“Cybercrime” is defined as a criminal activity conducted with either the use of computers or the Internet. Once more the subject of science fiction authors than considered a real threat, in today’s world of connected devices and individuals seemingly completely reliant on their portable computers, the threat of cybercrime has never been great. Fifteen years ago, many of us might have interacted with a computer for a few hours a day, perhaps in the evening or at the office. Today, more and more of us either permanently connected with a smartphone and interacting and relying more and more on the Internet to simplify and smooth our lives: we keep a lot of personal information on our smartphones and tablets. The security industry has also moved with the times and many of the big name desktop security products have introduced mobile versions of their application suites, designed to keep us safe on our mobile devices.
Safe from what? In the Android sphere, because the platform is designed to be open and accessible for developers, because it is usually relatively easy to root devices (and thus provide them with even more system permissions), it is relatively easy to write “malware.” Malware is one of the term used to describe an application that can steal or harm data on a device. It could be written by corporate-sized groups equipped with bunkers full of servers, or perhaps by college students in their dorm bedrooms. Applications designed to convert normal Android applications into malware-infected products are available online if you know where to look and today’s story concerns the author of the “Dendroid” malware, which was picked up early in 2014. The author is facing up to ten years in jail and a fine that could reach a quarter of a million dollars.
The author himself is a Carnegie Mellon University student, Morgan C Culbertson, 20 years old. Morgan is a former intern at cybersecurity company FireEye and in a federal court, pleaded guilty to the charge of developing the application. Dendroid is a powerful and well designed malware “Remote Access Toolkit,” known as a RAT, that had been built to evade detection from Google’s Play Store Bouncer security application. Dendroid has the ability to take pictures, record ambient noise, telephone calls and intercept text messages. It was sold including a universal “binder application,” meaning that a custom can easily and simply inject Dendroid code into a host application. It is a clever and sophisticated means of allowing would-be hackers from around the world infect target applications. Morgan was looking to sell Dendroid on the Darkode cybercrime forum for $300 (the original advert is showing below) and also advertised the source code. In the court case, Morgan said: “I am sorry to the individuals to whom my software may have compromised their privacy” and his lawyer stated that there had been no offers for Dendroid’s source code. It is not clear how many, if any, copies of Dendroid were sold. This Darkode forum and marketplace has subsequently been shut down by the FBI and Morgan is just one of seventy people targeted in the investigation. Darkode was created by hacking group “Lizard Squad.”