Slashdot Mirror
FBI Solves Mystery Surrounding 15-Year-Old Fruitfly Mac Malware Which Was Used By a Man To Watch Victims Via their Webcams, and Listen in On Conversations (zdnet.com)
The FBI has solved the final mystery surrounding a strain of Mac malware that was used by an Ohio man to spy on people for 14 years. From a report: The man, 28-year-old Phillip Durachinsky, was arrested in January 2017, and charged a year later, in January 2018. US authorities say he created the Fruitfly Mac malware (Quimitchin by some AV vendors) back in 2003 and used it until 2017 to infect victims and take control off their Mac computers to steal files, keyboard strokes, watch victims via the webcam, and listen in on conversations via the microphone. Court documents reveal Durachinsky wasn't particularly interested in financial crime but was primarily focused on watching victims, having collected millions of images on his computer, including many of underage children. Durachinsky created the malware when he was only 14, and used it for the next 14 years without Mac antivirus programs ever detecting it on victims' computers. [...]
Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.
Describing the Fruitfly/Quimitchin malware, the FBI said the following: "The attack vector included the scanning and identification of externally facing services, to include the Apple Filing Protocol (AFP, port 548), RDP or other VNC, SSH (port 22), and Back to My Mac (BTMM), which would be targeted with weak passwords or passwords derived from third party data breaches." In other words, Durachinsky had used a technique know as port scanning to identify internet or network-connected Macs that were exposing remote access ports with weak or no passwords.
>Judging from TFS, he was just the cyber equivalent of a peeping tom.
Hardly.
2. During his more than thirteen years of accessing protected computers without the appropriate authorizations,
Defendant accessed protected computers owned by local, state and federal governments, a police department, schools, companies and individuals.
3. Defendant developed computer malware later named "Fruitfly" and wrote variants capable of infecting computers running macOS and Windows operating systems.
4. Defendant installed the Fruitfly malware on thousands of computers ("Fruitfly
victims").
5. The Fruitfly malware gave Defendant the ability to control a Fruitfly victim's computer by, among other things, accessing stored data, uploading files to a Fruitfly victim's computer, taking and downloading screenshots, logging a user's keystrokes and turning on the camera and microphone to surreptitiously record images and audio recordings.
Read the rest of the indictment here: https://www.justice.gov/opa/press-release/file/1024116/download
I don't know what the guy's job is now, but after he gets out of prison I'm thinking the CIA may want to hire him.
Age does not matter when it comes to pornographic images of minors. There have been people under 18 who have gotten in trouble for sexting pictures of themselves, which is technically production & distribution of child pornography.
... who was looking through windows without drapes ....
Um, he was looking through Macs, not Windows.