The former FireEye intern that was arrested during the Darkode forum FBI crackdown has pleaded guilty and is now facing up to 10 years in prison and a fine of $250,000 / €217,000.
Morgan Culbertson, a student at Carnegie Mellon University, had landed between May 2014 and August 2014 an internship at FireEye, a famous US-based security firm.
What was unknown to his employers was that Mr. Culbertson had a secret project: the Dendroid malware.
Culbertson created the Dendroid Android malware
This malware string was capable of remotely accessing and controlling Android smartphones, allowing hackers to take over the device and make calls, intercept messages, steal photos, and even start and close applications.
According to Lookout, “Dendroid features some relatively simple – yet unusual – anti-emulation detection code that helps it evade detection by Bouncer, Google’s anti-malware screening system for the Play Store,” allowing attackers to easily bundle it with safe-looking apps without being detected.
What was even worse was that Mr. Culbertson had registered on the infamous Darkode hacking forum, a meeting place on the Dark Web where hackers would exchange or buy malicious software.
Dendroid cost only $350
Using the usernames “android” and “soccer,” Culbertson was selling Dendroid for $350 / €311. Additionally, for $65,000 / €57,800, he would have been willing to deliver the malware’s source code.
His business endeavor was stopped short this last July, when in a joint operation that included law enforcement agencies from 20 countries, the FBI took down the Darkdode forum, arresting several of its users.
To this point, it is unknown how many Dendroid instances Mr. Culbertson has sold, or how many phones have been infected.
Mr. Culbertson is one of the first hackers convicted from that raid, and his sentencing is scheduled for December 2.
Judging that he has no criminal record, has confessed to his crime, and expressed regret, we should expect a short prison sentence.