Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Privacy Security

FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and Listen in On Conversations (zdnet.com) 111

The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years. From a report: The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018. US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone. Court documents reveal Durachinsky wasn't particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children. Durachinsky created the malware when he was only 14, and used it for the next 14 years without Mac antivirus programs ever detecting it on victims' computers. [...]

Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.

This discussion has been archived. No new comments can be posted.

FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and

Comments Filter:
  • ... attack.

  • by techno-vampire ( 666512 ) on Sunday September 30, 2018 @04:44PM (#57400354) Homepage
    Judging from TFS, he was just the cyber equivalent of a peeping tom. And, if he was only 14 when he started, I don't know if you could really call him a pedofile if the pictures were of girls his own age.
    • by Anonymous Coward

      Charge, anything we can think off. "Computer hacking" since it's conveniently not defined in the law, "misuse of an electronic device", "unauthorised access of a protected computer" (there was a password, no matter how weak), and a handful of others on the technical side.

      And surely we most certainly can charge him with sexual misconduct, stalking, child abuse, producing child porn (minor in the view and taking screenshots, anyone?) and whatnot else. He's 28 now, and we'll just conveniently forget the pictur

    • by Anonymous Coward on Sunday September 30, 2018 @05:10PM (#57400442)

      >Judging from TFS, he was just the cyber equivalent of a peeping tom.

      Hardly.

      2. During his more than thirteen years of accessing protected computers without the appropriate authorizations,
      Defendant accessed protected computers owned by local, state and federal governments, a police department, schools, companies and individuals.
      3. Defendant developed computer malware later named "Fruitfly" and wrote variants capable of infecting computers running macOS and Windows operating systems.
      4. Defendant installed the Fruitfly malware on thousands of computers ("Fruitfly
      victims").
      5. The Fruitfly malware gave Defendant the ability to control a Fruitfly victim's computer by, among other things, accessing stored data, uploading files to a Fruitfly victim's computer, taking and downloading screenshots, logging a user's keystrokes and turning on the camera and microphone to surreptitiously record images and audio recordings.

      Read the rest of the indictment here: https://www.justice.gov/opa/press-release/file/1024116/download [justice.gov]

      I don't know what the guy's job is now, but after he gets out of prison I'm thinking the CIA may want to hire him.

      • The damage is not clear. Are you saying that the malware installed weakens the systems to further attack?
        I'm not swayed by that lazy socially manipulative paedo b.s.

        This a very valid concern! The crime here is very heavy on thought and less on actions. If we are prosecuting people for thoughts not actions then we're really screwed.

        Why not highlight how the victim felt when they found out? That's a real effect and that has to be focussed on.

    • by Anonymous Coward on Sunday September 30, 2018 @05:16PM (#57400462)
      Age does not matter when it comes to pornographic images of minors. There have been people under 18 who have gotten in trouble for sexting pictures of themselves, which is technically production & distribution of child pornography.
      • No, the true hypocrisy comes when these people under 18 who send pictures of themselves are charged with producing and distributing child porn, as an adult.
    • What do you charge him with?

      Acting as if he were an agent of a US TLA engaged in domestic intelligence operations.

      Only US TLAs are authorized to snoop on US citizens within the US without warrant or probable cause and store the data. /s

      Strat

    • Keep in mind that 14-year-old girls have gotten in legal trouble [aclu.org] for sending nudes of themselves.

      Se yes, if he's gotten pictures of people under 18 naked, he's gonna be charged with child porn.

    • by hipp5 ( 1635263 )

      JAnd, if he was only 14 when he started, I don't know if you could really call him a pedofile if the pictures were of girls his own age.

      Might not make him a pedo (at the time; but he would be now), but it IS still child porn.

  • By others I could imagine some of those three letter federal government agencies use this software or other functionally like it to keep an eye on us in the name of national security. Cover up your camera and computer microphone, folks. I'm not sure your phone would be vary useful without the microphone, though.
  • by Anonymous Coward

    Oh shit. No! stop! Oh god wtf is wrong with you!

  • by 140Mandak262Jamuna ( 970587 ) on Sunday September 30, 2018 @06:11PM (#57400606) Journal
    ... who was looking through windows without drapes ....
  • ... we would have lost a great science fiction writer John McFly
  • Way to focus! (Score:5, Insightful)

    by ArhcAngel ( 247594 ) on Sunday September 30, 2018 @07:22PM (#57400824)
    I love how most of the comments are debates on whether the guy is a pedo or not and virtually none so far has addressed the fact that this vulnerability has been in use for fifteen years! I can't believe the Mac haters aren't piling on. Come on guys...don't let me down!
    • by Anonymous Coward

      The summary is pretty unclear. So he scans IP addresses looking for RDP/SSH server running then guesses weak passwords. Is that what the fruitfly did? I mean, once he's in what does the fruitfly do that he couldn't do normally via RDP or SSH? And running RDP/SSH isn't usually considered a vulnerability (unless it's on by default); usually it's a feature. The users' weak passwords is their own vulnerability, not a fault of the OS. Unless the OS refuses to allow you to run SSH with a stupidly weak passw

    • I just looked into my task manager on my Mac.
      There is is no fruitly.exe running at the moment!

  • It sounds like the FBI's cold case unit filing another 15 year old success.

    When reading the article (yes I know) title should be more like:

    Criminal successfully evades FBI during a 15 year long crime spree.

  • Weak Passwords make for Weak Security.

    " The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or

Real Programmers think better when playing Adventure or Rogue.

Working...