Ohio Man Charged With Putting Spyware On Thousands of Computers

A 28-year-old man who allegedly hacked into thousands of computers to watch and listen to users has been indicted in Ohio. Federal prosecutors say Phillip Durachinsky created malware that enabled him to remotely access and turn on the cameras and microphones of computers.

Durcachinsky was indicted in the U.S. District Court for the Northern District of Ohio. Prosecutors say he has been hacking into computers for over 13 years. A source close to the case, who spoke on background, says Durachinsky was working from the basement of his parents' house.

Prosecutors did not say how Durachinsky got into the computers. But security researcher Patrick Wardle says people may have unwittingly opened an infected computer or file from a website. Wardle says once the malware gets on the computer "it has the ability to listen to people's conversations, turn on the webcam, take screen captures, record keystrokes. It's almost a complete surveillance device."

The malware was named Fruitfly because it was initially found on computers in medical labs where researchers were studying fruit flies. It was first detected on computers at Case Western Reserve University, which reported it to the FBI last year.

Wardle also discovered it around the same time. His research led him to computers in people's homes. Many were in Ohio, but they were also as far away as California. Wardle says the hacker had access to a 24/7 surveillance device.

"He could detect when the user is not sitting in front of their computer," Wardle says. "Then (he could) turn the webcam on to hopefully record or spy on the user perhaps as they're walking around their bedroom or something in that capacity."

Prosecutors would not speak with NPR because the case is ongoing. But among the charges in the 16-count indictment is the production of child pornography. The indictment indicates that Durachinsky used the computers to store pornographic images and to transmit them over the Internet. The computers helped to power his operation and spread the malware to computers in schools, companies, a subsidiary of the U.S. Department of Energy, and a police department.

It also appears that he programmed the malware to alert him if a user was watching pornography.

An attorney representing Durcachinsky could not be reached for comment.

Thomas Reed, with Malwarebytes, an anti-virus software maker, also discovered Fruitfly independently. He says the code was old — going back to the 1990s. "We were surprised to see that it had been undetected for so long and that we found it still active on somebody's computer," Reed says.

Fruitfly was found in both PCs and Macs. Many cybersecurity researchers were surprised it was on so many Macs. There are far more PCs in the world, so most hackers don't bother with Apple computers. But, Reed says, "as much as people like to say that Macs don't get viruses, there actually is malware out there for Macs."

Reed, whose company makes antivirus software for Macs, claims there was a 270 percent increase last year in new strains of malware for Macs.

There is also a reason Reed thinks the virus went undetected for so long. It was only targeted at thousands of computers — a relatively small number in the world of malware where millions of PCs can be targeted.

"If stuff like this is used in a very targeted manner so it's only being used to affect a small number of people, it can be really hard for security researchers to find it," Reed says. "We may never know about it for years."

That means there may be other spyware out there similar to Fruitfly that hasn't been found, he says. However, the FBI says it has not seen a lot of spyware cases like this.

The best protections against spyware are rather analog. One way is to cover the camera on your computer. That's what the Pope, Facebook CEO Mark Zuckerberg and former FBI Director James Comey do.

Reed advises everyone to do the same and to turn off their computer when they're not at it. And use the latest antivirus software.

Copyright 2018 NPR. To see more, visit http://www.npr.org/.