The creator of the widely-abused DarkComet remote access tool (RAT) has discontinued the software after realising it was being used by the Syrian Government to spy on activists.
Although no doubt genuine, the announcement by Jean-Pierre Lesueur is a strange one. Although used by some white hats for legitimate pen testing, DarkComet has also been widely abused by black hats to hack remote systems thanks to its strong reputation in the criminal underworld.
After learning of its use by the Syrian Government to attack opponents of the regime, however, Lesueur, also known as 'DarkCoderSc', has had enough.
The DarkComet RAT could carry out the full gamut of Trojan mischief, from opening a back door to recording keystrokes and webcam images.
“Why did I take such a decision? Like it was said above because of the missuse of the tool, and unlike so many of you seem to believe I can be held responsible of your actions, and if there is something I will not tolerate is to have to pay the consequences for your mistakes and I will not cover for you,” he wrote.
In May, the Syrian Government was reported to be using several Trojans, including DarkComet, to target anti-government activists through bogus Skype phone calls.
This took the use of the Trojan from the realm of criminality into that of death and murder, which seems to have been too much for Lesueur. Indeed, the Syrian Government has become a case study in how allegedly totalitarian regimes can counter the power of Internet opposition using black hat tools and malware.
The coder's decision is unlikely to slow the Syrian regime's use of such tools; there are plenty to choose from.
“Unlike what a handfull (sic) of people think i never cautioned small/huge hacker groups who used my software wrongly, my goals always where to provide acces to tools more powerfull than any paying/private existing tool in terms of security and all for free!,” said Lesueur.
"It was no surprise to hear of the Syrian regime using this Rat to spy on their population. It follows in the grand tradition of using Rats in targeted, politically motivated attacks such as LuckyCat, Gh0stnet and Shadownet," security expert Rik Ferguson of Trend Micro told the BBC.
"It's not often you can welcome the demise of anything, however, let's hope DarkComet is only the first Rat to take the poison."