How the Hackers Known as “Ratters” Share Tactics and Sell Access to “Slaved” Devices in the Newest Digital Citizens Alliance Report
Washington, DC – A subset of hackers, known as “ratters,” have come out of the Internet’s darkest corners and are increasingly open about how they take control of electronic devices and attack their users, according to a Digital Citizens Alliance investigation that found evidence of ratters pushing their malware on sites heavily trafficked by young people. Ratters get their name from their malware of choice, Remote Access Trojans, which are inexpensive, easy to acquire, and easy to use.
What is a Remote Access Trojan? On your screen, it is code. Once in your computer, a RAT opens the door of your device to a hacker. Your pictures, documents, and personal information are all at the fingertips of the hacker, or ratter. Also, the ratter can take your slaved device and use it against you, turning on the webcam and following you when you don’t know it, sending emails that appear to be from you to your contacts, and even launching massive malicious attacks against hundreds of others – all from what was your computer.
“Ratters are disturbingly comfortable with spreading misery and fear,” said Adam Benson, Deputy Executive Director of the Digital Citizens Alliance. “It’s like a game for them. We saw them chat about it on Hack Forums and then share videos showing off how they scare young people, spy on people in private moments, and steal pictures from victims’ accounts.”
The new Digital Citizens report, Selling “Slaving”, includes screenshots of the ratters’ conversations on Hack Forums as well as many of the YouTube videos showing victims, seemingly unaware they are being watched and followed by someone who has digitally invaded their home. The report shares several startling findings, including:
- "Ratters" are aggressively launching 1:1 attacks on consumers and “slaving” their devices, is a growing problem. It takes ratters little time to slave hundreds of devices. From there, they can gather private information off those devices, which they can then use to “sextort” the owners of the devices. Some of the ratters’ victims have been forced to make videos where they must do as the ratters say or be publicly humiliated.
- On the hackers’ chat room, Hack Forums, there are more than 1.5 million posts that discuss acquiring, creating, and spreading RATs (as of 7/22/15). Digital Citizens found one post where a Hack Forums participant offered access to the devices of girls for $5 and guys for $1. We found repeated posts where ratters said the best places to spread RATs were YouTube and content theft sites, like Pirate Bay and KickassTorrents.
- Digital Citizens went on to YouTube and scoured through hundreds of ratters’ videos with ads from well-known companies - running alongside the videos. Many videos had the faces of victims and IP addresses to hacked computers. In fact, Digital Citizens researchers found IP addresses potentially connected to devices in 33 states and dozens of other countries.
- On Hack Forums, ratters talked about how content theft sites, like Pirate Bay, and KickassTorrents, were great places from which to spread RATs. Researchers also found YouTube videos demonstrating how to use content theft sites to trick victims into downloading dangerous malware.
- Ratters can make money through YouTube Partner Program. If a ratter joins the YouTube Partner Program, and, like the videos in our report, their video is “approved” then it starts to be monetized. In the Partner Program, YouTube promises to split ad revenues with that approved videos for their traffic. You start getting views on YouTube, you start making money – potentially thousands of dollars. In a survey of 200 RAT videos Digital Citizens researchers found ads running on nearly 40 percent.
As part of the Digital Citizens study, researchers worked with former Miss Teen USA Cassidy Wolf, who was the target of a ratter’s sextortion attempt. Miss Wolf says these digital attackers should be treated just as harshly as those committing violent sex crimes offline.
“A crime is a crime, whether it happens in the digital space or the physical world," said Miss Wolf. “These ratters don’t see the pain they cause. I went through three months of extortion and threats. There were times I thought it might go on for the rest of my life. The victims we see on ratter’s videos are real people. We need to inform people of this danger and get support from tech companies that can help stop the spread of RATs. RAT victims shouldn’t be reduced to click-bait.”
Hemanshu (Hemu) Nigam, a former federal prosecutor against online crimes at the US DOJ who is now Chief Executive Officer of the cyber security company SSP Blue, added: “We used to worry about protecting women and teen girls from the dangers of sexual predators in the physical world. Now we also need to protect them from digital rapists. Online rapists inflict pain and suffering repeatedly on innocent victims. We’ve got to prosecute these criminals and do everything we can to take away their platforms.”
Calls for Change
Digital Citizens is calling on YouTube to stop monetizing videos that promote the use and spreading of Remote Access Trojans. There is no reason why there should be advertising from major brands running alongside these videos. No company – especially one as big as Google – should make even a penny from videos that show the faces of victims and IP addresses.
A solution exists, but it will require Google to change the way it approaches this issue. When Google is serious about solving a problem, it assigns a human team to do what an algorithm clearly can’t. Bringing in human teams helped block tens of thousands of search queries for child pornography and to ensure the quality of apps on Google Play. Hacking victims deserve the same concern and protection. Google should assign a human team to reviewing these videos and immediately cease advertising on such video platforms. These victims should not be click-bait and ad revenues from slaving tutorial videos can’t be worth the pain and suffering they cause.
We also hope that this report makes someone who might be curious about slaving and spreading RATs think twice before using them. This is a dangerous business and these people who seem like friends on Hack Forums – some of them are after you too. We need to convince potential ratters that there are real people hurt by their actions. Just because you don’t see the tears when you hack the webcam, doesn’t mean there is no pain. Google can help create change by spreading a positive message and replacing the revenue producing ads with public service announcements aimed at turning potential ratters – or just stop posting ads on the pages of these bad actors altogether.