'Complete Control': Notorious Surveillance Contractor Tech Uncovered

Zenon Evans | 6.26.2014 1:38 PM

(cc)

Hacking Team, a company which has been described as an "enemy of the Internet," provides law enforcement and intelligence agencies with legal "offensive technology" to infiltrate and remotely control people's phones and other digital devices. The extent of this company's capabilities remain murky, but two groups of Internet security experts say they have just exposed some of their surveillance firepower and the fact that Hacking Team has more servers spitting out malware based in the U.S. than any other country.

"Our latest research has identified mobile modules that work on all well-known mobile platforms, including as Android and iOS" as well as Windows Mobile and BlackBerry, announced the Russian-based Kaspersky Lab on Tuesday. "These modules … translate into complete control over the environment in and near a victim's computer." Indeed, the governments who use Hacking Team technology can turn on a cellphone's microphone, camera, and GPS unnoticed. They can also access people's email, call history, chats, browsing history, among many other potentially incriminating data.

"It's long been known that law enforcement and intelligence agencies worldwide use Hacking Team's tools to spy on computer and mobile phone users—including, in some countries, to spy on political dissidents, journalists and human rights advocates," explains Wired. "This is the first time, however, that the modules used to spy on mobile phone users have been uncovered in the wild and reverse-engineered."

One of the biggest doozies of the Kaspersky Lab report is that the U.S., by far, houses the most Hacking Team servers, which are part of a "huge infrastructure that is used to control the [remote control system] malware implants." There are 64 known servers here, compared to 49 in Kazakhstan, 35 in Ecuador, 32 in the United Kingdom. Most of the other 40 countries that the lab traced Hacking Team malware back to have only one or two servers.

The lab cautions, "we can't be sure that the servers in a certain country are used by that specific country's LEAs [law enforcement agencies]; however, it would make sense for LEAs to put their [command and control servers] in their own countries in order to avoid cross-border legal problems and the seizure of servers." Likewise, it's no secret that the company has aggressively marketed itself to American government officials.

Hacking Team spokesman Eric Rabe quick to downplay the findings as "old news," according to the Associated Press. "We believe the software we provide is essential for law enforcement and for the safety of all in an age when terrorists, drug dealers and sex traffickers and other criminals routinely use the Internet and mobile communications to carry out their crimes," he assured.

However, Citizen Lab at the University of Toronto, which produced a report alongside Kaspersky Lab's and has long kept an eye on Hacking Team, reitereates that the company's products have a history of being used to target journalists and activists around the world.

"This in many ways is the police surveillance of the now and the future," cautions Morgan Marquis-Boire, a lead author on the report and a security researcher with Citizen Lab. "What we need to actually decide how we're comfortable with it being used and under what circumstances."

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: How Bad Is the New GDP Growth Estimate?

Hide Comments (47)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

sarcasmic 11 years ago

Courteney Cox shows off her incredible bikini body as she celebrates 50th birthday at tropical resort with boyfriend Johnny McDaid

http://www.dailymail.co.uk/tvs.....cDaid.html
She sure don't look 50. Dang.
The Heresiarch 11 years ago

"terrorists, drug dealers and sex traffickers"

A trifecta of non-existent threats, or threats caused by government interference in the first place.
1. dantheserene 11 years ago
  
  My thought, exactly.
2. Cytotoxic 11 years ago
  
  Terrorists are a threat and they were not created by 'government interference', unless you count the Iranian and Saudi efforts to fund them.
  1. The Heresiarch 11 years ago
    
    They are not a threat in the sense that the chances of me being killed by one are extremely remote, as opposed to a car accident, heart disease, or cancer.
    1. sarcasmic 11 years ago
      
      Or lightening on a sunny day.
  2. mad.casual 11 years ago
    
    Terrorists are a threat
    
    Regardless of origin, terrorists are a threat the same way, bees, sharks, and lightening are a threat.
    
    Tylenol, which kills several hundred Americans every year for decades, is a far greater threat to our way of life than terrorists.
3. Matrix 11 years ago
  
  I wouldn't say sex traffickers are technically due to government intervention. There are plenty of sex traffickers that target children. Child prostitution should remain illegal. But consenting adults should be able to do exchange money for sex.
  1. The Heresiarch 11 years ago
    
    "There are plenty of sex traffickers that target children."
    
    Are there really? How many are "plenty"?
    1. mad.casual 11 years ago
      
      How about, instead of arguing about plenty, could you agree to an industry-wide bias towards youth and a general disregard for the law?
    2. Matrix 11 years ago
      
      Worldwide, almost 20% of all trafficking victims are children. However, in some parts of Africa and the Mekong region, children are the majority (up to 100% in parts of West Africa).
      
      And not all human trafficking is for sex. There is a lot for forced labor, which again should always remain illegal.
      1. The Heresiarch 11 years ago
        
        I hope you'll forgive me if I take a United Nations Office on Drugs and Crime Report with a huge grain of salt.
Jerry on the sea 11 years ago

And this is legal how?
1. sarcasmic 11 years ago
  
  Since when did law enforcement have to follow the law?
2. Sevo 11 years ago
  
  Under yesterday's ruling, it seems the cops need a warrant.
  1. UnCivilServant 11 years ago
    
    But you're not under arrest, we're just searching.
3. Ted S. 11 years ago
  
  Because fuck you, that's why.
  1. Bgoptmst 11 years ago
    
    +1
Sevo 11 years ago

The phone designers are not able to prevent the remote control? Or not allowed?
1. R C Dean 11 years ago
  
  Says iOS has to be jailbroken first.
2. Paul. 11 years ago
  
  Of course. But the age old tug-of-war between flexibility/power runs into stodgy safety.
  
  There was a time (in the old days) when you couldn't get a virus when reading an email. It was physically impossible.
  
  Then came along Microsoft and the desire to integrate "Active Content" within emails and BLAM, now you can be compromised by merely opening the email, attachments be damned.
  
  As long as phone providers and os mfgs provide an API to turn on cameras, turn on speakers, allow sophisticated controls, you open the door to unauthorized use. The more complex the features, the more likely the loopholes, the more difficult to plug them.
Xeones 11 years ago

Yo, fuck these guys.
R C Dean 11 years ago

If this is external malware, can't it be blocked by your firewall, etc.?

Now that Kaspersky has identified it, I assume their software will block it? Interesting that I don't see them saying that, although I scanned the linked article and may have missed it.
1. Paul. 11 years ago
  
  Yes. Any 'legitimate' law enforcement tool which acts like malware or displays malware heuristics can be blocked by any firewall/antivirus/security measure.
  
  A root kit is a root kit is a root kit, it doesn't matter whether it was written by a GS-12 or a teenager in Malaysia.
  
  What could happen, is that our fine government "gets to" malware/spyware/firewall/security firms and demands a 'back door' to allow any malware with 'X' signature to pass through.
  
  This is harder than demanding back doors to encryption, because fewer encryption standards exist. But never underestimate the government's ability to ban or regulate something through sheer force of will.
  1. Cytotoxic 11 years ago
    
    But never underestimate the government's ability to ban or regulate something through sheer force of will.
    
    You love saying this, but black markets are real.
    1. Paul. 11 years ago
      
      And so are the life sentences the people who ran them are serving.
      1. Cytotoxic 11 years ago
        
        The government still can't stop it. Never underestimate the ability of technology and ingenuity to undermine government bans and regulation.
      2. Invisible Finger 11 years ago
        
        So you're saying the life sentences are not a deterrent.
Raston Bot 11 years ago

64 servers in the US? Sounds like our govt's a significant piece of their revenue stream.
Paul. 11 years ago

My concern here is that we're whining about Tazer International, and not whining about the officials that use these tools.

It's like we're saying the right people are in charge, but the wrong tools are being used, no?
1. Invisible Finger 11 years ago
  
  No, we're saying the tools wouldn't exist if the power wasn't granted to anyone in the first place.
  
  Sure, the tools would probably exist in a more rudimentary form, but by the sheer coercion of taxpayers the officials can funnel these malinvested dollars to a company that would otherwise have little to no revenue.
GILMORE 11 years ago

well its encouraging to see that we are equally as concerned with Rule of Law and the rights of our citizenry as Kazakhstan.
Cytotoxic 11 years ago

Any area nerds got tips for protection against this kind of thing?
1. sarcasmic 11 years ago
  
  Not for you.
  1. Cytotoxic 11 years ago
    
    You're more pathetic everyday it seems.
2. Paul. 11 years ago
  
  Given what I'm reading here, good firewall and anti-virus/malware (preferably real time) protection should do the trick.
  
  I'm not as versed with anti-virus/malware on the cell phone platform so I can't speak to that.
  
  Samsung, however, since the KitKat update is nagging me daily about some kind of 'security update' it wants to do on my phone automatically.
  
  I wince at anything the manufacturer wants to download and run automatically so I keep declining.
  
  I haven't decided if that's a prudent move or not.
  1. Leigh 11 years ago
    
    Have you ever had an update to a piece of working software that made your life better? I haven't. The update in the best case is benign, but more likely, it will bloat my system and cause performance drops. The worse was when AT&T decided to push an OS update to my Samsung S3, and since then my battery life went to crap and the phone would get hot for no particular reason. And for what? I've decide to deny all automatics update since.
sarcasmic 11 years ago

Girl, 19, killed after her brother's friend threw a lit sparkler into her room as a prank
Kristen Milano died of smoke inhalation after the sparkler started a fire in her family's apartment in Southington, Connecticut on Sunday
Eric Morelli, 18, 'had thrown the firework inside an open window to try to get her brother's attention' - but he was asleep downstairs
The family did not even think Milano was home at the time
Friends said that Morelli, who has been arrested, often acted without thinking things through

http://www.dailymail.co.uk/new.....prank.html
Should have thrown a flashbang instead. Then nothing else would have happened.
1. Paul. 11 years ago
  
  Morelli is a retard, and should be promoted to police captain post haste.
  
  At minimum, Morelli would have ruined the fuck out of whatever object that sparkler landed on.
  
  'He just goes off and does what he wants to do at that time,' Brian Goralnik, a neighbor who grew up with Morelli, told WFSB.
  'At some point, you would think that maybe he'd find the right light, the right way, and he just couldn't find that.'
  Another neighbor, Linda Selander, told WTNH that she was 'semi shocked' to learn that Morelli was allegedly involved. She explained that the teenager crashed his mother's truck in her yard last year.
  'All I wanted was for him to come over and apologize and say "hey I didn't mean to do it" and he didn't,' she said.
  1. sarcasmic 11 years ago
    
    Does whatever he wants and doesn't apologize for destroying other peoples' property? He definitely missed his calling.
2. Raston Bot 11 years ago
  
  Similar happened at UVA in the late 90s. DA declined to prosecute the two guys who threw two smoke bombs into the girl's apartment because her parents said they didn't want more lives ruined by this stupid tragedy.
Zillamod 11 years ago

"What we need to actually decide how we're comfortable with it being used and under what circumstances."

I really hope someone prepares Haking Team for the realistic feedback that the average American is not ever going to be comfortable with the prospect of being an advanced target of this kind of surveillance.
Invisible Finger 11 years ago

Hacking Team spokesman Eric Rabe

... is setting himself up to be royally hacked unless Eric Rabe isn't his real name.
Paul. 11 years ago

Who's the Bataan death march survivor with her?

Courtney Cox.
sarcasmic 11 years ago

Is this more to your liking?
Paul. 11 years ago

I like how the only choice is Courtney Cox or the actress from Identity Thief.

Nothing inbetween. Nothing at all.
sarcasmic 11 years ago

There's plenty thinner than CC. I thought she was in between.

Please log in to post comments

'Complete Control': Notorious Surveillance Contractor Tech Uncovered

Latest

The Supreme Court Is About To Hear 2 Education Cases. Neither Goes Far Enough.

Trump Wants Lower Egg Prices. He's Also Putting Tariffs on Imported Eggs.

Don't Fear the Bird Flu When Dyeing Easter Eggs

Not Guilty but Punished Anyway

Marco Rubio Brags About Defending Freedom of Speech While Eagerly Undermining It

Recommended

Login Form