Industry News

57 month prison sentence for hacker who created Blackshades RAT

Alex Yücel, the Swedish co-creator of the Blackshades RAT, has been sentenced to 57 months in a US Federal prison.

In May 2014, the European Union’s Judicial Cooperation Unit, announced that almost 100 people worldwide had been arrested, in an operation targeting the developers and users of Blackshades, a malware toolkit sold online for as little as $40.



Those arrested included 25-year-old Yücel, the co-creator of the Blackshades Remote Access Tool (RAT), which provides an easy way for hackers to recruit computers into a botnet, silently take control of victims’ PCs, spy upon their communications and keypresses, steal files and passwords, launch denial-of-service attacks, and even for Peeping Toms to remotely hijack webcams in order to snoop upon innocent people’s activities.

Blackshades was a notorious of malware which had managed to infect more than 500,000 computers worldwide. Part of its success was undoubtedly due to it being aimed at those without sophisticated hacking skills.

Between September 2010 and April 2014, Blackshades is said to have generated sales in excess of $350,000.

Yücel was doing so well by selling the malicious software that he was able to hire several paid administrators, including a director of marketing, customer service staff, and a director of marketing.

Yes, you heard that correctly. Blackshades was malware which came complete with customer support – something which is actually becoming more common as the computer underworld becomes more commercially-orientated.

Victims of Blackshades included Miss Teen USA 2013, Cassidy Wolf, who became a victim of sextortion after a blackmailing hacker threatened to release secretly-taken naked images he had taken of her through her webcam.



Miss Wolf’s hacker was caught, pleaded guilty and received an 18 month prison sentence for his crimes against the beauty queen and other victims.

But now it’s the turn of Blackshades’ co-creator – without whose creation none of the hacks would have been possible.

Yücel has now been sentenced to nearly five years in a federal prison.

As well as his prison sentence, Yücel has also forfeited the money he earned through his malware business and had his computer equipment seized.

Yücel’s accomplice, Michael Hogue (aka “xVisceral”) pleaded guilty in January 2013 but is still awaiting sentencing for his part in the Blackshades scheme.

US attorney Preet Bharara welcomed Yücel’s sentence:

“Alex Yücel created, marketed, and sold software that was designed to accomplish just one thing – gain control of a computer, and with it, a victim’s identity and other important information. This malware victimised thousands of people across the globe and invaded their lives. But Yucel’s computer hacking days are now over.”

I guess that will give him plenty of time to consider the thousands of victims whose livelihoods and (sometimes) private lives were damaged by his activities.

About the author


Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.


Click here to post a comment
  • Forfeits his money. I would be shocked if it was anything else but to the government. Maybe the victims but I think that is far less likely. Now here’s a thought for the government: What about using it for bettering security overall (others especially – both to amend your own deeds where applicable and to serve like you’re supposed to – but even yourselves; after all, your record isn’t all that great and it never has been, decades later) rather than breaking security of different nations and who knows what else? You know, do something that you would expect of a nation rather than what you might expect of the cyber equivalent of a paramilitary organisations. Alternatively you could try to help others in need with what the funds could allow. Something you might expect from a charitable nation, for example. Even if that does happen, it would be ideal if you could do this in general rather than launching attacks of various kinds. You know, like a responsible nation. Just some thoughts.

    I know, I know… the very thoughts likely bewilder you. A shame, that. A very real shame indeed.

  • Somebody needs a proofreader!

    “Yücel was doing so well by selling the malicious software that he was able to hire several paid administrators, including a director of marketing, customer service staff, and a director of marketing.”

  • Throughout these ages
    our operating systems
    infested by bugs

    The ignorant world
    turns to Windows for safety
    Safety from themselves

    It is now the time
    for the world to realize
    that we all feel pain