Spanish police have arrested a man suspected of creating a Trojan horse software program capable of making secret recordings of Internet users through their webcams and stealing confidential information.
The 37-year-old suspect is a computer programmer from Madrid identified by the initials J.A.S. Spanish Civil Guard units caught the man spying on various Net users through their webcams when they surprised him in his home on Monday during an operation dubbed "Tic-Tac," they said.
The man is alleged to have created a Trojan horse program distributed through peer-to-peer file sharing networks, like Kazaa. The Trojan horse can be hidden in a file for a picture or song, and once downloaded gives the hacker remote access to the victim's computer. The hacker can install a keystroke logger that records confidential information such as banking passwords, as well as accessing personal photos and other sensitive information stored on computers. What's more, it gives the hacker the ability to operate a webcam connected to the computer, and to view and record anything in the camera's field of vision.
Police characterized the Trojan horse as "highly sophisticated" and said they believe it has already infected thousands of computers in several countries. As far as they know, no commercial antivirus products are able to detect it, they said.
Because they have not identified which Trojan horse the suspect allegedly created, antivirus companies cannot say definitively whether or not they are able to detect it, explained Graham Cluley, senior technology consultant for Sophos.
That said, since the Trojan horse appears to have been around for a while, he suspects that it has been seen by antivirus companies before.
It's now up to the police to share whatever information they have so users can check to see if they are infected, Cluley said.
"You could see how people would be quite disturbed by the thought of being burgled and recorded in this way," he added.
Spanish police were made aware of the Trojan horse in July when a resident in the city of Alicante contacted the Civil Guard through its Web site to report a computer problem, police said. They then launched Operation Tic-Tac, and by working with a Spanish antivirus company they were able to locate the suspect, they said.
In addition to catching him in the act of spying, police found abundant documents, recordings and other incriminating material in his home, they said.
"We believe he is guilty. We found a mountain of evidence," a spokesman for the Civil Guard said Wednesday. The suspect is due to appear in court later Wednesday. If convicted, he could face years in jail, the spokesman said.