Well, The strings for debug code can certainly show up, even these files themselves. Which you can see some samples of under /content (the video stuff is missing, fueling the conspiracy fire?) There's screenshots, wallet.dats and fake files. Even a picture of, presumably, one of the developers: https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/content/camera/001.jpg
Ref'd: https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/camera.rb In fact, if you look at all the modules in /evidence/ they all contain obvious dummy / test data. https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/exec.rb https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/clibpoard.rb So on. Are they implanting pictures of themselves on hacked machines? Screenshots of their own code? It's obvious to anyone who can take a cursory read of these chunks of code in context that this is dummy test data. -Travis On Tue, Feb 23, 2016 at 12:35 PM, Rayzer <[email protected]> wrote: > Travis Biehn wrote: > > It's pretty clear that these files just contain dummy values for > > debugging / test / placeholder purposes. There's no indication that > > these ever end up being pushed to devices. > > > > -Travis > > > > Just for giggles I did a search on those file names. > > pedoporno.mpg turns up articles on top about the Hacking Team > > childporn.avi turns up hits about the BAT_ETIMOLOD.A virus followed by > Hacking Team hits farther down the page. At least one of these files is > not always a dummy. > > -- > RR > "Through counter-intelligence it should be possible to pinpoint potential > trouble-makers ... And neutralize them, neutralize them, neutralize them" > > > > On Mon, Feb 22, 2016 at 11:26 PM, Rayzer <[email protected] > > <mailto:[email protected]>> wrote: > > > > Cari Machet wrote: > > > > > > > > > On Feb 21, 2016 10:45 AM, "Douglas Lucas" <[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > > > @OpDeathEatersUS on Twitter says - > > > > https://twitter.com/OpDeathEatersUS/status/619267423749828608 > > - that > > > > Hacking Team sells child porn evidence fabrication tools, and > > cites this > > > > code - > > > > > > > > > > https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/file.rb#L17 > > > > - in support of the claim. > > > > > > > > Can someone more programming-proficient than I look at the > > code and tell > > > > me 1) what it does overall, and 2) what the highlighted line - > > which > > > > mentions "childporn.avi" and "pedoporno.mpg" - does in > particular? > > > > > > > > > From the code analyst: > > > > > > Embedded in Galileo code 'pedoporn' 'childporn avi' > > > > > > One idea - considering hacking team w/FBI and DEA, you can embed > > that > > > code to give the appearance that the flagged target is under > > > surveillance for child porn but since there is already an FBI > > flag for > > > that, it's a lie. It's a mask to hide that your surveilling someone > > > but you have no legitimate legal reason to do it. > > > > > > a 'childporn.avi' - is a profile pic like an 'avatar' that flags > the > > > person as in a child porn ring but hacking team doesn't do 'rings' > - > > > they do targeted (activists, dissidents etc) surveillance. So > that's > > > off and since it's embedded "placed over the source code" - the > > LEA is > > > using it to mask the real reason they are spying on this person > > > > > > LEA likes to use child porn as a 'plant' - it's like an old > > school cop > > > 'planting' cocaine on someone they've violated. > > > > > > END > > > > > > > "childporn.avi" and "pedoporno.mpg" > > > > Those vids... Are they being planted on the site under attack by the > > hacking team or it's software or is it linked offsite? > > > > > > > > > > > > > > Here's some background: > > > > > > > > > > > > > > http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/ > > > > > > > > > > > > > > http://www.wired.com/2015/07/fbi-spent-775k-hacking-teams-spy-tools-since-2011/ > > > > > > > > From the Ars Technica article: > > > > > > > > === > > > > According to one spreadsheet first reported by Wired, the FBI > paid > > > > Hacking Team more than $773,226.64 since 2011 for services > > related to > > > > the Hacking Team product known as "Remote Control Service," > > which is > > > > also marketed under the name "Galileo." One spreadsheet column > > listed > > > > simply as "Exploit" is marked "yes" for a sale in 2012, an > > indication > > > > Hacking Group may have bundled some sort of attack code that > > remotely > > > > hijacked targets' computers or phones. Previously, the FBI has > > been > > > > known to have wielded a Firefox exploit to decloak child > > pornography > > > > suspects using Tor. > > > > > > > > Security researchers have also scoured leaked Hacking Team > > source code > > > > for suspicious behavior. Among the findings, the embedding of > > references > > > > to child porn in code related to the Galileo. > > > > === > > > > > > > > Thanks, > > > > > > > > Douglas > > > > > > > > > > -- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>
