Short film: Rats and Slaves | Buying Hacked Computers | Subtitled


A little while ago I was browsing the internet
when I ended up on a hack forum. I scrolled through the topics out of curiosity. Occasionally I saw words likeRATs, Andslaves. What areRATs? And what doesslavesmean? I opened one. These are slaves. Slaves are hacked computers, Or rather, the users of these computers. The computers have been taken over remotely
with so-called RATs. Maybe you’ll recognise it. When you have computer problems,
you can be assisted remotely. You let someone control your computer remotely
to solve the issue. This is Noëlla speaking, I already called you earlier,
because I can only send e-mails from my office, but not from my Wi-Fi network at home. There is a programme on our website,
that needs to be run. The programme that they use for this is a
Remote Administration Tool. Also known as RAT. -That should work for you now.
-Thank you. I can get back to work now. But there are programmes that work exactly the same,
used by people with other intentions. A Remote Access Trojan. This is a virus where the hacker has full access
to your computer. The RATter cannot only look at your screen,
but also has access to all your files, can steal passwords,
and even turn on the microphone and webcam. These hackers call their victims slaves. There is a whole community of RATters
who ridicule victims, give each other advice on spreading the virus, sell tools to prevent antivirus
detecting the viruses, and share ways to make money off slaves. What strikes me is how simple everything seems to be. It almost seems you barely need any knowledge
to hack someone. But is that really true? How difficult is it to RAT someone? What are the possibilities? Is it really that easy to get slaves? To find out,
I started my own investigation. Last night I tried to get a RAT on Noëlla’s laptop. I moved the sticker a little bit. Everything seems to be working.
Fingers crossed it still works tomorrow. So I’ve decided to hack my own girlfriend
by infecting her with a RAT. She’s at her internship right now,
so she should be working. I’m curious to see if she noticed anything
when she comes home tonight. Let’s see what we can find out about her day. That was easy. First, I checked if I could watch her screen. That’s crazy, right? That went smoothly.
After that, I turned on the microphone. So if you have a stable internet connection,
you can listen in on the whole room. The RAT also lets you browse through the files.
I downloaded a few files. So you can download things,
but you can also upload things on the computer. And you can control the webcam. I distracted Noëlla through Facebook Messenger,
to then turn on the webcam. Holy shit. It seems that as long as I distract her,
she won’t be able to see that I’m recording her. Instead of the webcam light, some laptops, like Noëlla’s,
show a notification on the screen. Seriously, this is the first time
I actually don’t trust my boyfriend. What? He’s working on a project
and I think he hacked my laptop. My screen suddenly showed ‘camera off’.
And my sticker is gone. And maybe my microphone is on
and he can hear everything. What a jerk.
I don’t think he’s recording with the microphone. She’s starting to suspect something,
and now she wants to call me. I’m actually quite nervous. -How are you?
-Ok, I guess. You said your computer is acting strange? Yes, it’s acting very strange.
I got a notification that my camera… -Was turned off? Yes, it said “camera off”. I thought that was strange
and that you might be up to something. I have a confession to make. I tried to see what I can do with a RAT today.
On your laptop. I knew it, I didn’t trust you. -I’m sorry, I’ve been feeling really guilty,
as soon as I started. -Yes.
-But I’ve stopped now. I just used my RAT to test if it works.
But what do other people use it for? Some RATters do it purely for the thrill. They find it exciting to secretly watch other people
and have control. There are even plug-ins
to disable the light on some webcams. It’s like a digital form of voyeurism. But in most cases, it’s about money. A lot of RATters steal credit card and bank details
or empty PayPal accounts. They often do this through
your own internet connection. That way the money is transferred through
your own IP address. As that leaves no traces of a hack,
companies often won’t compensate damages. Stealing accounts is very popular anyway. Web shops and social media accounts are sold
for just a few euros, but game accounts are also in high demand. Not only accounts, but even entire photo collections
are resold, to use for identity fraud for example. Besides that, the computer power of computers
is also exploited. The RATter installs so-called crypto miners, which can
secretly generate Bitcoins or other cryptocurrency. Large groups of slaves can also be used
to crash websites. This is called a DDoS attack. A slave won’t notice much,
because everything happens in the background. The slaves are also sold.
The price per slave lies between 14 cent and a few euros. Depending on the country they’re from
and bulk discounts. Lockers and ransomware are used to extort people. All files will be encrypted, so you can’t get to them. You’ll only receive the password after paying
a large sum of money… …and sometimes not even then. This isn’t the only way RATters are extorting people. I had a webcam and opened it up sometimes,
but other than that I didn’t use it much. This is Sjoerd. A little while ago,
Sjoerd was hacked by a RATter. At work I received a message on Facebook. I decided to check it when I got home. I had forgotten about when I got home
and opened my laptop. I saw a link with a threat that
they were going: “to ruin my life”. I wanted to check who it was,
but my mouse went in another direction. I had no control over my screen. All of a sudden a new window opened
and I was in contact with someone I didn’t know. First they showed me recordings. The recordings were of me,
but mainly of my girlfriend at the time. Recorded with my MacBook,
which was always open on the edge of my couch. Then an English-speaking voice followed
with a threat. I had to transfer a thousand euros,
otherwise they would publish it online. My camera was aimed towards the other side of the room.
The hallway from the bathroom to the bedroom was visible. When I walked around the living room or
got out of the shower, I would usually wear underwear. My girlfriend had the tendency to walk around the house
before putting anything on. That was all captured on camera. You’re watching it and all you can think is:
this cannot be published and how do I solve it. They had already seen my Facebook page.
That also shows my family and my best friends. They showed me screenshots of them. They wanted to upload it to YouTube and send it to them. Your first reaction is to transfer the money
to make it stop. But in the back of my mind I knew that if I did that,
there was no way out. They told me there was a Western Union nearby
and that I should go there. You don’t feel safe in your own house anymore.
So I left my laptop at home and closed it. The moment I closed my laptop,
my girlfriend came home. All I could think was: this can’t happen,
this needs to be solved. So I went outside.
That’s when I realised they were tracking my phone. They could see exactly where I was. I received a Skype message that they knew where I was
and that I was walking the wrong way. When you’re being instructed where to go, that’s what you do.
Just to give them the impression that you’re going to pay. Even if you’re not sure yet what you want to do. You’re postponing to think of the best solution. My girlfriend didn’t realise what was going on
or why I suddenly ran outside. Until she called me and I was panicking
and trying to tell her what happened. She was shocked and didn’t know what to do.
All she said was: call the police. So I did. Sjoerd’s story has a happy ending. The police investigated his laptop,
which showed that the culprits were somewhere abroad. The recordings were luckily never published. Because Sjoerd’s laptop was connected to iCloud,
the hacker tracked him down through Find My iPhone. The RATter doesn’t only gain access to the computer,
but to everything that’s connected to it as well. Most people automatically back-up
the photos on their phone to the cloud. The backup of WhatsApp messages will
also be saved in the cloud, unencrypted. But how do RATters actually get slaves? First of all, the RAT needs to be made undetectable
by antivirus software. Special tools exist for this exact purpose:
crypters
A crypter repackages and encrypts a virus
so antivirus software can’t recognise it. Even if the virus is working in the background,
it will be hidden in another normal process. The prices for crypters vary. Some crypters costs hundreds of euros a month,
while others are just a few tenners. The more you spread a virus,
the bigger the chance of it getting detected. An expensive crypter will stay undetected longer. I tested a cheap crypter myself. This is the USB stick with the RAT that isn’t crypted. Because the RAT that I’m using is very well known,
all antiviruses will immediately recognise it. So should my computer. Look, it immediately recognises it as a virus. I’ve put the same RAT on this USB stick,
but now it’s crypted. Let’s see if that works. When I open the USB stick here, nothing happens.
I can easily copy the virus onto my computer. No notification. I can even start it. You can hear my computer connecting. So it still works. The funny thing is that crypting, so antivirus-evasion
is cheaper than a subscription for antivirus software. Antivirus is still useful
for recognising well known viruses. But there’s no guarantee that you’ll never get a virus
as crypting is very easy and very cheap. To spread a RAT, most RATters use so-called exploit kits. This is service that automatically
searches for vulnerabilities. Exploit kits are often placed on hacked websites,
or hidden in advertisements. When you come across them, the RAT will automatically
be installed without you noticing. Others hide their RAT in files like
a film or a programme that you can download. Or in documents such as Word and PDF
which are sent via e-mail. But slaves can also be bought. The past months I’ve been active on the forums
and I’ve slowly become part of the community. I encounter various sellers of slaves on the forums. Because the price per slave is so low,
I almost can’t imagine it’s real. Therefore, I decided to test it. Through an anonymous chat I gained
the trust of a few sellers. I decided to make one purchase. For the sole reason to find out
if slaves would actually be delivered. After weeks of chatting… …and a visit to a bitcoin ATM,
I was finally ready to test buying slaves. I made a deal with one of my contacts
to buy 500 slaves for 15 cents each. The money has been sent, so I thought,
let’s check where the money is being sent to. Bitcoin is very transparent. You can easily see
where the money comes from and where it’s being sent to. A bitcoin is currently worth more than
ten thousand euros. That means he has more than
a hundred grand on this account. He says he’s got five other customers
who are constantly talking to him. So coincidentally five other people
on an average working day: “Hey, I’m just going to buy some slaves.” Yes, I have two. From Argentina and Brazil. Another one. What the fuck. I’m actually shocked that this works. And another one. Romania, two more. America. Can you imagine being one of these. If I was some kind of creep, I could now… just open their webcams. Sometimes more appear, other times some disappear. From all over the world. I’m curious to see how many we’ll have in an hour or so. The slaves started disappearing faster. An hour later I only had fourteen slaves left,
the next day only two. It was clear I wasn’t going to get the promised
five hundred. And were these even real computers,
or was I being scammed? The next day I decided to make one more purchase
with a different seller. I’ve received his bitcoin address. And send. This is nerve-wracking. He has started transferring slaves. He says it should take a minimum of 30,
maximum of 45 minutes. And that I’m the only one with access. If it doesn’t work this time, it’s ‘only’ twenty dollars. But it should work. Ok, the first one is from Indonesia. It’s been a little over half an hour
and I’m connected to six slaves. I feel the urge to have a look
if these are even real computers. I might say that, but I can test one of course. I can choose one from the list
and see if he’s moving his mouse or something. Then we’ll at least know if it’s a real computer. Should I do it? Yeah, I’m just going to do it.
What can go wrong, right? He has a webcam. -I’m not going to turn it on for now.
-Why not? I don’t know man, that’s taking it a little far. Isn’t this crazy? Francisco. Francisco is actually typing something on Facebook. This is weird. I need to stop for a minute. This really doesn’t sit well with me. After two hours, I still only had fifteen slaves. The purchase seemed to have failed. We decided to stop and have dinner. We had just finished eating when I wanted to
call the producer and tell him that I had been scammed. So I walked back into the work room. -They keep coming in.
-What is this? -These are all computers. -Ok, well let’s…
-I’m leaving. Hang on, I need you in a minute.
Can you put on a microphone? From Malaysia to Portugal, Turkey, Indonesia, Mali. This is someone from Estonia for example. Look how many virus scanners this person has.
Like one, two, three, four virus scanners. We should be able to watch his screen now. -Is this real?
-Yes, it’s real. You can see which tabs are opened. His e-mail is opened. -Isn’t this crazy?
-Holy shit. We can go even further. I don’t know if he’s on a laptop,
but if he is, we can also turn on the microphone. It seems like he is.Men speaking in foreign language.-We can easily browse through his documents as well.
-No. -I won’t do it, that’s taking way it too far.
-Yes. But he also has a webcam. Are you really going to do this? -Stop it!
-Yeah. What the fuck. Do you feel like you could be
on one of these computers too? -No, because there aren’t a lot of… -West-European?
-Western European computers here. The purchase was successful, but
it had only increased my curiosity. Would it also be possible to buy European,
or even Dutch and Belgian slaves? I contacted a seller who offered exactly this
and made a deal. For some reason I have a bad feeling with this guy.
I don’t trust him completely, I guess. I’m not sure if I should continue this deal. He claims he can deliver a thousand Dutch
and Belgian slaves within four hours. But it sounds too good to be true. This is a review site. People have written reviews about his service. The reviews are mixed, some people say he’s a fraud,
others say he’s real. I’m just going to do it. I think my hunch was right. He said it would take around 30 minutes. It’s been an hour and he’s gone offline.
I think he scammed me. This is giving me mixed feelings. Because I’m glad he can’t get access to a thousand
Dutch computers that quickly. But it’s just shit when you get scammed.
Always a shit feeling. After this scam I stopped the investigation
for a little while. It’s started eating away at me. I’m in contact with criminals,
whilst also giving lectures on ethics and privacy. For a investigation where I watch innocent
people’s privacy being compromised. After a few months
someone asks me about this investigation. I decide to open my chat and e-mail again. After all this time I open my RAT again. I see three slaves are online. Would they be real people? I decide to open the webcams one by one. An empty bedroom in Iran, a group of friends watching football. I’m stunned.
Suddenly I’m in the bedroom of a young girl. She’s quietly doing her homework
and has no idea. But if I can see her,
other hackers might be able to as well. In that moment I realise again,
how serious this problem is. I immediately turn off all suspicious programmes
on her computer. I decide to pick up the research again
and try to buy European slaves one last time. I manage to find a seller who’s been active
on various forums for years. He has a lot of positive reviews. Tonight I’ll be buying European slaves. I just made a deal with someone. I’m paying 37 cents per slave
and I’ll get 300 slaves in total. That’s the promise at least. This is the first time
that I have a good feeling about a seller. Although I feel ambivalent,
this guy seems to deliver on his promise. 114 dollars, here we go. I received a link. What the fuck is the link. They’re already coming in. Another one, and that’s Windows 10.
The newest Windows version. These are from Serbia. And more, Iran, Serbia. This is like a page where you can keep track
of the amount of slaves coming in. It’s almost like looking at a track and trace
from the postal service. With which you can see how many you ordered,
their location and how many RATS are executed. It’s not going very quickly,
it will take a while. But my feeling was right.
He’s reliable in his unreliability. He delivers what he says he will,
but what he delivers is obviously… This is how he makes his money, this is his job. Portugal. It still amazes me that this works so well,
for so little money. I mean I can destroy someone’s life, social life
or their computer… …for a small fee of 37 cents each. I want to stress again that these are all Windows 10. So if you’re thinking: “I’ve updated my computer or
I have a virus scanner, this won’t happen to me”. I’m going to have a look at this person. This one literally has three different
antiviruses on their computer. Yet we’re still in there. This is kind of a big deal. I also have antiviruses. And I always update my computer.
I have the newest Windows. It will probably still help, but it’s no guarantee
that it won’t happen. It’s like a false sense of security. Shall I click on one? Someone from Portugal. I’m turning on the screen capture now,
so I can watch what he does. He’s playing a game. He’s a gamer. He’s constantly getting spam on his screen.
Someone else is also on his computer probably. Maybe I can stop that a little bit. I can’t collect too much material.
I have to pay attention to my ethics. I don’t want to collect more than necessary. I could maybe turn on the webcam of the guy in Portugal. I know his name now,
so I can contact him directly afterwards. He doesn’t have a webcam. We’re only on 10% of what we ordered. Just 10%. Should we just wait and see? Get a drink
and come back to see how many there are? I think we’ve been waiting for 45 minutes now. I don’t know why, but we’re getting
a lot of slaves from Portugal. Portugal and Serbia,
they’re constantly coming in now. It’s quite late in the evening now. We’re not even
half way of what I’m supposed to receive. I think there’s a big chance there’ll be
other countries in here tomorrow. Another one from Portugal. At least
they keep coming in, as you can hear. I decided to show Noëlla the next day that I
had managed to get European slaves. We can now watch someone’s screen in Portugal. Shall we? -I’m going to do it.
-He’s just playing cards. We can also… …listen in. It doesn’t seem that much is being said. There is some background noise. These are all his documents. You can access everything, that’s the scary thing.
Here, photos. -This goes quite far doesn’t it?
-Yes, maybe we should stop now. Wait, what did that say? Adult Comics. Is this porn? This is someone who made a porn magazine. -Or at least has one on his computer. It gets worse… because this is a webcam. He or she has a sticker! I think it’s a separate webcam, placed somewhere. -That’s fortunate.
-Yes, absolutely! But even if we can’t see anything,
we can still browse through all the documents. It sort of feels like a video game. I think that an actual hacker,
people who do it for the money… …don’t even see these people as humans anymore. -No.
-It’s just a list. It’s a list that comes in and you can watch. It’s so easy. Here’s another one, Serbia. This is actually someone’s living room or bedroom. -Holy shit
-This is bizarre, right? I’m glad there’s nobody there right now. This is giving me a creepy feeling. What are you going to do next? Well… Are you going to let all these people know? Yes of course I’ll warn them. Yes. But I’m quite curious, what if I follow a couple of people
for a few days. How much I would be able to find out. -I would just let everyone…
-Yes I will let everyone know. People definitely have the right to know. -Hi, this is Koert.
-Hi, this is Anthony. I mentioned it earlier today already,
but I have this feeling that I’m becoming numb. I think that’s a dangerous line. I’m looking at the situation more so from
a film maker’s perspective, and less as a human being. Just now I went through someone’s files
for the first time and I downloaded a picture. That is already a line you’re crossing there. I could start downloading all of their holiday photos,
but that is just unnecessary. Then it becomes almost purely sensation seeking. -Maybe this should be the end of the research.
-Yes, I think it makes sense to stop. I had just started writing my warning
when the rest of my order came in. Suddenly Belgians started coming in.
That made it come very close to home. I decided to immediately search for their names,
so I could warn them personally. I clicked on the first one. Hoping his screen would give away his name,
I decided to remotely watch what he was doing. I’m now waiting until he goes onto his Facebook,
so I know who he is. So I can contact him. Another one from Belgium, this is crazy. Because I didn’t want to look at his screen for too long,
I opened his Facebook page myself. That’s how I found his full name. More slaves started coming in. I realised it would go a lot quicker if
two people were searching for names. Noëlla, can you come in? Another Belgian right here. -With a first-
-and surname. I should write this down. Another Belgian. It’s a new one called Fred. Even though I don’t want to anymore,
I’m going to look through his files. Look at that, it’s set to Dutch. We’re looking for his name. -Obituaries, that is terrible.
-This is so personal. -That actually said medical files.
-No way. -It said medical files.
-Pension files, tax files. This guy needs to be warned as soon as possible. This is very personal information. I realised I needed to warn the slaves immediately.
Because if I had access, others might do to. That’s why I decided to no longer look for names,
but to show the warning on their screens. I sent everyone the warning, three times in English
and twice in their own language. Besides that, I uploaded the rat to a website
that spreads them to antivirus companies… …so the RAT can be added it to their database. That way the RAT can be detected by the virus scanners. After that I deleted all the slaves. I send another warning through e-mail
and social media to the slaves I had identified. I started this investigation with the question:
“how difficult is it to rat somebody?” It was surprisingly easy. I can’t programme but was still capable of hacking
hundreds of computers. I wanted to delve deeper into the world of RATters. Maybe I succeeded a little too well. Hi, this is Anthony van der Meer. When I received the e-mail, I was on holiday.
I thought it was a phishing mail. On Sunday morning I woke up with a lot of Russian spam
in my inbox and transfers through PayPal. I think a little over 500 euros. PayPal have denied any responsibility and said
the access was authorised from my own IP address. I’ve worked in IT for fifteen years now,
your story is very realistic. I also use RATs it myself, for professional reasons. But I don’t use it for the wrong reasons. It could happen to anyone.Translation: Caitlin Eagles

Leave a Reply

Your email address will not be published. Required fields are marked *