there may be something wrong with you or you might be developmentally stunted in some way.
Depends how mature the 14 year old is. I had my first "real girlfriend" with 15, and she was 14. If I had been 18 I had chosen her anyway, why would I not?
And no, I never really was interested in "older woman" (I assume you mean around 20, for a 16 year old?) but my math teacher and one of my music teachers was "kinda hot" :D
Young people like to bond togethe
Re: (Score:2)
Of course when you're 14, adult women want absolutely nothing to do with you, so you have to settle for someone your own age.
Boy have you not been paying attention. Hardly a week goes by without some teacher somewhere who gets caught with her hands in the till. I suppose it's fair given the hysteria over men in the past decade.
Re: (Score:2)
Re: (Score:2)
What do you charge him with?
Acting as if he were an agent of a US TLA engaged in domestic intelligence operations.
Only US TLAs are authorized to snoop on US citizens within the US without warrant or probable cause and store the data. /s
Strat
Re: (Score:2)
Keep in mind that 14-year-old girls have gotten in legal trouble [aclu.org] for sending nudes of themselves.
Se yes, if he's gotten pictures of people under 18 naked, he's gonna be charged with child porn.
Re: (Score:2)
JAnd, if he was only 14 when he started, I don't know if you could really call him a pedofile if the pictures were of girls his own age.
Might not make him a pedo (at the time; but he would be now), but it IS still child porn.
Re:WHY are you APOLOGIZING for a PEDO? (Score:5, Insightful)
Do you know where the data you had 14 years ago is? Every single HD you ever owned, every single CD you ever burned? Can the hysteria, please.
Parent has some good points... (Score:5, Interesting)
The FBI comes in and they image everything you've got that they find.
You might be safe now but in the future legitimate things you have might become crimes. You don't know what that might be; even if you do, like parent said, your old backups get lost or the old computer in the basement you didn't recycle or give away because you've not wiped it clean and put that off...
Think about something innocent not this guy's stuff-- and a decade from now the mere possession or mention of such things is a crime. You are not charged with a crime back in time (not allowed) but instead are charged for currently having such materials.
This could be the Anarchist's Handbook you got online in the 90s because everybody was making a fuss about the silly thing. Then after 9/11 they find that in your stuff and get you as a terrorist!
Think.
Re: (Score:2)
Lol, AC it's pretty clear from this post that the only "consenting legal age woman" you've ever been around is your own mother.
Re: (Score:2)
It would support your silly rant if you could provide an example of this ever being a problem in a sane, civilized society. Soviet, North Korea or Nazi Germany aren't examples of the later BTW.
Silly? (Score:2)
No.
You must not know that North Korea exists today? You must not know that Germany was probably the most educated, most literate DEMOCRACY and known for being practical to the point of being "cold" before they descended quickly into extreme despotism and you think my comment is silly? You must not live in the USA, outside a big liberal city either. You must not live in a big liberal city either or you'd get plenty of ideas from the SJW.
Seriously? an example? ok how about what should be obvious:
Nude pho
Re: (Score:2, Informative)
He was producing cp up until last year when he was arrested.
ged and incorporated by reference as if fully set forth herein. ...
15. From on or about October 25, 2011 through on or about January 14, 2017, in theNorthern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.DURACHINSKY did use a minor and minors to engage in sexually explicit conduct, as defined in Title 18, United States Code, Section 2256(2), for the purpose of producing a visual depiction of such conduct, knowing and having reason to know that such visual depiction would be transported and transmitted, using any means and facility of interstate and foreign commerce, and in and affecting interstate and foreign commerce; such visual depiction was produced and transmitted using materials that had been mailed, shipped and transported in and affecting interstate and foreign commerce; and such visual depiction was actually transported and transmitted, using any means and facility of interstate and foreign commerce, and
Re: (Score:2)
Is this a verdict or accusation?
Re: (Score:2)
When I was 14, hardly any floppy existed. A hard drive costed more than your car and CDs definitely did not even exist as a wet dream of a research lab assistant.
But I get your point ... my stupid parents most surely have a naked pic of me when I was 7 or 8 or 10 playing at a Baggersee. Or god forbid: even younger!!!
Re: (Score:2)
One wonders if others used this (Score:2)
Re: (Score:3)
OSX/FruitFly
https://objective-see.com/blog... [objective-see.com]
"New Mac backdoor using antiquated code"
https://blog.malwarebytes.com/... [malwarebytes.com]
THINK DIFFERENTLY! (Score:1)
Oh shit. No! stop! Oh god wtf is wrong with you!
Re: (Score:2)
MacOS doesn't have these services by default, you have to explicitly turn them on...
So they charged a peeping tom (Score:3)
Re: (Score:2)
If you see someone left their door unlocked that's not an invitation to enter their house.
Re:So they charged a peeping tom (Score:5, Funny)
... who was looking through windows without drapes ....
Um, he was looking through Macs, not Windows.
If they had such laws in 1954 ... (Score:2)
Re: (Score:2)
I think you mean George McFly, butthead. :p
Re: (Score:2)
Way to focus! (Score:5, Insightful)
Re: (Score:1)
The summary is pretty unclear. So he scans IP addresses looking for RDP/SSH server running then guesses weak passwords. Is that what the fruitfly did? I mean, once he's in what does the fruitfly do that he couldn't do normally via RDP or SSH? And running RDP/SSH isn't usually considered a vulnerability (unless it's on by default); usually it's a feature. The users' weak passwords is their own vulnerability, not a fault of the OS. Unless the OS refuses to allow you to run SSH with a stupidly weak passw
Re: (Score:2)
People installing RDP and SSH generally know better than to use brute forceable passwords (or passwords at all). But this also attacked protocols for iCloud and other "helpful" services that are either on by default or enabled by the vast majority of Mac users.
They may be enabled by default; but they are still password-protected. It's up to the User to create a Robust password, though.
Re: (Score:3)
I just looked into my task manager on my Mac.
There is is no fruitly.exe running at the moment!
Re: (Score:2)
15 year old fruit flies like 14 year olds' bananas
Now excuse me while I get back to my Mac. Oh wait I don't have one. I have this peculiar aversion against proprietary stuff.
Right.
Because Open Source NEVER has longstanding vulnerabilities...
**Cough** Heartbleed **Cough**
The title sounds as if ... (Score:2)
It sounds like the FBI's cold case unit filing another 15 year old success.
When reading the article (yes I know) title should be more like:
Criminal successfully evades FBI during a 15 year long crime spree.
...And in Other News... (Score:2)
Weak Passwords make for Weak Security.
" The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or