Spanish police nab webcam blackmailers

Malware authors obtained confidential data to commit credit card fraud

Four suspected cyber-criminals have been arrested in Spain in connection with a series of online crimes including malware creation, blackmail, data theft and credit card fraud.

According to Spanish newspaper reports, two 17 year-olds were arrested yesterday in Alicante charged with creating a Trojan horse which allowed them to take control of webcams at local educational institutions.

The hackers allegedly spied on students and recorded compromising images which were then used to blackmail the victims.

Two adults were also arrested in Madrid in connection with the original inquiry, accused of using the teenaged malware authors to obtain confidential data in order to commit credit card fraud.

Using fake credit card details, the two individuals allegedly made purchases amounting to more than €60,000.

"The two individuals charged with creating the Trojan may be minors, but this is no schoolboy prank," said Carole Theriault, senior security consultant at Sophos.

"These criminals were in it for the money, and were prepared to blackmail and steal from their peers as well as sell personal information so that other wrongdoers could get in on the act.

"It is encouraging to see the Spanish authorities responding to the concerns of businesses and home computer users, and actively pursuing the perpetrators of all online criminal behaviour."

The investigation, codenamed 'Praxis', has been ongoing since a Spanish computer science organisation fell victim to a hack attack in August 2005.

The Spanish authorities have also made available a free disinfectant tool for users whose computers were compromised by the Trojan.

In February 2005 a Spanish male computer student was fined for spying on a young woman via her webcam, as well as monitoring her online conversations and email communications.

"Whether it is done for financial gain or for dubious personal reasons, spying on others using webcams is a sick and twisted thing to do, and likely to traumatise the innocent people that suffer this invasion of privacy," said Theriault.

"In this case, if found guilty, the Spanish courts need to dish out a tough sentence to all parties in order to send out the message that this type of online behaviour will not be tolerated."

• Voyeur hides webcam in shower gel
• Texas asks surfers to spot immigrants
• Boffin plans to Big Brother his baby