Creator of remote access tool LuminosityLink sent behind bars

The RAT software was a popular choice for cyberattackers.
Written by Charlie Osborne, Contributing Writer

A 21-year-old has been sentenced to 30 months in prison after pleading guilty to developing and selling LuminosityLink, a popular remote access tool (RAT) in the criminal underground.

On Monday, the US Department of Justice (DoJ) said that Colton Grubbs, from Stanford, Kentucky, had previously admitted to conspiracy to unlawfully access computers in furtherance of a criminal act, conspiracy to commit money laundering, and the illegal removal of property to prevent its lawful seizure.

The LuminosityLink RAT was created by Grubbs for the purpose of remotely accessing and controlling systems. The spyware was able to act as a keylogger, secretly turn on cameras and microphones to spy on victims, and both view and download files on an infected system.

See also: Teenage Apple hacker avoids jail for 'hacky hack hack' attack

In addition, the keylogging feature of LuminosityLink could be used to steal online website credentials, pulling this data from the system and sending it over to the RAT customer.

Security experts believe the software has been used to compromise tens of thousands of computers across 78 countries worldwide.

How to discover and destroy spyware on your smartphone (in pictures)

Grubbs not only developed the RAT but made the software a full-blown business; marketing and selling his wares online under the name "KFC Watermelon."

CNET: New ransomware can turn your computer into a hacker's tool

LuminosityLink was sold for $39.99 and Grubbs offered support and how-to guides in hacking forums. The software was purchased at least 6,000 times, according to US law enforcement, although Europol estimates this figure is closer to 8,600.

Speculation began to surface last year after customers complained that customer assistance was no longer on offer and messages remained unanswered.

Grubbs initially pleaded not guilty. However, he later reversed course and entered into a plea agreement, in which he admitted that he "was aware that his customers were using his software on victim computers in the United States and around the world."

It may not have been difficult for prosecutors to track Grubbs down as a public filing from the Kentucky Secretary of State lists the man as an officer of Luminosity Security Solutions LLC.

The 21-year-old will need to serve a minimum of 85 percent of his 30-month sentence before being released on a supervised term of three years.

TechRepublic: Starting at $40, hackers can attack your business with services bought on the dark web

In addition, the profit Grubbs made from LuminosityLink RAT will have to be forfeited. US law enforcement says this includes 114 Bitcoin, valued at over $733,000 at the time of writing.

"Our modern society is dependent on computers, mobile devices, and the use of the internet," said Robert Duncan, United States Attorney for the Eastern District of Kentucky. "People simply have to have confidence in their ability to use these modern instruments to transact their business, privately communicate, and securely maintain their information. It is essential that we vigorously prosecute those who erode that confidence and illicitly gain access to computer systems and the electronic information of others."

The case was investigated by the FBI, Palo Alto Networks Unit 42, and the UK's Southwest Regional Cyber Crime Unit.

The worst cyberattacks undertaken by nation-state hackers

Previous and related coverage

Editorial standards