Syrian uprising vector © Memi - Fotolia

Syrian Spying Tool DarkComet Killed

Remote access tool killed by its creator, but the Syrian government may still be using it

On by Thomas Brewster 3

The DarkComet remote administration tool (RAT) project has come to an end, after the Syrian Government used the tool to spy on its opponents.

The creator of the DarkComet RAT, DarkcoderSc or Jean-Pierre Lesueur, said earlier this year that he was upset the software was being used by Syria to keep tabs on anti-government Web users. Now, he has decided to end the project due to “misuse of the tool”. A variant was also seen targeting Mac OS X systems last year.

DarkComet de-orbitted

“If there is something I will not tolerate [it] is to have to pay the consequences for your mistakes and i will not cover for you,” DarkcoderSc wrote in a valedictory note on the official website for the DarkComet RAT.

DarkcoderSc  said he would continue to work in security, but would not be creating anything close to  resemblinbg malware.

He claimed he “never cautioned small/huge hacker groups who used my software wrongly”, saying his goals were to provide “access to tools more powerful than any paying/private existing tool in terms of security and all for free”.

“DarkComet RAT ends like this after several years of res/dev and with thousands of users through the world,” DarkcoderSc  added. “The source codes will remain private and not for sale.”

Many can still use the DarkComet tool, but no more upgrades will be delivered and downloads will not be pushed by DarkcoderSc.

Symantec said that any closures of RAT projects were a positive thing, especially if the creators were compelled to do so by the threat of prosecution.

“While in the past authors of such tools believed that they were immune from prosecution by claiming that they were educational tools, arrests, starting with the alleged author of the infamous Mariposa botnet, have begun to wake up authors of such tools to the possibility that they could be breaking the law,” the security giant said in a blog post.

“These arrests are sending a message to the authors of such tools that they are not above the law and could face prosecution for their actions.”

Bashar al-Assad’s government has tried to trick citizens into downloading RATs, as TechWeekEurope was told earlier this year.  The regime used Skype and social engineering tricks to infect activist systems with surveillance tools.

Are you a security pro? Try our quiz!

 

Thomas Brewster

Author: Thomas Brewster

Security Correspondent, TechWeekEurope
Thomas Brewster Thomas Brewster Thomas Brewster
Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




3 replies to Syrian Spying Tool DarkComet Killed

  • On July 10, 2012 at 1:17 am by Lance

    Kind of a weird statement from Symantic, though I notice it’s not quoted.

    FTA: “Symantec said that any closures of RAT projects were a positive thing, especially if the creators were compelled to do so by the threat of prosecution.”

    Wouldn’t it be better if the creators had a change of conscience instead, as they could possibly work on the “white-hat” side of information security? Well I guess not, they don’t want any competition.

  • On July 10, 2012 at 3:42 am by Simon

    “These arrests are sending a message to the authors of such tools that they are not above the law and could face prosecution for their actions.”

    you could say the same with with Gun Manufacturers, their devices are created to kill? yet they arent charged… same ting with software,… all depends on who uses it.

  • On July 10, 2012 at 8:28 am by Mike Libman

    If he was that concerned with the use of his software he should have produced an update to destroy or disable it’s ability to snoop or provide a pop-up warning to the user. Doing so would have completely disabled Syria’s and others ability to spy on innocent individuals

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>