Skip Ribbon Commands
Skip to main content
Navigate Up
Sign In

Press releases

International operation hits BlackShades users

Eurojust and Europol-EC3 logos

The Hague, 19 May 2014

Worldwide operation coordinated by Eurojust

During the course of a worldwide investigation, creators, sellers and users of BlackShades malware were targeted by judicial and law enforcement authorities in 16 different countries. The investigation culminated in a two-day operation, coordinated by Eurojust in The Hague and supported by the European Cybercrime Centre (EC3) at Europol.

During both action days, 359 house searches were carried out worldwide, and 97 people were arrested. Over 1 100 data storage devices suspected of being used in illegal activities were seized, including computers, laptops, mobile telephones, routers, external hard drives and USB memory sticks. Substantial quantities of cash, illegal firearms and drugs were seized. Authorities also succeeded in seizing the domain of the BlackShades website.

A recent case in the Netherlands of BlackShades malware being used for criminal purposes was that of an 18-year-old man who infected at least 2 000 computers, controlling the victim’s webcams to take pictures of women and girls.

Countries that undertook action against creators, sellers and users of the malware included the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, Italy, Croatia, USA, Canada, Chile, Switzerland and Moldova. Three coordination meetings were held at Eurojust prior to the action days, attended by most of the involved countries. During the action days, a coordination centre was set up at Eurojust, assisting the different countries by delivering overviews of the state of play in the countries involved, as well as providing judicial assistance. Representatives of Eurojust, Europol and the FBI were present at the coordination centre.

As a further demonstration of the level of cooperation achieved by this coordination centre, EC3 was present during the action days and provided real-time analytical support. EC3 will be instrumental in the follow-up, identifying victims and promoting technical solutions to protect computers against this malware.

Mr Koen Hermans, Assistant to the National Member for the Netherlands, commented: ‘This case is a strong reminder that no one is safe while using the Internet, and should serve as a warning and deterrent to those involved in the manufacture and use of this software. This applies not only to victims, but also to the perpetrators of criminal and malicious acts. The number of countries involved in this operation has shown the inherent value in Eurojust’s coordination meetings and coordination centres.

Key figures at a glance

  • Operations conducted in the Netherlands, Belgium, France, Germany, UK, Finland, Austria, Estonia, Denmark, Italy, Croatia, USA, Canada, Chile, Switzerland and Moldova
  • 97 arrests
  • 359 house searches
  • Over 1 100 data storage devices seized

Eurojust background information

  • Eurojust’s coordination meetings are the first step in bringing together law enforcement and judicial authorities from Member States and third States. Coordination meetings allow legal and practical difficulties resulting from the differences in the 30 existing legal systems in the European Union to be resolved prior to the action day.
  • Eurojust’s coordination centres are held on the action day and used to coordinate the operations at judicial level in the involved countries. Eurojust’s coordination centres facilitate real-time information exchange between judicial and law enforcement authorities and enable on-the-spot decision-making and immediate response by national judicial authorities to new developments. Coordination centres also provide all involved countries with an up-to-date overview of the operations and results.

BlackShades background information

BlackShades is a malicious form of software (malware) that was sold and distributed to thousands of individuals throughout the world. BlackShades' flagship product was the BlackShades RAT, a sophisticated piece of malware that enables its users to remotely and surreptitiously gain complete control over a victim's computer. Once installed on a victim's computer, a user of the RAT is free to, among other things, access and view documents, photographs and other files, record all of the keystrokes entered and even activate the webcam on the victim's computer - all of which could be done without the victim's knowledge. BlackShades also makes it possible to carry out large-scale distributed denial-of-service (DDoS) cyber-attacks.

A particularly harmful aspect of this software is the ability to encrypt, deny access to files and demand money. BlackShades provides sample letters such as the following for users of the software to modify:


 Screenshot obtained from

For more information, please contact:

Ms Leen DE ZUTTER, Media & PR
Press & PR Service
Tel: +31 70 412 5508 - E-mail:
Ms Lisanne Kosters
Corporate Communications
Tel: +31 70 302 5001