It was a Saturday and the thesis director turned on the computer used by his PhD student at the Institute of Biotechnology of the University of Granada. From there he looked for a simple computer program. It took a while to compare the free and paid version. He entered his PayPal account to buy it, downloaded it and installed it. This program captures the keys that the user presses, makes screenshots and sends it to whoever controls the program.
With that method, the teacher obtained the password of his student’s Facebook account. When he accessed her account, he did so from his Apple computer and searched for himself in the Facebook search engine. It was perhaps a way of knowing what she thought of him. When the victim used Facebook again, she was surprised by this strange search for her teacher’s name, says her lawyer, Cristina Pasquau.
When the victim used Facebook again, she was surprised at that strange search for her teacher’s name
Then he looked at the browsing history of the university’s computer and there he found all the traces of how the spying program had been installed on his computer. The professor had not erased anything. As if that were not enough, Facebook distinguished access from Android or Windows mobile phones and Mac. Only the professor managed a Mac in the university.
All this happened between June 27 and 29, 2015. More than four years later, a few days ago, the resolution of the case has been known, which has been by agreement between the parties: the professor admits the facts, has paid a penalty of 3,000 euros of civil responsibility and has received two years in jail that will not serve and two years without directing thesis.
The facts are an almost perfect example of how to be an unfortunate spy: he left fingerprints everywhere. It was a fudge. But it also indicates that someone more careful can do this well if they have easy access to the victim’s computer. Today the program costs 40 euros and has a free version. Its use is in fact legal in certain cases. The teacher’s first excuse was that he had installed the program to control the use of the printer and confidential information on the hard drive. During the process, however, he chose to admit the facts and confess that he had done so for personal interest.
Despite the complaint at the time, the university never changed the director of the thesis, which was finally presented at another university in Barcelona in December 2018. “Given the imminence of having to present it without the possibility of changing the director, the student suffered an anxious depressive disorder and required medical leave, “says Pasquau. All this is confirming because the professor has admitted it and the victim made some screenshots. But the scientific police could not analyze the hard drive because it was damaged. During its conservation somewhere in the University of Granada something happened that damaged the hard disk.
One of hundreds
The case of Granada is only one of hundreds each year. According to Interior data, illegal computer access multiplied by two between 2011 and 2018, from 789 to 1,561 cases. The variation in cases clarified and detained and investigated was, however, much smaller: from 114 cases clarified in 2011, it went to 162 in 2018, and people arrested or investigated actually fell in those years, from 52 to 41. “It is not a common attack if we look at cybercrime statistics, but there are cases of revelation of secrets of all kinds, “says lawyer David Maeztu, from law firm 451.Legal.
Programs like the one used in this case, of the keylogger type, are just one type of spying tool. There is more. In November the Spanish Police collaborated in an operation coordinated by Europol against a website that sold a service called Imminent Monitor. Imminent Monitor is a RAT (Remote Acces Trojan). It is used to control a mobile or remote computer.
Like the keylogger, RATs also allow spying. But a RAT does not need to have physical access to the target device (it can be achieved through a link, files, malicious apps) and allows you to control the device remotely (connect micro, camera, make screenshots), while a keylogger must be installed and send timely information, with no possibility of more.
“Anyone with a harmful inclination to spy or steal could use it for about 22 euros”
“Imminent Monitor was considered dangerous due to its characteristics, ease of use and low cost. Anyone with a harmful inclination to spy on victims or steal personal data could use it for about 22 euros,” says the Press release from Europol. The authorities estimate that the malware It was bought by 14,500 people in 124 countries. In the operation they arrested 13 of its most prolific users.
The main use of Imminent Monitor was probably for cybercrime, according to Spanish police sources. But the type of material found by the security forces includes “private photos, personal details and videos,” according to Europol. The personal dedication that requires the control of a RAT suggests that its use is more specific: “The attacker controls each infected device manually. This takes time and dedication, which makes RAT infections much less compared to others. malware like Zeus, FakeSpy, Retadup, “says Verónica Valeros, a researcher at the Czech Technical University in Prague.
Valeros has been studying the RAT for years. He does not believe that its use is much more widespread: “The years 2010 to 2014 or 2015 were the most active years based on my research. Perhaps now they are given a little more attention and that is why this increase is perceived,” he explains .
As with the keylogger, RATs also have a legitimate use: “They are widely used to provide remote control and assistance to devices. But there are many whose code has been leaked and this makes it possible for anyone to grab that code, change it, and make it their own RAT.” , Explain.
Also like the keyloggers, a RAT does not require professional hackers: “RATs are easy to operate and offer a very wide range of functionalities,” adds Valeros.
Police action probably has to do with the ease of distribution of malware Imminent Monitor: “Many of these tools are not only exploited by the designer. malware to rent or sell, which is not so complicated to use, “says Eusebio Nieva, technical director of Check Point.