KELLY MCEVERS, HOST:
A computer programmer who allegedly hacked into thousands of computers, activating webcams and microphones, has been indicted in Ohio. Authorities say the hacker started as a teenager, infecting computers with malware. And then for years he watched and listened in on people who had no idea it was happening. NPR's Laura Sydell has more.
LAURA SYDELL, BYLINE: The malware was discovered last year on computers at Case Western Reserve University, and it was brought to the attention of the FBI. Two security researchers also independently uncovered the virus. One of them is Patrick Wardle. Here's what he found.
PATRICK WARDLE: It has the ability to listen to people's conversations, turn on the webcam, take screen captures, record keystrokes. Pretty much it's almost in some ways a complete surveillance device.
SYDELL: A complete and total 24/7 surveillance device. For over 13 years, this hacker allegedly spied on his Ohio neighbors and around the country. The malware is called Fruitfly because they initially found it on computers in medical labs where they were studying fruit flies. But Wardle's research took him down a much darker path. The hacker allegedly had broken into American homes.
WARDLE: He could detect when the user was not sitting in front of their computer and then turn the webcam on to hopefully record or spy on the user perhaps as they're walking around their bedroom or, you know, something in that capacity.
SYDELL: The alleged hacker is 28-year-old Phillip Durachinsky. He was indicted on 16 criminal counts in federal court in Ohio. Among the charges is the production of child pornography. Prosecutors would not speak with NPR about an ongoing case. The indictment indicates that Durachinsky used the computers to store pornographic images and to transmit them over the Internet.
To help power and spread his operation, he infected computers in schools, companies, a subsidiary of the U.S. Department of Energy and a police department. Thomas Reed works with Malwarebytes, an anti-virus software maker. He's one of the researchers who found the virus. He says the code in Fruitfly was old, going back to the 1990s.
THOMAS REED: We were surprised to see that it was - you know, one, that it had been undetected for so long, and, two, that we found it still active on somebody's computer.
SYDELL: Reed says Fruitfly was found on Macs and PCs. But the Mac intrusion surprised him. Because there are more PCs in the world, most hackers don't bother with Macs. That means there isn't as much anti-virus software or fear about viruses among Mac users.
REED: And as much as people like to say that Macs don't get viruses, there actually is malware out there for Macs.
SYDELL: In fact, Reed claims there was a 270 percent increase last year in malware for Macs. Apple has not confirmed that figure. But there is a reason that Reed thinks the virus went undetected for so long. It was only targeted at thousands of computers, not hundreds of thousands or millions. In the world of malware, that's not a lot.
REED: If stuff like this is used in a very targeted manner - so it's only being used to affect a small number of people - it can be really hard for security researchers to find it. And we may never know about it for years.
SYDELL: Reed says that means there may be other spyware out there similar to Fruitfly that hasn't been found. However, the FBI says it has not seen a lot of spyware cases like this. It isn't clear how these computers got infected. Reed says users might have opened an infected email or downloaded something from a website.
The best protections against spyware are rather analog. One way is to cover the camera on your computer. That's what the pope does - same with Facebook CEO Mark Zuckerberg and former FBI Director James Comey. Reed advises everyone to do the same and to turn off the computer when you are not in front of it, and use the latest anti-virus software. Laura Sydell, NPR News.
(SOUNDBITE OF LA ORQUESTA VULGAR'S "FANTOCHE A LA REALIDAD")
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.