FAQ Rats & Slaves

It’s hard to give universal advice to prevent getting hacked. For every measure you can take, a hacker can find a work around. This isn’t specific to any platform or device. It basically means that you can’t guarantee it won’t happen to you. However, you can make it harder for hackers to get in.

Cybersecurity is all about risk management: as a rule of thumb, you must try to limit risk to a minimum. You can compare the security of your devices to the security of your home. If you have a lot of good quality locks on your doors, a random burglar would probably think twice before he tries to break in or even go to a neighbour’s house with less security, as the chances of getting in would be less. Compare antivirus/antimalware with the locks on your doors. The higher quality, the harder it is to get in. Unfortunately a burglar with the right skillset and tools would still be able to get in, especially if he specifically targeted you in the first place. If you don’t update your software, you leave a virtual window open for a burglar to crawl through. Always install security updates!

A couple of practical tips:

• Install premium antivirus/antimalware.
• Do regular deepscans or full scans on your computer. It is way more probable RATs or other forms of malware will be found during deepscans in comprising to just running real time protection. A lot of crypters aren’t up to deepscans.
• Use 2FA on your accounts. Not a magical cure (there are workarounds), but it makes it more difficult to get in.
• Don’t save passwords in your browser and delete cookies periodically.
• Check your computer privacy settings.
• Backup your system and important files.
• Install an adblocker browser extension. This helps preventing malicious ads and some exploit kits harming your system.
• But most importantly: use common sense. Don’t download something you don’t know you can trust and think before you click.

In the film I only saw windows slaves. Is Apple (MacOS) or Linux more secure? And what about phones?

In the film I use a RAT that is specifically designed for Windows pc’s. There are a lot more sellers of windows slaves. But this doesn’t MacOS RATs don’t exist. Sjoerd (the guy that I interviewed) used a Macbook when he got hacked. In general virus- and malware developers want to have as much potential victims as possible. They respond to the market share. The market share of Windows is a lot bigger than the other OSes and more malware written for Windows. The Windows platform has a more open ecosystem compared to MacOS, which also doesn’t help.

Cross-platform RATs also exist. Most of these are based on Java and work on several Linux distro’s, MacOS and Windows. The interesting thing is, a lot of times you don’t actually need to have java installed on your device, as it automaticity installs java when the RAT gets executed. The effect of closed ecosystems is noticeable on to phones too. RATs for phones do exist (especially for Android), but they are more rarely used. Attacks on iPhones and Android phones are occasionally detected. Mobile malware attacks in general are booming in 2019. In the first half of 2019 it was up 50% compared with last year according to the researchers at Check Point. Targeted attacks on specific users is often a hard and expensive process. To get photos from a device it’s probably easier to hack the cloud or social media account than a phone. It comes down to risks management again. Ask yourself: am I using my device responsible and secure as I should? A lot of times, the victims of RATs on smartphones have one of these things in common:

1. They installed an app outside of the official App store. A user must change settings or even jailbreak their device to make this possible. Think twice before installing anything outside of official repositories and only download apps from trusted sources. This limits the chances of this happening to you.
2. They installed a malicious app in the official App store that downloads the RAT or other malware after it has been installed. In order to bypass the screening of the appstore, the app itself doesn’t contain the malicious code. The app is used to trick the user into downloading it and gathers information about the device. After that, the attacker drops specific malware that is downloaded by the app. If you want to learn more on how that works, you might wan to read this article. Check the reviews of an app and looking at how many times the app has been downloaded. By being careful the risk of download such a malicious app can be limited.
3. The victim is an interesting target for professional hackers or intelligence services. Celebrities and activists can be targeted by hackers. Different countries have been linked to recent targeted attacks on iPhone and Android users. Some security companies even make it their business model to facilitate these attacks. Forbes made a video report about one of those companies you can find here. Once your targeted by professional intelligence it’s really hard to prevent getting hacked. By making sure your device has the most recent security patches you could make it a bit more difficult to get into your device. This of course doesn’t work for zero day attacks.

Do crypters still work?

Unfortunately they do. I have both field experience with crypters (because of other projects) and technical insight into the inner workings. Crypters are developed to evade antivirus. Especially cheap ones often aren’t designed to survive deepscans or full systemscans of antivirus/anitmalware. But this is often not even necessary. Not a lot of people do full systemscans/deepscans on a regular basis, which makes cheap crypters functional in most use cases.

For a lot of malware, it isn’t even necessary to stay undetected for a long time as it’s is capable to deactivate antivirus by itself. Besides that, some malware only needs a short amount of time to do it’s damage. Ransomware for instance only needs a short amount of time to make your files inaccessible, banking trojans can also do their work quickly (stealing accounts and credit card info and sending them to the attacker). The more expensive crypters that cost hundreds or even thousands of dollars seem to be able to make malware undetected for weeks, even moths in some cases.

What sources did you use?

Part of the sources that I use are publicly known hacking forums. The fact that slaves are sold on easy to find hacking forums does show it’s easy to become a cybercriminal. But those aren’t my only sources of course.
I worked on my reputation in different surface web and dark web communities, under several account names. In the years I was active in those communities I ‘have lost all my contacts twice due to police operations that took down the websites.

The information you see in the film has been redacted. For instance: the usernames have been changed to pseudomamma and the layout of the websites is different. I did this to make the communities a bit harder to trace back as I don’t want to encourage anyone to start hacking and find the sellers. The photo’s that you see in the forum posts are have been published before. There are a couple of voyeurism communities that are still active, there even was a website on the dark web called Fly on the Wall a couple of years that was based around hacked and secretly recorded footage. I choose not to show footage of new victims, even when they are blurred.

Isn’t this all old news?

RATs have existed for years now, but they are constantly in development. If RATts are old news, malware in general is. Besides that, RATs are constantly in the news. Just last month there was an International crackdown on IM-RAT by Europol. According to the Centre for internet security in the first half of 2019, RATs where around 20% of the most used malware.

I choose the subject of RATs with a reason. A lot of malware is aimed at just a couple of functions like: Ransomware, botnets, banking trojans or miners. A RAT has all these options build into one form of malware. It’s kind of a swiss army knife for lazy/inexperienced hackers. Using RATs as an example allowed me to explain all these kinds of threats at once. My intention has always been to create awareness. A lot of people are seemed to be startled by how easy it is to use RATs and get slaves. This is a good thing. If you know what the risks are, you hopefully start think about the security of your own devices.