Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and Listen in On Conversations (zdnet.com)

Posted by msmash on from the mystery-solved dept.

The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years. From a report: The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018. US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone. Court documents reveal Durachinsky wasn't particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children. Durachinsky created the malware when he was only 14, and used it for the next 14 years without Mac antivirus programs ever detecting it on victims' computers. [...]

Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.

47 of 111 comments (clear)

  1. Queue Mac ... by CaptainDork · · Score: 1

    ... attack.

    --
    It little behooves the best of us to comment on the rest of us.
    1. Re:Queue Mac ... by mrvan · · Score: 1

      When fruitflies get MAC addresses we know this whole Internet of Things is going too far!

    2. Re:Queue Mac ... by CaptainDork · · Score: 1

      I see what you did there.

      --
      It little behooves the best of us to comment on the rest of us.
  2. What do you charge him with? by techno-vampire · · Score: 2

    Judging from TFS, he was just the cyber equivalent of a peeping tom. And, if he was only 14 when he started, I don't know if you could really call him a pedofile if the pictures were of girls his own age.

    --
    Good, inexpensive web hosting
    1. Re:What do you charge him with? by Anonymous Coward · · Score: 1

      Charge, anything we can think off. "Computer hacking" since it's conveniently not defined in the law, "misuse of an electronic device", "unauthorised access of a protected computer" (there was a password, no matter how weak), and a handful of others on the technical side.

      And surely we most certainly can charge him with sexual misconduct, stalking, child abuse, producing child porn (minor in the view and taking screenshots, anyone?) and whatnot else. He's 28 now, and we'll just conveniently forget the pictures are 14 year old themselves by now too.

      Also "mail fraud" for no apparent reason. There's always mail fraud.

    2. Re:What do you charge him with? by Anonymous Coward · · Score: 5, Informative

      >Judging from TFS, he was just the cyber equivalent of a peeping tom.

      Hardly.

      2. During his more than thirteen years of accessing protected computers without the appropriate authorizations,
      Defendant accessed protected computers owned by local, state and federal governments, a police department, schools, companies and individuals.
      3. Defendant developed computer malware later named "Fruitfly" and wrote variants capable of infecting computers running macOS and Windows operating systems.
      4. Defendant installed the Fruitfly malware on thousands of computers ("Fruitfly
      victims").
      5. The Fruitfly malware gave Defendant the ability to control a Fruitfly victim's computer by, among other things, accessing stored data, uploading files to a Fruitfly victim's computer, taking and downloading screenshots, logging a user's keystrokes and turning on the camera and microphone to surreptitiously record images and audio recordings.

      Read the rest of the indictment here: https://www.justice.gov/opa/press-release/file/1024116/download

      I don't know what the guy's job is now, but after he gets out of prison I'm thinking the CIA may want to hire him.

    3. Re:What do you charge him with? by Anonymous Coward · · Score: 5, Interesting

      Age does not matter when it comes to pornographic images of minors. There have been people under 18 who have gotten in trouble for sexting pictures of themselves, which is technically production & distribution of child pornography.

    4. Re:What do you charge him with? by BlueStrat · · Score: 1

      What do you charge him with?

      Acting as if he were an agent of a US TLA engaged in domestic intelligence operations.

      Only US TLAs are authorized to snoop on US citizens within the US without warrant or probable cause and store the data. /s

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    5. Re:What do you charge him with? by jago25_98 · · Score: 1

      The damage is not clear. Are you saying that the malware installed weakens the systems to further attack?
      I'm not swayed by that lazy socially manipulative paedo b.s.

      This a very valid concern! The crime here is very heavy on thought and less on actions. If we are prosecuting people for thoughts not actions then we're really screwed.

      Why not highlight how the victim felt when they found out? That's a real effect and that has to be focussed on.

      --
      A blog I run for the wealth
    6. Re:What do you charge him with? by alvinrod · · Score: 2

      There's an assumption in there that all of the images, videos, or other material of underage individuals was something that he captured decades ago. I'm not going to pretend to have a good understanding of this person. Most people don't write malware to infect thousands of different individuals, so this guy is probably somewhere outside of our understanding in some ways. I'm also not sure what being able to spy on people all of the time from age 14 does to a person's mind and how it might affect development. Even if you somehow started out "normal", I think that might warp a person a little bit.

      Also, most 14 year old boys are interested in older women, not 14 year old girls. At that age we were trying to get a Playboy to look at naked women, not naked girls. Of course when you're 14, adult women want absolutely nothing to do with you, so you have to settle for someone your own age. But if you're still interested in 14 year old girls after 18, there may be something wrong with you or you might be developmentally stunted in some way.

    7. Re:What do you charge him with? by NicBenjamin · · Score: 1

      Keep in mind that 14-year-old girls have gotten in legal trouble for sending nudes of themselves.

      Se yes, if he's gotten pictures of people under 18 naked, he's gonna be charged with child porn.

    8. Re:What do you charge him with? by ArchieBunker · · Score: 1

      This is the best reply I can think of. https://i.kym-cdn.com/photos/i...

      --
      Only the State obtains its revenue by coercion. - Murray Rothbard
    9. Re: What do you charge him with? by drew_kime · · Score: 2

      That is a load of pure horseshit. Just because you had a "thing" for your mother doesn't mean the rest of us did.

      No, I definitely had a thing for his mother.

      --
      Nope, no sig
    10. Re:What do you charge him with? by angel'o'sphere · · Score: 1

      But if you're still interested in 14 year old girls after 18, there may be something wrong with you or you might be developmentally stunted in some way.
      Depends how mature the 14 year old is. I had my first "real girlfriend" with 15, and she was 14. If I had been 18 I had chosen her anyway, why would I not?

      And no, I never really was interested in "older woman" (I assume you mean around 20, for a 16 year old?) but my math teacher and one of my music teachers was "kinda hot" :D

      Young people like to bond together, also for sex. And a 4 years difference is not that uncommon, even if the people are young.

      And, outside of the US, it is completely legal that a 14 year old has sex with an 18 year old. And over 18, the other partner needs to be 16. An arbitrary gap ... yes.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    11. Re:What do you charge him with? by Megol · · Score: 1

      But you quoted something that IMO reinforce the idea that this was just a digital peeping tom instead of someone out for financial gain or the like.

    12. Re:What do you charge him with? by hipp5 · · Score: 1

      JAnd, if he was only 14 when he started, I don't know if you could really call him a pedofile if the pictures were of girls his own age.

      Might not make him a pedo (at the time; but he would be now), but it IS still child porn.

    13. Re:What do you charge him with? by fuzznutz · · Score: 1

      Of course when you're 14, adult women want absolutely nothing to do with you, so you have to settle for someone your own age.

      Boy have you not been paying attention. Hardly a week goes by without some teacher somewhere who gets caught with her hands in the till. I suppose it's fair given the hysteria over men in the past decade.

    14. Re:What do you charge him with? by DaFallus · · Score: 1

      No, the true hypocrisy comes when these people under 18 who send pictures of themselves are charged with producing and distributing child porn, as an adult.

      --
      No one cares what your captcha was

      Houston TX, USA
  3. One wonders if others used this by Streetlight · · Score: 1

    By others I could imagine some of those three letter federal government agencies use this software or other functionally like it to keep an eye on us in the name of national security. Cover up your camera and computer microphone, folks. I'm not sure your phone would be vary useful without the microphone, though.

    --
    In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
    1. Re:One wonders if others used this by AHuxley · · Score: 2

      Some news on the Mac functionally
      OSX/FruitFly
      https://objective-see.com/blog...
      "New Mac backdoor using antiquated code"
      https://blog.malwarebytes.com/...

      --
      Domestic spying is now "Benign Information Gathering"
  4. THINK DIFFERENTLY! by Anonymous Coward · · Score: 1

    Oh shit. No! stop! Oh god wtf is wrong with you!

  5. Re:CaptainDork = fake name massive human fail by CaptainDork · · Score: 1, Troll

    Well, shit.

    I was going to match you IQ for IQ and say that your momma wears combat boots, but these days that's a compliment.

    I want to express my "thanks," to all the moms who have served, are serving, and will serve, while wearing combat boots.

    --
    It little behooves the best of us to comment on the rest of us.
  6. Re:WHY are you APOLOGIZING for a PEDO? by Opportunist · · Score: 4, Insightful

    Do you know where the data you had 14 years ago is? Every single HD you ever owned, every single CD you ever burned? Can the hysteria, please.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. So they charged a peeping tom by 140Mandak262Jamuna · · Score: 2

    ... who was looking through windows without drapes ....

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:So they charged a peeping tom by AmiMoJo · · Score: 1

      If you see someone left their door unlocked that's not an invitation to enter their house.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:So they charged a peeping tom by Sideshow+Mark · · Score: 5, Funny

      ... who was looking through windows without drapes ....

      Um, he was looking through Macs, not Windows.

  8. If they had such laws in 1954 ... by 140Mandak262Jamuna · · Score: 1

    ... we would have lost a great science fiction writer John McFly

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    1. Re:If they had such laws in 1954 ... by Scarletdown · · Score: 1

      I think you mean George McFly, butthead. :p

      --
      This space unintentionally left blank.
    2. Re:If they had such laws in 1954 ... by 140Mandak262Jamuna · · Score: 1

      Did n't they go back in BTTF VI or VII and change his name from Geroge to John?

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  9. Parent has some good points... by bussdriver · · Score: 4, Interesting

    The FBI comes in and they image everything you've got that they find.

    You might be safe now but in the future legitimate things you have might become crimes. You don't know what that might be; even if you do, like parent said, your old backups get lost or the old computer in the basement you didn't recycle or give away because you've not wiped it clean and put that off...

    Think about something innocent not this guy's stuff-- and a decade from now the mere possession or mention of such things is a crime. You are not charged with a crime back in time (not allowed) but instead are charged for currently having such materials.

    This could be the Anarchist's Handbook you got online in the 90s because everybody was making a fuss about the silly thing. Then after 9/11 they find that in your stuff and get you as a terrorist!

    Think.

    --
    Democracy Now! - uncensored, anti-establishment news
    1. Re:Parent has some good points... by Plus1Entropy · · Score: 1

      Lol, AC it's pretty clear from this post that the only "consenting legal age woman" you've ever been around is your own mother.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
    2. Re:Parent has some good points... by Megol · · Score: 1

      It would support your silly rant if you could provide an example of this ever being a problem in a sane, civilized society. Soviet, North Korea or Nazi Germany aren't examples of the later BTW.

  10. Way to focus! by ArhcAngel · · Score: 4, Insightful

    I love how most of the comments are debates on whether the guy is a pedo or not and virtually none so far has addressed the fact that this vulnerability has been in use for fifteen years! I can't believe the Mac haters aren't piling on. Come on guys...don't let me down!

    --
    "A person is smart. People are dumb, panicky dangerous animals and you know it." - K
    1. Re:Way to focus! by Anonymous Coward · · Score: 1

      The summary is pretty unclear. So he scans IP addresses looking for RDP/SSH server running then guesses weak passwords. Is that what the fruitfly did? I mean, once he's in what does the fruitfly do that he couldn't do normally via RDP or SSH? And running RDP/SSH isn't usually considered a vulnerability (unless it's on by default); usually it's a feature. The users' weak passwords is their own vulnerability, not a fault of the OS. Unless the OS refuses to allow you to run SSH with a stupidly weak password (I don't know of any that do).

    2. Re:Way to focus! by angel'o'sphere · · Score: 2

      I just looked into my task manager on my Mac.
      There is is no fruitly.exe running at the moment!

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    3. Re:Way to focus! by TheFakeTimCook · · Score: 1

      People installing RDP and SSH generally know better than to use brute forceable passwords (or passwords at all). But this also attacked protocols for iCloud and other "helpful" services that are either on by default or enabled by the vast majority of Mac users.

      They may be enabled by default; but they are still password-protected. It's up to the User to create a Robust password, though.

  11. Re:WHY are you APOLOGIZING for a PEDO? by Anonymous Coward · · Score: 2, Informative

    He was producing cp up until last year when he was arrested.

    ged and incorporated by reference as if fully set forth herein.
    15. From on or about October 25, 2011 through on or about January 14, 2017, in theNorthern District of Ohio, Eastern Division, and elsewhere, Defendant PHILLIP R.DURACHINSKY did use a minor and minors to engage in sexually explicit conduct, as defined in Title 18, United States Code, Section 2256(2), for the purpose of producing a visual depiction of such conduct, knowing and having reason to know that such visual depiction would be transported and transmitted, using any means and facility of interstate and foreign commerce, and in and affecting interstate and foreign commerce; such visual depiction was produced and transmitted using materials that had been mailed, shipped and transported in and affecting interstate and foreign commerce; and such visual depiction was actually transported and transmitted, using any means and facility of interstate and foreign commerce, and ...

  12. Re:WHY are you APOLOGIZING for a PEDO? by angel'o'sphere · · Score: 1

    When I was 14, hardly any floppy existed. A hard drive costed more than your car and CDs definitely did not even exist as a wet dream of a research lab assistant.

    But I get your point ... my stupid parents most surely have a naked pic of me when I was 7 or 8 or 10 playing at a Baggersee. Or god forbid: even younger!!!

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  13. Re:CaptainDork = fake name massive human fail by Megol · · Score: 1

    What about those that serve without wearing combat boot? And why you "thanks" and not your thanks?

  14. Re:WHY are you APOLOGIZING for a PEDO? by Opportunist · · Score: 1

    Is this a verdict or accusation?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  15. Re:Yawn by Bert64 · · Score: 1

    MacOS doesn't have these services by default, you have to explicitly turn them on...

    --
    http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  16. The title sounds as if ... by nospam007 · · Score: 1

    It sounds like the FBI's cold case unit filing another 15 year old success.

    When reading the article (yes I know) title should be more like:

    Criminal successfully evades FBI during a 15 year long crime spree.

  17. Re:CaptainDork = fake name massive human fail by CaptainDork · · Score: 1

    Swoosh

    --
    It little behooves the best of us to comment on the rest of us.
  18. ...And in Other News... by TheFakeTimCook · · Score: 1

    Weak Passwords make for Weak Security.

    " The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords."

    Film at 11.

    Nothing to see here, move along...

  19. Re:pix or it dint happen by TheFakeTimCook · · Score: 1

    15 year old fruit flies like 14 year olds' bananas

    Now excuse me while I get back to my Mac. Oh wait I don't have one. I have this peculiar aversion against proprietary stuff.

    Right.

    Because Open Source NEVER has longstanding vulnerabilities...

    **Cough** Heartbleed **Cough**

  20. Re: WHY are you APOLOGIZING for a PEDO? by toadlife · · Score: 1

    3.5" is a standard size, though some have 2.5".

    I had an 8" Wang.

    --
    I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
  21. Silly? by bussdriver · · Score: 1

    No.

    You must not know that North Korea exists today? You must not know that Germany was probably the most educated, most literate DEMOCRACY and known for being practical to the point of being "cold" before they descended quickly into extreme despotism and you think my comment is silly? You must not live in the USA, outside a big liberal city either. You must not live in a big liberal city either or you'd get plenty of ideas from the SJW.

    Seriously? an example? ok how about what should be obvious:

    Nude photos of yourself. your a teenager. include others too. Hell, even adults exchange such things so this is not insanity.
    Later, you are an adult and the mere possession of such photos is a crime. We have teens who have been charged with crimes sending out photos of themselves! registered sex offenders...

    Or what I just said, I distinctly remember people being charged with extra crimes and given harsher punishments simply because The Anarchists Cookbook was found on their computer. There are variations out there where it probably wasn't a crime by itself but lumped in... or used to smear somebody (which can do damage in a jury setting or with press coverage etc.) Thought crime BS... materials get your charges raised by implied thoughts in your head..

    --
    Democracy Now! - uncensored, anti-establishment news