Think Information. Think Security.
A typical 22-year-old computer geek from outside of Paris and European company java programmer for airline tickets, Jean-Pierre Lesueur, a man who built "Dark Comet"  was found himself at the center of an international firestorm after the Syrian government grabbed the tool from the net and  used this to steal information from the computers of activists fighting to overthrow it.
Dark Comet is a software application that gives you remote control over another computer. A silent spying machine, quietly recording video and audio from a computer once installed. There’s a password-stealing keylogger and a feature that helps it avoid detection by antivirus products. 

According to Lesueur, he never intended it to be used illegally. Dark Comet is no worse than other hacking tools such as Metasploit or BackTrack Linux, which can be used both by legitimate security testers and criminals to launch online attacks against computers and test networks for security flaws. Although it was first developed in 2008, Dark Comet mostly stayed under the radar until it was linked to Syria earlier this year. 

Dlshad Othman first learned about Dark Comet in December, when a Syrian activist asked him to examine her computer after losing access to her e-mail, Skype, and Facebook account. After a scan, Othman discovered Dark Comet sitting on the machine’s hard drive. Once one computer is infected, hackers use that activist’s computer as a stepping stone to try and infect others, typically by contacting them via Skype.

Dark Comet was another tool in an escalating computer espionage campaign targeting critics of the regime of Syrian President Bashar Assad. “Because most of the Syrian people started to use secure connections and they [learned how to bypass] the censorship and surveillance of the internet, so the regime found it’s better to use Trojans to arrest the people,” says Othman, a Syrian activist and computer specialist who is also one of the U.S. State Department’s Internet Freedom Fellows.

Morgan Marquis-Boire, a researcher with Citizen Lab, a computer security research think-tank  has identified 16 separate pieces of malicious software that use Dark Comet to send information back to computers located in Syria. Typically these are Trojan horse programs, designed to look like legitimate files that activists would want to read. The Trojan might look like a .pdf file or a Skype encryption tool, but it silently installs Dark Comet in the background. Dark Comet is known as a remote administration tool. Security experts call it a RAT.
As word of Dark Comet’s use got out, Lesueur’s part-time project suddenly came under the spotlight. The Electronic Frontier Foundationantivirus companies, and online activists. At first, Lesueur wrote a removal tool, so victims could uninstall Dark Comet, but he kept the project alive. But by June 28, he took down Dark Comet for it was clear that his software was being misused not just by the Syrian government, but by untalented hackers Lesueur calls “script-kiddies.”

Lesueur — who cut his teeth in a underground Trojan and RAT-writing forum called OpenSC — says that although he made about 2,000 euros offering technical support for Dark Comet, he didn’t charge for the software and was never in it for the money. He’s now working on a new remote access tool that doesn’t include the controversial spying features that were in Dark Comet.

Cross-posted from: Wired Enterprise

Leave a Reply.