Author Kills DarkComet Spyware After Syria Uses It

judgecorp writes "DarkcoderSc (Jean-Pierre Lesueur) has ended the DarkComet Remote Access Tool (RAT) project, after it emerged that the Syrian government had used the software to spy on its opponents. The tool was also used to target Mac OS X systems last year."

Interesting.

[gcnaddict]

So this was... legal malware? Can someone clue me in on the history of this utility? As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

Re:

[Exrio]

imagine the inventor of the firearm deciding to call it quits because someone found a way to hunt with it instead of kill people (in self defense even?).

Except in this case, unless I'm missing something (is the Syrian government considered better or worse than the activists?), it's the other way around.

Re:

[v1]

Brutal military dictatorship (current government) or Islamist theocracy (rebels), take your pick.

Nuke from orbit?

So easy to go back only a few decades and see how the US, USSR, etc were backing revolutions to get rid of an undesirable govt, only to see it replaced with something different but just as bad. Pineapple face comes immediately to mind, but I heard there was a hand in Saddam as well, just to name a few.

Thing is, the "rebels" are rarely being lead by someone that supports the people. It's more of

Re:

[TheLink]

Violent revolutions tend to result in the ones willing and able to do the most violence reaching the top. Once they are there, they usually don't let anyone else take over. And who can stop them? They can defeat everyone else in the country - they've already done it on their way up.

That's why most (all?) communist revolutions lead to Dictatorships - because Engels etc put violence as part of the implementation plan.

When leaders are those with the most soldiers rather than the most votes, it's a lot harder t

Re:

[shaitand]

That's easy. The difference between the successful revolutions and the unsuccessful ones is economic power and backing. The American Revolution, British, French, etc (there are at least as many nations with successful revolutions that haven't led to dictatorships as there are those that have) were successful and didn't lead to dictatorship because they weren't led by the people fighting but rather were backed by third parties. Usually parties with economic power and social status. For instance, in the Ameri

Re:

[manu0601]

Except in this case, unless I'm missing something (is the Syrian government considered better or worse than the activists?), it's the other way around.

Yes, if we talk about self defense, there should be a balance between attacker and defender. If you shoot an unharmed attacker in the back, it is difficult to call that self defense.

Re:

[Eponymous Hero]

guns were invented first and foremost for war, so that's why it is the way it is. it's not the other way around. the RAT tool was also invented for an aggressive purpose, but can be used for good in the right context. it's amazing how many people completely missed this and decided i must be trolling. not this time, assholes!

Re:

[History's Coming To]

His ability to turn it off is a weapon, are you trying to say he's not allowed it?

Re:Interesting.

[Ciccio87]

So this was... legal malware?

Hacking / security testing software is legal, it's its usage that could be illegal.

Can someone clue me in on the history of this utility? As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

It was a RAT (Remote Administration Tool, strict relative of a trojan horse), it could, in effect, be used for good purposes (or for learning purposes, but, without sources, the chanches for this are lesser), however yes, it was mainly a PoC and an exercise in style.

[OT] However, old news is old.

Re:

[rbrausse]

So this was... legal malware?

Hacking / security testing software is legal, it's its usage that could be illegal.

not in Germany [slashdot.org]. Sigh, stupid politicians...

Re:

[gl4ss]

well,

what's the difference between carrier iq and "hacking software"? or between hacking software and nmap? between hacking software and remote desktop? it boils down only to how it is marketed and installation path.

Re:

[amicusNYCL]

As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

From what I can tell, this is a backdoor installer used by attackers that the author claims is actually something along the lines of proof-of-concept/research malware designed to be used for testing purposes, so as to avoid legal liability.

what is malware?

[TapeCutter]

What legal liability? AFAIK the only restrictions on what code one can write and distribute involve encryption, encryption was (is?) considred a munition by most major nations, and therefore had/(has?) export restrictions applied to it. Code is simply a tool for making other tools, and aside from the encryption thing, none of it is illegal. What you do with those tools may or may not be legal.

It boils down to how you approach the question, what is malware? If you think of that as a technical question tha

Re:

[amicusNYCL]

It boils down to how you approach the question, what is malware?

However you want to define it, part of the definition is getting the software installed without the user knowing what, if anything, they're installing.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Anonymous Coward]

Authors of RAT's usually claim they are for legal uses only, only to be used on computers you are allowed access to. Claiming it is like a VNC server, even though they are straight up trojan horses. I don't know of any trojan author who has gotten into legal issues who wasn't also involved in viruses / worms / bot nets.

Re:

[Charliemopps]

So Windows RDT is a hack tool? What about all the remote administration that's done in corporate environments? My security team can remote into my computer at any time and view everything I'm doing... they can move files around, download stuff... whatever they'd like... all without me knowing a thing. Is that a trojan? I use a RAT to control remote PC on my network that just plays music on my porch. Is that a trojan? There's plenty of stuff this kind of thing is useful for that's not illegal.

Re:

[BronsCon]

GoToMyPC and LogMeIn certainly do, it's part of the "ease of use" functionality that means even my very nontechnical designer can use it to remote into his PC at home (with a stock unconfigured router, so no port forwarding) from the office.

Re:

[Anonymous Coward]

No, GoToMyPC and LogMeIn don't have a built in option to inject the server code into a running iexplorer.exe process to disguise itself as a trusted program to bypass firewalls like DarkComet or other spyware.

Re:Interesting.

[davydagger]

at this moment, there is no class of code that is illegal. Its completely legal to write malware, viruses, network security tools.

Its only illegal if you use them against other people's computers. In fact most of the same tools used to break into computers are used to test security legimately, and many have even more diagnostic utilities.(wireshark, nmap, net cat, etc...)

Re:Interesting.

[ae1294]

In Japan it's illegal to write or even save a virus to your computer. Apparently you get 3 years of jail time for writing and 2 years for acquire a virus.

Citation: http://www.futuregov.asia/articles/2011/jun/22/japan-enacts-anti-computer-virus-law/ [futuregov.asia]

Re:

[Monkier]

Some was arrested in Japan for this recently: http://yro.slashdot.org/story/12/07/05/135230/japanese-13-year-old-arrested-for-virus-creation [slashdot.org]

Re:

[Anonymous Coward]

Unless you're working for Sony. Just call the virus "DRM" and you'll be fine.

Re:

[davydagger]

this is terrible. Do they grant licenses for virus researchers?

what about the in case of the low budget, some guy in a basement open source type? I guess you can't crowd source virus research now.

In a future were viruses are outlawed, only the outlaws will be able to do ANY work, to include legitimate research on viruses.

Re:

[flappinbooger]

So this was... legal malware? Can someone clue me in on the history of this utility? As far as I can tell, this looks like proof-of-concept/research malware designed to be used for testing purposes, but that's the best I can gather.

Dark Comet was simply a very robust and functional Remote Admin Tool. You know, like Teamviewer or Logmein Pro or.... Take your pick.

The thing is, it was free and it was totally customizable in how you compile the client side service. Meaning, you could make the runtime executable glom itself into explorer.exe or iexplore or whatever persistence method you wanted. It could automatically add itself to the registry in different ways to guarantee it running.

Also it reportedly could respond well to having the s

Honor among thieves?

[Alimony Pakhdan]

Or am I missing something here?

Prosecute authors of remote administration tools?

[tepples]

This in the article worries me: "Symantec said that any closures of [remote administration tool] projects were a positive thing, especially if the creators were compelled to do so by the threat of prosecution." So are GoToMyPC, LogMeIn, and SSH considered terrorist tools now?

Re:

[Anonymous Coward]

So are GoToMyPC, LogMeIn, and SSH considered terrorist tools now?

No, you fucking idiot. But nice strawman since the person you quoted said nothing about terrorism.

Re:

[tepples]

Author Kills DarkComet Spyware After Syria Uses It

the person you quoted said nothing about terrorism.

I'll grant that that particular quote does not mention terrorism, but the article mentions Syria, and Syria is one of the four remaining countries on the United States' list of State Sponsors of Terrorism [wikipedia.org].

Re:

[Anonymous Coward]

So your logic is: if Syria = Terrorism and Syria = (RAT) , there for (RAT) = Terrorism?

Re:

[murdocj]

So your logic is: if Syria = Terrorism and Syria = (RAT) , there for (RAT) = Terrorism?

I'm rescuing the parent post from being modded to oblivion since it hits the nail right on the head.

The law of unintended consequences...

[DesScorp]

... is a bitch.

I don't get it...

[ettusyphax]

So he shut the project down ostensibly because the Syrian government was using it to spy on citizens or whatever. "Misuse of the tool" being his words. Okay yeah that sucks but what did he expect people to use it for? Monitoring their baby's computer to make sure it doesn't choke on the keys? Shutting it down now as opposed to before when it was never used for nefarious ends? Seems like a pile of BS to me. More likely he shut it down because of legal threats now that he's on the radar - as is not-so-subtly implied by the article.

You made a bomb "for educational purposes" and then gave it away. Don't pretend like you're on some moral high ground when it goes off in someone's face and your name shows up in the newspaper.

Awesome

[n3r0.m4dski11z]

More developers should have the balls and control to do this. Kudos. But i have watched BBC.Panorama.2012.Homs.Journey.into.Hell. So you could say i am a bit biased. Burn that asad guy at the stake! war criminal beyond belief.

http://kat.ph/bbc-panorama-2012-homs-journey-into-hell-576p-x264-aac-hdtv-t6239795.html [kat.ph]

The noble hacker motif

[GodfatherofSoul]

Kind of like the noble hooker of Hollywood lore, abandoning her nefarious deeds for the good of humanity. Thank you, mon frere! Of course, it would've worked out great had you not started the project in the first place.

How's the blacklist sw for anti-pirate sites doin?

[Impy the Impiuos Imp]

It's all fun and games until someone loses an eye. Or resistance movememt.