Thank you Ron. Looks like a pretty thorough and important research.
On Mon, Feb 17, 2014 at 7:39 AM, Ronald Deibert <[email protected]> wrote: > Dear LibTech > > On behalf of the Citizen Lab I am pleased to announce the second in a series > of posts about Hacking Team, > authored by Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John > Scott-Railton. The summary > is pasted below. > > Here is the link to the full report: > > https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/ > > Cheers > Ron > > > > Mapping Hacking Team's "Untraceable" Spyware > > February 17, 2014 > > Categories: Reports and Briefings, Research News > > Authors: Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John > Scott-Railton. > > This post is the second in a series of posts that focus on the global > proliferation and use of Hacking Team's RCS spyware, which is sold > exclusively to governments. > > Summary > > Remote Control System (RCS) is sophisticated computer spyware marketed and > sold exclusively to governments by Milan-based Hacking Team.1 Hacking Team > was first thrust into the public spotlight in 2012 when RCS was used against > award-winning Moroccan media outlet Mamfakinch,2 and United Arab Emirates > (UAE) human rights activist Ahmed Mansoor.3 Most recently, Citizen Lab > research found that RCS was used to target Ethiopian journalists in the > Washington DC area.4 > > In this post, we map out covert networks of "proxy servers" used to launder > data that RCS exfiltrates from infected computers, through third countries, > to an "endpoint," which we believe represents the spyware's government > operator; this process is designed to obscure the identity of the government > conducting the spying. For example, data destined for an endpoint in Mexico > appears to be routed through four different proxies, each in a different > country. This so-called "collection infrastructure" appears to be provided > by one or more commercial vendors -- perhaps including Hacking Team itself. > > Hacking Team advertises that their RCS spyware is "untraceable" to a > specific government operator. However, we claim to identify a number of > current or former government users of the spyware by pinpointing endpoints, > and studying instances of RCS that we have observed. We suspect that > agencies of these 21 governments are current or former users of RCS: > Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, > Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, > Sudan, Thailand, Turkey, UAE, and Uzbekistan. Nine of these countries > receive the lowest ranking, "authoritarian," in The Economist's 2012 > Democracy Index.5 Additionally, two current users (Egypt and Turkey) have > brutally repressed recent protest movements. > > We also study how governments infect a target with the RCS spyware. We find > that this is often through the use of "exploits" -- code that takes advantage > of bugs in popular software. Exploits help to minimize user interaction and > awareness when implanting RCS on a target device. We show evidence that a > single commercial vendor may have supplied Hacking Team customers with > exploits for at least the past two years, and consider this vendor's > relationship with French exploit provider VUPEN. > > > Ronald Deibert > Director, the Citizen Lab > and the Canada Centre for Global Security Studies > Munk School of Global Affairs > University of Toronto > (416) 946-8916 > PGP: http://deibert.citizenlab.org/pubkey.txt > http://deibert.citizenlab.org/ > twitter.com/citizenlab > [email protected] > > > > > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > [email protected]. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
