The FBI, Drug Enforcement Administration and U.S. Army have all bought controversial software that allows users to take remote control of suspects’ computers, recording their calls, emails, keystrokes and even activating their cameras, according to internal documents hacked from the software’s Italian manufacturer.
The company, Hacking Team, has also been aggressively marketing the software to other U.S. law enforcement and intelligence agencies, demonstrating their products to district attorneys in New York, San Bernardino, California, and Maricopa, Arizona; and multi-agency task forces like the Metropolitan Bureau of Investigation in Florida and California’s Regional Enforcement Allied Computer Team. (We do not use this product nor are we currently considering a proposal from the vendor/manufacturer to purchase it,” Jerry Cobb, a spokesperson for the Maricopa County Attorney’s Office said.)
The company was also in conversation with various other agencies, including the CIA, the Pentagon’s Criminal Investigative Service, the New York Police Department, and Immigrations and Customs Enforcement.
The revelations come from hundreds of gigabytes of company information, including emails and financial records, which were released online Sunday night and analyzed by The Intercept. Milan-based Hacking Team is one of a handful of companies that sell off-the-shelf spyware for hundreds of thousands of euros — a price point accessible to smaller countries and large police forces. Hacking Team has drawn fire from human rights and privacy activists who contend that the company’s aggressive malware, known as Remote Control System, or RCS, is being sold to countries that deploy it against activists, political opponents and journalists.
Even in the U.S., where the software would presumably be used only with a judge’s approval, the tactic is still controversial. Just last month, Sen. Chuck Grassley, R-Iowa, wrote to the director of the FBI asking for “more specific information about the FBI’s current use of spyware,” in order for the Senate Judiciary Committee to evaluate “serious privacy concerns.”
The leaked emails show that the FBI has been using Hacking Team’s software since 2011, apparently for the secretive Remote Operations Unit. It’s long been reported that the FBI has deployed malware in investigations, but details on the agency’s efforts are thin, with the tactic only surfacing rarely in court cases — such as one instance last year when the FBI spoofed an Associated Press article to get a target to click on a link. The FBI reportedly develops its own malware and also buys pre-packaged products, but the relationship with Hacking Team has not been previously confirmed.
Hacking Team’s spokesperson, Eric Rabe, said in a statement that “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”
The director of the Metropolitan Bureau of Investigation in Florida told The Intercept that it “does not have plans to purchase any product from Hacking Team.” The Manhattan District Attorney’s office said, “It would be an overstatement to say that our office is planning to purchase this type of software. This company is one of several in the industry whom we’ve requested meetings with in order to keep pace with rapid technological advancements in the private sector.”
The CIA declined to comment, and ICE said it “does not discuss law enforcement tools and techniques.” (The Intercept will update this story if other agencies named in the documents respond to requests for comment.)
The leaked emails show that U.S. agencies worried about the legality and perception of Hacking Team’s tools.
Hacking Team refers to its U.S. clients by code names. The FBI unit is “Phoebe” (initially “f-client,” but one employee complained “it sounds like an antivirus),” the DEA is “Katie,” and the CIA, which appears to have sampled, but not bought Remote Control System, is “Marianne.”
In 2011, a representative of the DEA’s Office of Investigative Technology told Hacking Team that its budget request for Remote Control System had been denied because it was considered “too controversial,” according to an email. “We are working on the foreign angle,” the DEA said, according to Hacking Team’s U.S. account manager.
“I imagine Katie [DEA] is referring to the fact that they as the DEA could buy RCS for other countries (Colombia) where it’s less problematic to use it,” an employee replied in Italian.
The purchase did go through in 2012, and it appears to have been used mainly in conjunction with Colombian law enforcement. As one email explained, “Katie will be administrator of the system, while the locals will be collecting the data. They are saying if this works out, they will bring it to other countries around the world. Already they are speaking of El Salvador and Chile.”
Robotec, a company that manages Hacking Team’s sales to several Latin American countries, also mentions clients in Colombia using DEA funding.
Local police in the U.S. also had their worries. Florida law enforcement told Hacking Team this year that the software could create legal problems without the ability to have “‘minimization’ of the calls and messages — (ie. deleting portions which are not relevant to the search.)”
In 2013, San Bernardino’s district attorney wanted to go to a judge to obtain a warrant targeting a “known bad guy” even for a trial run of the software. “If the systems [sic] proves itself in this live trial, and the judge is convinced of both its value and proper protection of privacy, they would then move into the purchase phase,” one of Hacking Team’s U.S. business partners, from the security giant SS8, explained.
“One of the concerns of this segment is that the HT product is ‘too powerful,’” Fred D’Alessio, who sits on the board of SS8 and is identified on LinkedIn as a senior advisor to Hacking Team, wrote about local agencies. “They have also said, their biggest challenge is ‘getting the lawyers and the District Attorneys to agree on what they can do legally.”
Christopher Lee, a spokesperson for the San Bernardino County district attorney’s office wrote in an email to The Intercept that the office had “never purchased the Cicom software described in the article. Nor have we ever had a relationship with the company listed in the documents or any other company providing these services.”
Hacking Team’s FBI contacts worried that the spread of Hacking Team software around the country could cause word to get out (as has happened with technology like Stingrays, the devices that police use to track cell phone location.) “If San Bernardino gets exposed, they might also expose Phoebe,” Hacking Team’s U.S. point man, Alex Velasco, wrote in September 2013.
The FBI’s use of Hacking Team’s software also informs the public debate about the growing use of encryption to protect Internet communications. FBI and other top U.S. law enforcement officials have been calling for a law that would provide for a “backdoor” into commercial encryption technologies — something privacy advocates and many cybersecurity researchers see as a undermining Internet security.
Hacking Team claims that its software offers a way around encryption, obviating the need for a backdoor. Vincenzetti regularly sends out articles about the encryption debate to his email list with a plug for Remote Control System. Last February, he wrote that law enforcement and security agencies could use “technologies to ACCESS THE DATA they need IN CLEARTEXT, BEFORE it gets encrypted by the device and sent to the network and AFTER it is received from the network and decrypted by the device itself. Actually THIS IS precisely WHAT WE DO.”
The Buyers
The push into the local district attorney market, for which the company considered San Bernardino a pilot, appears to have been facilitated by SS8, a massive California-based security company that markets to law enforcement agencies in the United States and abroad. (Rabe denied that SS8 is working with Hacking Team, despite emails between the companies.) The local market could be lucrative: a budget for the district attorney in New York that Hacking Team proposed in April totaled $760,000 in upfront license fees, and another $382,000 in services and maintenance.
“As with so many other surveillance technologies that were originally created for the military and intelligence community, they eventually trickle down to local law enforcement who start using them without seeking the approval of legislators — and, in many cases, keeping the courts in the dark too,” said Christopher Soghoian, principal technologist of the American Civil Liberties Union.
The DEA, FBI and Army bought Hacking Team’s software through a company called Cicom, which for several years served as a middleman for Hacking Team’s U.S. business. The DEA and Army contracts to buy Remote Control System through Cicom were first revealed by the advocacy group Privacy International this spring. Reporters noted that Cicom shared the same corporate address in the United States as Hacking Team, but when asked about the connection by Ars Technica, Hacking Team’s U.S. spokesperson Eric Rabe said, “I cannot confirm any relationship between the company Cicom and Hacking Team.”
Alex Velasco, Cicom’s general manager, has in fact been a consultant under contract to represent Hacking Team to clients in North America since 2012, company emails show. The relationship ended in March, after Hacking Team accused Velasco of scheming to market competing products, according to an internal investigation commissioned by Hacking Team. Velasco declined to comment to The Intercept on the allegations, because he is in legal proceedings with Hacking Team.
Hacking Team was also in talks in 2014 with the FBI’s National Domestic Communications Assistance Center, a secretive unit formed in 2012 and focused on interception technologies. Velasco claims in an email that the group came to them after Citizen Lab, a research group at the University of Toronto focused on Internet technology and human rights, published a highly critical report on Hacking Team’s global sales. “If anything good came out of the Citizen lab articles is that it brought them to contact us to see if it was true,” he wrote. “Thank you Citizen Lab!!”
It’s not clear from Hacking Team emails what Army component bought an RCS system in 2011, but it was based at Fort Meade and apparently sat unused for years. According to a 2013 email from Velasco, “they purchased a system right before they got their budget cut…They were never given permission to pull an internet line to their office to install the system. (ridiculous but true!)”
Hacking Team was in the midst of negotiations for a new FBI contract from Cicom after Velasco’s firing, but the agency decided to go with another vendor due to budget timing issues, according to an email from Phillipe Vinci, Hacking Team’s vice president for business development. Besides, the product was “seen as a ‘nice to have’ by FBI,” but “they confessed they were using it for low level types of investigations. For critical operations, they were using another platform,” wrote Vinci. He said the FBI wanted more ability to go after users of Tor, the anonymizing web browser; those users accounted for 60 percent of its targets.
But Hacking Team appeared determined to continue its conquest of the U.S. market.
“There will be a process to have ‘HT Usa Inc.’ accredited,” wrote operations manager Daniele Milan. He pledged to stay in touch with the FBI, marketing new features, and identifying problems “to resolve for them (in exchange for $$$).”
While Hacking Team’s emails reveal the company to be stringent about selling only to governments, the company officials appear to worry less about how its technology is used once it gets to those customers. Responding to concerns raised by the district attorney of New York in 2013, Hacking Team’s chief operating officer Giancarlo Russo wrote that “all the consideration regarding the ‘legal framework’ cannot be addressed by us.”
Instead, he was more concerned about local customers’ ability to use the product effectively. “If you buy a Ferrari… they can teach you how to drive. They cannot grant you will be the winner of the race,” he wrote to his colleagues in English. “If Beretta sell you a gun, the most peculiar and sophisticated one, they can teach how to use it. They can not grant you are going to shoot your target properly on the field.”
–– Sheelagh McNeill contributed research to this report.
* This article has been updated with statements from companies and offices mentioned in the documents.
Photo: Louis Lanzano/AP
Gang Stalking ( sponsored by the fbi)
http://www.gangstalkingwiki.com/
Excerpt: “Every article about gang stalking on Wikipedia has been deleted. Wikipedia has a problem with telling the truth when it’s embarrassing….”
About me:
http://www.gangstalkingwiki.com/GeraldSosbee.htm
“One of the concerns of this segment is that the HT product is ‘too powerful,’” Fred D’Alessio,
This is complete bull. The exploits they use are almost 100% opensource and available for anyone from MetaSploit. I say almost because there appears to be 1 instance of a purchased 0day for Flash.
What HT did was take what security researchers do daily (find vulnerabilities and create proof of concepts) and release to the world. Put a nice little GUI in front of it and went LOOK WHAT I MADE! Agencies and governments either said lets see whats there or went meh its cheaper than hiring 4 or 5 guys for now… when we need more we will hire them.
Think I am wrong? take a look at fuzzer-windows/ie_sandbox/grayhat/backdoor.py (not sure if posting links is ok, but its this file on the github of the source [mods if you want please edit to add]) from the very top of it “# This library is from Chapter 3 and contains all the necessary defines for process creation that we need” or #/* win32_reverse – EXITFUNC=thread LHOST=192.168.244.1 LPORT=4444 Size=287 Encoder=None http://metasploit.com */
These were not genius hackers, reading the bash histories many had issues with basic shell commands and had absolutely no idea of security… They would use upload directories and rather than getting the ownerships correctly they would just change permissions to 777 (basically the #1 thing every sysadmin is told to never do on linux as it will get your server hacked extremely quickly) after struggling trying to get it to work.
You can also take a look at their rcs backend scripts that are riddled with SQL injection vulnerabilities.
If anyone is stupid enough to still be running one of the collection / db servers, every piece of information they have ever collected on a target is available to anyone that finds the server.
I could go on, but I think you should get the idea by now… Marketing great, actual code is either taken from elsewhere or equivalent to being done by an amateur.
Think about the failure of all the governments – Cyber-crime.. WE must be in constant – immediate – instantaneous contact ( don’t go to the bathroom). STUPIDITY – of insecure computer systems – never turned off even for one second – afraid to miss anything…..spy on everyone. Work something we can’t wait to get away from Vacation – and then can’t wait to get back to…DON’T MISS ANYTHING……..C.I.A………N.S.A……..F.B.I…..pick the letters that go next….
CIA can give “specialized equipment” to other agencies
https://www.muckrock.com/news/archives/2015/jun/23/cia-can-give-specialized-equipment-other-agencies-/
EXTRACT: New Central Intelligence Agency documents shed light on the agency’s authority to partner with domestic law enforcement agencies. These procedures appear to give the green light for such programs as the development of aerial cell phone trackers in collaboration with the US Marshals. Such “specialized equipment” appears to include cell site simulators and other technologies that help law enforcement to track or locate mobile devices. The CIA did not return a request for confirmation as to whether the agency relies on these provisions for its collaboration with the US Marshals.
ACLU new questions about cia spying here at home
https://www.aclu.org/blog/speak-freely/new-docs-raise-questions-about-cia-spying-here-home
EXTRACT: The current debate about government surveillance has largely overlooked the CIA, possibly because we know little about the agency’s activities within the United States. While the relevant legal authorities governing the CIA, including Executive Order 12333, set out the CIA’s mandate, they do so in broad terms. Beyond the generalities in EO 12333 and other laws, the public has had few opportunities to examine the rules governing the CIA’s activities.
The Most Important Surveillance Order We Know Almost Nothing About.
But we know more today than we did a few weeks ago. In response to a Freedom of Information Act lawsuit filed by the ACLU and Yale Law School’s Media Freedom and Information Access Clinic, the CIA has released a slew of documents concerning CIA surveillance under EO 12333. (The Justice Department has also recently released a set of documents related to the executive order.)
The national debate in the 1970s about the proper limits of U.S. government spying on its own citizens was, to a large extent, about the CIA. In the wake of the Watergate scandal and news stories about other illegal CIA activity, President Gerald Ford and Congress launched investigations into the full range of CIA misdeeds — from domestic spying programs and infiltration of leftist organizations to experimentation on non-consenting human subjects and attempts to assassinate foreign leaders.
Although the CIA’s legal authority to spy on Americans was very narrow, these investigative committees — chaired by Sen. Frank Church, Vice President Nelson Rockefeller, and Rep. Otis Pike — discovered that the CIA had engaged in a massive domestic spying project, “Operation CHAOS,” which targeted anti-war activists and political dissenters. The committee reports also revealed that, for more than 20 years, the CIA had indiscriminately intercepted and opened hundreds of thousands of Americans’ letters. In addition to documenting the intelligence agencies’ extensive violations of the law, the Church Committee concluded that the constitutional system of checks and balances “has not adequately controlled intelligence activities.”
The Church Committee’s conclusion — at core, an admonition — still resonates today. While the documents that the CIA has released are heavily redacted, raising more questions than they answer, they strongly suggest that the agency’s domestic activities are extensive.
Some highlights from the documents:
A key CIA regulation — titled “AR 2-2″ — governs the conduct of the CIA’s activities, which include domestic intelligence collection.
AR 2-2, which has never been publicly released before, includes rules governing a wide range of activities, including surveillance of U.S. persons, human experimentation, contracts with academic institutions, relations with journalists and staff of U.S. news media, and relations with clergy and missionaries.
Several annexes to AR 2-2 contain the agency’s EO 12333 implementing procedures. For example, Annex A, “Guidance for CIA Activities Outside the United States,” sets forth the procedures that apply to CIA activity directed toward U.S. citizens and permanent residents who are abroad. Much of the relevant information is redacted. Annex F, “Procedures Governing Conduct and Coordination by CIA and DEA of Narcotics Activities Abroad,” is similarly redacted in key sections, including the section discussing the agencies’ “Specific Agreement Concerning Electronic Surveillance.”
The documents indicate that the CIA engages in a wide array of domestic activity, often in conjunction with the FBI.
Domestically, the CIA’s spying is governed by Annex B to AR 2-2, “Guidance for CIA Activities Within the United States.” This document explains:
Highlight portion: II. (U) RESPONSIBILITIES. CIA is responsible within the United States for (A) U. Collecting, producing, and disseminating foreign intelligence and counterintelligence, including counterintelligence and significant foreign intelligence n
Although EO 12333, AR 2-2, and Annex B prohibit the agency from engaging in electronic surveillance within the United States, the CIA can nevertheless ask the FBI to do its bidding:
HIGHLIGHTED PORTION: Request that the FBI or any other authorized intelligence agency undertake electronic surveillance in the United States
Annex B and the CIA-FBI memorandum of understanding comport with past reporting that the Foreign Intelligence Surveillance Court authorized the FBI to work with the CIA to collect Americans’ financial records in bulk under Patriot Act Section 215.
In addition, Annex B explains that the CIA may “use a monitoring device within the United States under circumstances in which a warrant would not be required for law enforcement purposes if the CIA General Counsel concurs.”
But what qualifies as a “monitoring device”? And how exactly does monitoring differ from “electronic surveillance,” which the CIA is prohibited from doing domestically? We don’t know. In the newly released documents, the definition of “monitoring” (as distinct from “electronic surveillance”) is redacted.?
Does the NSA (Nancy?) still get to say with a straight face “they’re” not collecting everything if others everywhere collect it all for them?
Who thinks subways Jared was their first victim?
“The FBI is Responsible for More Terrorism Plots In the United States Than Any Other Organization. More Than Al Qaeda, More Than Al Shabaab, More Than the Islamic State, More Than All Of Them Combined”
http://www.ted.com/talks/trevor_aaronson_how_this_fbi_strategy_is_actually_creating_us_based_terrorists
Why are you spreading such wild rumours? Phoebe is more benevolent than that. They are saving us from lots of terrorists who are continuously planning different methods to harm us. Phoebe needs to try out the efficacy of different plans and then devise methods to counter them effectively. That is the reason why you see what you see, but then you don’t have to alarm everyone else because of this.
General Hercules, I have a bridge for sale in my backyard at a one time low bargain price. Would you be interested in purchasing it?
I would most like it if all the exploits used by this company’s software were publicized – so the software manufacturers could (and would be forced to) patch them.
They already are… almost all of them were taken from the internet. None of the exploits used were written by them in house and from what I saw just a few of the flash ones were not known (they purchased them from elsewhere).
Anyone calling those who cry for encryption crazy is in on this BS protection racket. Those aren’t coppers with the Stingrays, Valentines, that’s ORGANIZED crime. Talk about your hole in the wall gang!! What can’t they blow through? They circumvent encryption with in and out screwballs so fast you can’t tell you’ve been fucked? How could any ice hole pass up a chance to pull a Cosby with someone else’s money and daughter? MOTHER!
These sound like the guys who squished David Cameron’s email contents out of a criminal suspect’s BlackBerry while it was in UK police custody summer of 2011. GCHQ told NSA that THEY managed to crack the BlackBerry’s compression technology shortly there after, but we know who did it, now, Mother. Fuck you GCHQ. Subbing out your work and taking credit for it, too! You can’t do what these hacks do, it’s ILLEGAL, too. Not that you’ve not grown accustom to the practice.
BIG NEWS!!! Law enforcement agency buys crime-fighting tools!!!
So what? The only possible issue here is obtaining a warrant before the use of these tools, and the fact that other shady characters are also buying these tools.
So let’s report on actual facts and actual issues, and cut the yellow journalism, please.
these tools do not only enable snooping , they can be used to upload anything onto a computer,
no judge would be able to find out whether evidence was planted or not -easy defence: not my files :
suicide for law enforcement
Suicide for law enforcement. Indeed. :-) Slow in coming but playing out in the courts every day. I print off the fun ones (decisions) and keep them on the guest room bedside table. They are lying to your elected representatives about why they are purchasing this equipment what it can do and how they’re using them. Acquiring them with homeland security grants can encourage those with the purse strings to turn a blind eye to protecting your civil liberties. But the icing on the cake is that they have been systematically lying in court again again and again and the judiciary is wising up. John Roberts has appointed all the FISC judges. If the Supreme Court ever decides to hear a case reconciling the recent Second Circuit Decision finding the dragnet illegal and the recent FISC decision to continue it (no the freedumb act doesn’t trump the constitution or the bill of rights) would Chief Justice Roberts have to recuse himself since he appointed every single one of them? I mean thats got to be a conflict of interest right?
Seen Elsewhere…
HOW TO FRAME EVERY GUY ON THE PLANET
http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/
“Security researchers have also scoured leaked Hacking Team source code for suspicious behavior. Among the findings, the embedding of references to CHILD PORN IN CODE related to the Galileo.”
https://cdn.arstechnica.net/wp-content/uploads/2015/07/hacking-team-code.png
Reply
Ok I am going to be that guy that explains something and afterwards you will slowly drop the pitch fork, please remember… don’t kill the messenger (I had mine up originally as well).
What this very small piece of a much larger file (seen here: https://github.com/hackedteam/rcs-common/blob/38290d4eab2b2c295bea021429848a3666647827/lib/rcs-common/evidence/file.rb ) is actually the opposite of what you are expecting (it threw me off at first due to assuming like many others than evidence is something you would want to catch them with). Here the evidence is something they already have and you want.
I will try to not bore you with the tech details more than needed however some is (line numbers refer to the above link)
This code is not ran ON the targets machine but on the machine that holds the database (where everything collected is stored). There is a sub routine that is expecting a few arguments one of those being “path” line 17. If you look at line 7 you see that the module is called FileopenEvidence and on line 14 its expecting another argument called process. What the module (FileopenEvidence) is getting is a report every time a file is opened in a program. This could be a Word Document (path) opened in MS Word (process) or a bomb blueprint (path) opened in Adobe Acrobat (process).
Now on line 17 (the path argument) where you see the “childporn paths” you see:
path = hash[:path] || [“C:\\Utenti\\pippo\\pedoporno.mpg”, “C:\\Utenti\\pluto\\Documenti\\childporn.avi”, “C:\\secrets\\bomb_blueprints.pdf”].sample
Lets break this down. A variable (path) is expecting to get set to a string so it says “path =”. The hash[:path] that comes next is a variable that is a hash (basically a dictionary) that is set on line 12 (when you this section of code to run you supplied a hash to it). In this hash called hash it is looking for the value of a key called “path”. As a dictionary, a hash has keys, each key is supplied a value. So “path = hash[:path]” is expecting a string to be passed to it. What comes next “||” is an or statement. So if there was no string returned it would go to the part after the or statement.
To recap, the variable path is expecting a string from the hash to be returned. If a remote computer was connecting it should always pass this on so everything after the or (||) statement would never be looked at. Now I would consider the next part a bad practice as I believe it was put in for testing which I believe should always mimic real data and that it should never receive nothing (you should have checked prior to this to see if you were missing data and made a log of an error). That being said, they did not do this.
So after the or statement you have what is known as an anonymous array, an array is just a series of the same objects, in this case there are 3 objects and they are all strings they are separated by the commas. [“C:\\Utenti\\pippo\\pedoporno.mpg”, “C:\\Utenti\\pluto\\Documenti\\childporn.avi”, “C:\\secrets\\bomb_blueprints.pdf”]
Then after this you see a .sample – This just means that it is returning a sample (only 1) of the strings in the array at random.
Basically you have the programmer (most likely for testing purposes) saying if I get from where I am expecting it, give me something but I do not always want the exact same something I want a little variety, so give me one of these 3.
They then create an IO (input/output, think of it like a file that lives only in memory, not saved anywhere).
After all of this they take the information do some packing (this makes the information and program more efficient, nothing special to go into) along with the data/time and some other information. They then undo the packing and turn it back into a string which is then passed back to the original part of the program that calls it.
This in fact never even sees the file that was opened (although presumably later it will) and without me having gone through all of their code yet I would guess that it would be because they do not want to store EVERY file opened, but maybe be able to store only specific ones that were pre-defined. They however want to log every time a file was opened and by which program.
If I lost anyone let me know and I will try to explain further… and if I see a reason to pick up the pitch forks I will be sure to let you know!
From the “move along, nothing to see here” school of misdirection are we? You are painfully ignorant as to what constitutes yellow journalism.
BIG NEWS!!! Law enforcement agency buys crime-fighting tools!!!
Tools that allow law enforcement to plant “evidence” on a suspect’s computer might make it more difficult to obtain convictions once the illicit power is universally understood. Why would you trust the police with such a tool in a country where a black man is murdered by “rough ride” for looking at a cop? And then the police go on a work slow down because this homicide results in criminal charges.
So, I’m thinking that WholeTomato and VMware, among other companies, need to sue HT for their software piracy. I mean, seriously.
The risk with buying hacking software is that you could be the one being hacked. Potentially, Hacking Team now controls the computers at the FBI, CIA, DEA and US Army. They could increase their revenue by selling that access to third parties. So perhaps the agencies are paying to be pwned.
Not long ago, as I was walking down a dark alley around midnight, a voice from the shadows said, “Would you like Katie or Marianne?” It’s only after reading this article that I realize I misunderstood.
They like software from Italy? Benito, you are so charming :-D
Marianne? That was Hoover’s drag name. Coincidence?
>”… I realize I misunderstood.”
Maybe not. Either way, “Wrap it before you tap it” (h/t Mabel&Myrtle) is good advice.
Hey, look, it’s the company I pointed a finger directly at several times to no avail. *cough*.
A lot of times hacked versions of commercial software is available on file sharing networks. A hacked version of Hacker Teams product could be floating around out there for anyone who wants it. Basically, it could be anyone.
It puts the latest OPM/Sony hacking scandals in some perspective.
If you want to try RCS but cannot afford try THIS out.
Thanks for that link.
from their flurry of claims:
“We are obsessed with getting Kali on as many interesting ARM devices possible, with an ever growing list of devices. \
“Or[sic] motto in the world of ARM is [bolded] “Kali all the Things”
Everybody using Microsoft Windows should immediately switch to Linux. It’s pretty easy to learn and maintain, and it’s free. There is a vast community of very helpful users who would guide you through any problem that you may face.
Then there is Tails. If properly downloaded and verified, it can be a nightmare for any Phoebe or Katie to hack you.
In this day and age anyone using Microsoft products deserves to be hacked.
Doesnt XKeyscore run in Linux? Thanks for the link to Offensive Linux I’ll bite and report back unless you already have? What we all really want are the technical users manuals for these devices and ALL their compatible peripherals. Would Harris corporation decline to sell their drtbox to an entity (say the aclu) that successfully publicly crowdfunded the cash to purchase a stingray or drtbox because they might dishonor their disclosure agreement. How about to a startup domestic intelligence operation with the right credentials. If its legit I’m in for 10k. No lie. We need the _______ technical manuals and the _______ list of compatible software packages and peripherals.
The authors of XKS probably chose Linux because of the power it provides to the user. The same power to avoid virus attacks is available to any other user of Linux if he does not purposely download programs from bugged sources. The way Linux works, virus cannot be just added unless the user shows indiscretion.
You mean freelance terrorist catcher?
If the DEA windbreaker fits.
OT This shows that you can’t just blame the government or corporations for prison conditions. The American people themselves are twisted when it comes to punishing the guilty. It also explains the “I don’t have anything to worry about” attitude in regard to surveillance.
http://goo.gl/cQVCv6
Hey larry,
True. You can’t just blame the USG or Hacking Team. But the “people” aren’t purchasing deploying and operating this equipment. The “people” aren’t overcharging all the real or trumped up cases depending on this technology to scare 95% of them into copping a plea before they ever even see the evidence.
The Stanford study is about an inside the walls institutional closed circuit panopticon. In this case (the ubiquious use of such equipment in constitutional democracies) contrary to your second premise the general population who you claim to be “twisted when it comes to punishing the guilty” hardly see themselves as direct participants let alone the implementers a program targeting the innocent for the pre crime violation of rights.
It surely does not explain the “i don’t have anything to worry about attitude regarding surveillance”
Surveilling harrassing and punishing the squeaky clean without charging trying and convicting them OF SOMETHING is an entirely different scenario. Im not willing to concede Americans are all snitches just being good germans just yet. Even less so with each passing disclosure.
The american people are not the prison guards in the stanford study. They didnt purchase Hacking Team technology and deploy it against american political activists. They aren’t in any way approving the perpetual surveillance of innocent americans. In this case how could they? They (the people) didnt have definitive proof the CIA NSA DEA etc. were clearly using these technologies against innocen americans until today any more than SOME americans knew their country was REALLY torturing people until the SSIC dropped the torture report on them.
Plenty to worry about but as of today one more “tangible thing” to fight against.
The Federal douchebags and military relying on a company such as Hacking team makes me laugh. Another reason among many of why America is screwed.
quote”Another reason among many of why America is screwed.”unquote
America? These fuckers don’t give a fuck about just America. They want to own the planet.
David W. Robinson ?@jdormansteele 2h2 hours ago
David W. Robinson retweeted Anis
We all know about dirty street-cops planting drugs. Now it’s dirty cyber-cops planting pedo-porn. #FBI #HackerTeam
Hacking team hacked !
http://www.bbc.co.uk/news/technology-33409594
What a shame.
Great news. I was hoping for something like that, and there it is.
1 interesting that italy produces such it may go in concert with their international court decisions and the papel bloodlines. The strongest of all royalties out of europe that are so present today in usa.
2 Another peace of conformation to let me know how i got targeted, thank you it helps me against cyclothemia and ptns but not reasonably paranoia.
I suppose it’s somehow sexist I’m male and want to call “Phoebe, Katie and Marianne” all sorts of shamefully nasty names…
Screenshots Hacking Team promotion video from 2011:
“The war of the future will not be played on the field. Terrorists organize themselves throught the cyberspace. Entire states can fail if their communication system are violated. In such szenario the principal weapon is intelligence. Defence against such attack is crucial but offensive capabilities are required too. Information gathering is the key to succeed. Enter Remote Control System. A stealt system for attacking, infecting and monitoring computers and smartphones. Full intelligence on targeted users even for encrypted communications (Skype,PGP,Secure Web Mail,etc.)”
https://machtelite.wordpress.com/2015/07/06/hacking-team-the-war-of-the-future-promotion-video-2011/
When you think Hacking Team think about the Feds dropping yet another Harris corporation Stingray suit. Think of US Marshalls swooping in to federalize state investigations. They don’t want any of this to get to discovery in open court. Come to think of it neither would Fin Fisher or the host of other purveyors and users of all this type of hardware https://search.wikileaks.org/?q=spy+files parts 1 2 and 3 (or DEA SOD or DOJ FBI or NSA TAO? This is SIGNIFICANT.
http://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/
When you think Hacking Team think about the Feds Dropping Yet Another Harris Corporation Stingray Suit. Think of US Marshalls swooping in to federalize state investigations invoking national security. They don’t want any of this to get to discovery in open court. Come to think of it neither would Fin Fisher or the host of other purveyors of all this type of hardware https://search.wikileaks.org/?q=spy+files as well as the DEA SOD DOJ FBI NSA TAO. This is significant in many ways but I guess we’re restricted on the number of links here (?) so heres one (1).
http://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/
When you think Hacking Team think about US Feds dropping every challenged Harris corporation Stingray suit. Think of US Marshalls swooping in to federalize state Harris Stingray investigations. They don’t want any of this to get to discovery in open court. Come to think of it neither do Fin Fisher or the host of other purveyors of all this type of hardware https://search.wikileaks.org/?q=spy+files or the DEA SOD or DOJ FBI or NSA TAO. This is a significant event.
http://slashdot.org/?fhfilter=hacking+team
https://search.wikileaks.org/?q=hacking+team
http://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/
http://arstechnica.com/security/2015/07/hacking-team-gets-hacked-invoices-show-spyware-sold-to-repressive-govts/
https://www.techdirt.com/articles/20150705/21205731557/hacking-team-hacked-documents-show-company-sold-exploits-spyware-to-un-blacklisted-governments.shtml
http://www.reuters.com/article/2015/07/06/cybersecurity-hacking-team-idUSL8N0ZM1A920150706
http://motherboard.vice.com/read/hacker-claims-responsibility-for-the-hit-on-hacking-team
http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html
https://securelist.com/?s=hacking+team
http://www.fiercehomelandsecurity.com/search/site/hacking%20team
http://www.dailydot.com/politics/hacking-team-hacked/
http://www.securityweek.com/surveillance-software-firm-hacking-team-suffers-data-breach
http://thehackernews.com/2015/07/Italian-hacking-team-software.html
On Todays Show We’re Highlighting “Message Latency” :-)
After Today’s Show, a special blurb: ‘how [multiple] links and timing can provide important intel on who is who on the interwebs’?
That ship has sailed for me. I don’t think they have anywhere near as free a hand create adverse outcomes for sting subjects (those with legal and technical resources) today. They can of course still target and entrap the poor, disenfranchised or mentally ill ad nauseum but at this point not me or mine all the smoke and mirrors crap notwithstanding.
What I don’t get is why given everything we’ve learned anyone thinks their hiding their actual identities from real threats using one time email accounts and discussion board pseudonyms.
Comment wasn’t really for you — more a warning to those who might be tempted to just click their way down through all those links.
Does the Hacking Team software have the capability to add/modify/delete files on the targeted machine? If Congress ever starts asking questions about law enforcement’s use of this technology, I think that is a valid question to ask.
Yes.
Anyone else having trouble posting to this story specifically? I expect the suppression of this story (domestically at least) will be right up there with JTRIG!
Yes.
http://slashdot.org/?fhfilter=hacking+team
https://search.wikileaks.org/?q=hacking+team
http://www.wired.com/2015/07/hacking-team-breach-shows-global-spying-firm-run-amok/
http://arstechnica.com/security/2015/07/hacking-team-gets-hacked-invoices-show-spyware-sold-to-repressive-govts/
https://www.techdirt.com/articles/20150705/21205731557/hacking-team-hacked-documents-show-company-sold-exploits-spyware-to-un-blacklisted-governments.shtml
http://www.reuters.com/article/2015/07/06/cybersecurity-hacking-team-idUSL8N0ZM1A920150706
http://motherboard.vice.com/read/hacker-claims-responsibility-for-the-hit-on-hacking-team
http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html
https://securelist.com/?s=hacking+team
http://www.fiercehomelandsecurity.com/search/site/hacking%20team
http://www.dailydot.com/politics/hacking-team-hacked/
http://www.securityweek.com/surveillance-software-firm-hacking-team-suffers-data-breach
http://thehackernews.com/2015/07/Italian-hacking-team-software.html
Um, aren’t you answering your own questions?
This is a fantastic article and posting, as so many others have been at The Intercept, but the fundamental question is:
Why in perdition are the CIA, DIA and FBI still in business today?
All one need really do is read the after-action congressional reports on the intelligence community and the FBI to realize that after 9/11, the CIA, DIA and FBI should have all been immediately shut down, with everyone at the CIA and DIA purged, or out of a job, and almost everyone at the FBI likewise (about five field agents, Coleen Rowley, Harry Samit, Kenneth Williams and several others were pristine).
And then the senior management at those three agencies should have either faced jail time or execution for either aiding and abetting and colluding with the terrorists, or else for extraordinary criminal dereliction of duty!
Referenced:
The Intelligence Community’s Knowledge of the September 11 Hijackers Prior to Sept. 11, 2001 [dated 2002, House Permanent Select Committee on Intelligence]
A Review of the FBI’s Handling of Intelligence Information Related to the September 11 Attacks [dated 2004, DOJ/IG]
Would also recommend perusing the Senate’s summary on the CIA torture report.
Agree, entirely.
I read President Kennedy had it in for the CIA. Um……
If one is targeted by this sort of tech, is there any way around it? If, say, one types on what I believe they call an “air gap” computer — one not connected to the Internet — and then use a USB to cut and paste the email into an email box on the targeted machine, the lack of keystrokes protects, yes?
USBs are like unprotected sex. As soon as they are plugged into a machine they can be infected and you’ll never know.
Right you are nuf said. Just like the Equation Group malware that resides on the firmware of almost every hard drive manufactured worldwide. If the drives are owned at the root no matter how many times you wipe the drive and reinstall you, re owned from the first reboot.
There’s no way to be sure your USB stick is clean? No place to procure clean ones?
If I were tasked with system penetration I would first go after the manufacturer of USB sticks, just as the NSA has done with SIM card manufacturers. If the malware is imbedded at the source you have guaranteed access. There is no need for a virgin USB stick to encounter an infected machine.
BTW, the USB firmware issue affects all USB devices, not just memory sticks.
. . . I would first go after the manufacturer of USB sticks. . .
Yup, nuf said it all. Whether firmware or hardware, at the source or root, one owns it all.
So, at the hardware level:
https://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
Say, if that Boeing 777 or Airbus happens to have 1,000 Microsemi FPGAs onboard, which they do, BTW (not to mention ARINC systems, etc.) or if that Amtrak train is running with chips fabbed at the same facility (as they are), or if the late Michael Hastings Mercedes Mbrace system also had chips from the same facility (which, unfortunately for him, it did), then one can well imagine the outcome!
The USB stick may be clean, but when it’s plugged it into an infected machine it can be accessed by the spyware like any other device on the machine. “Keyloggers” can also capture files, screenshots and clipboard (cut/paste/copy) contents (see the “Monitoring” table here).
Hard drives (10 major manufacturers)? No clean ones. Sim cards (primarily Gemalto)? No clean ones. USBs compromises beyond BADusb…?
I’m guessing the same is PROBABLY true for USBs as it is for HARD DRIVES and SIM DISKS. Since the cost threshhold for universally compromising usb sticks would have a much lower bar than compromising the universe of hard drive and sim card manufacturers. With peripherals there would undoubtedly be MORE manufacturers since the technical acumen required to crack those markets (low tech peripherals) is LOWER.
So to answer you real question – I don’t know. Is there a USB manufacturer untouched by this madness? I’ll find a list and make some calls. I have to put the goat herd in corral number two again and rotate the rabbits anyhow. We use USBs (every manufacturer) for regular family file backups of medical records, sensitive legal documents, accounting records. proprietary data, sensitive deliberative documents, photos, biometric, fitbit and pge smart meter data ETC. All of this is been stolen from everyone we know as we’re speaking a multipicity of times but to to quote our friend Jacob “Fuck the FBI”
It’s possible to protect/vaccinate a USB stick: https://superuser.com/questions/418438/protecting-usb-flash-drive-against-viruses
But this is not, I’m sure, weapons-grade.
-Mona-, I cannot say what I’d really like to say to you here; the trolls would feed.
When you’re of a certain amount of interest it’s best sometimes to just acknowledge you’re a target (I don’t mean a “TI”), that chances are they’re in your machine (and your life), and chances are you’re probably watched — at times, heavily and at other times, intermittently like a kitten with one ear perked at any sound of interest.
Then, with great caution and a certain amount of bravery, just go about your life, while somehow avoiding passing on the poison. This is almost certainly harder than it sounds, and most people cannot do it — or realise when they’ve f*cked up. Generally it just winds up being a clusterf*ck, resembling somewhat a map of a pandemic (or for the asocial, an outbreak map with occasional flares).
USB is a minor consideration, but if you’ve ever let a machine out of your eyesight in a public place for even a minute, or at home when you went out to run errands, you’re probably far more at risk. But different peoples’ situations vary wildly and considerably — your threat model, Glenn’s threat model, the threat models of other people in this comment section, your neighbours’ threat models, the threat model of a dissident in Egypt, a leaker from Australia, or an urchin in Calcutta — are all considerably different.
Yes, I deliberately really only discussed hardware insertion, because you were specifically asking about airgapped machines. It’s far more likely for someone to be exploited (and never know it) — and for people to drag things that are infectious from one place to the other when they’re ‘airgapped’ — it’s just not the only way that is currently being done.
EVERYBODY HAS A DIFFERENT ROOM 101 (threat model) “….your threat model, Glenn’s threat model, the threat models of other people in this comment section, your neighbours’ threat models, the threat model of a dissident in Egypt, a leaker from Australia, or an urchin in Calcutta — are all considerably different”
The malacious firmware in USB’s is written in Chinese pictorial language since they are all made in China. One has to be fluent in Cantonese Chinese to be able to exploit USB’s firmware.
The chinese are fluent in Cantonese. Quite a few of them in science and engineering looking to land their first wife and buy their first home. You know just like everyone else is was.
Perhaps using a CD-R would serve the purpose. From a practical standpoint, though, I can’t see the pigs having the resources to corrupt each and every USB drive on the planet. If you suspect you are being targeted, go to a big box store somewhere inconvenient, buy a bunch of USB sticks, then format them before using. Chances are good you will be able to evade them.
Another point, Mona, is that if they have compromised the targeted machine, they will get the e-mail either by intercepting it or by using malware on the targeted machine to forward it. Keystrokes or not. On the other hand, if the file is encrypted before being loaded on the compromised computer, they will have to crack the code to read it, and if your encryption software is good, it will make that very difficult.
Absolutely not. Keystrokes have no special significance. You are reading a file into an email application, and that process is just as open to thievery as typing. Any sensible spyware will make damn sure that it can get access to file copying operations. Otherwise, it might miss things like file attachments to email. The main point of this spyware is that it gets access to all that you are doing, not just at the network traffic.
Now, there could be one case where you are safe. Suppose on your unconnected computer, you make a message and strong encrypt it, put it on you USB stick, and then go to your connected computer and attach it to your email. They can take the file, probably at multiple places in the process, but how can they read it, if you have done you encryption properly? But then you have to worry about the USB stick getting infected, but surely you can use a stick once without a problem if it is clean when you buy it. I really doubt that this Italian company has managed to infect USB sticks at the point of manufacture.
I think that’s covered in the article:
The message can’t be received by an air-gapped computer. So, how can it be decrypted on a machine that’s known to be uninfected?
Barncat,
What you quoted refers to refers to accessing the data on the machine connected to the internet, but before it is encrypted and sent over the net. I am referring to something else, encrypting the data on a machine that is not connected to the internet, and then transporting it to the machine on the network by means other than the net, for example, a USB stick. They cannot corrupt or steal data from a machine that has no connection to the net (and is initially clean and so cannot corrupt the USB stick)), and they have no way of corrupting a USB stick if it has never been connected to an infected machine on the net (if it was initially clean when manufactured).
No, read the bolded text again. It refers to accessing the data on the recipient’s machine after it has been received over the net and decrypted. I’m agreeing that your method (encrypting the data on the air-gapped machine) works all the way up to the point of decryption. That’s where the problem is. The data cannot be received over the net by an air-gapped machine, obviously. So, if our premise is that it’s being received by an infected machine, how can it be transferred to one that we know to be uninfected, for safe decryption?
(I guess I misunderstood you when you wrote “They can take the file, probably at multiple places in the process….” I interpreted “the process” as including everything up to receipt of the message and decryption. Mona was talking about an “email”.)
@barncat (jesus why are there so many ‘cats’ and ‘kittens’ and ‘felines’ and stuff on here? Makes me want to change this name to ‘deputy dawg’ or something just to buck it all):
Best case scenario is spanking new laptop bought in cash running an up-to-date lean distro livebooted cleanly off a CD (not CDRW) (you can buy these in some reputable computer stores (don’t order one); you don’t have to get them online). Knoppix isn’t very lean but it generally has everything one could want on a liveboot. You’ll also want truecrypt.
You can only go one way in this scenario: from a ‘clean’ airgapped (totally remove the wifi/ethernet/bt hardware before first boot upon getting home) machine, (you should do all this stuff FIRST on the machine itself, including the drive on the machine, from the get-go, especially if it’s not disk-based (5400/7200rpm etc) drive — incidentally — sorry, this is getting very messy to write) to another machine.
ON the ‘clean’ machine: boot live, full-disk (no partitions!) cat /dev/urandom >> /dev/sdb (or whatever) of the brand new anonymously bought usb or sdcard, followed by a full disk (no partitions!) encryption with truecrypt of the removable drive (let it use the random data to fill the space; yes, you’re filling it with random data twice, this second time after being formatted — and obliterating the partition table on purpose). Stay in the live boot and open the volume. Use the command line to mv the files to the encrypted drive, then close the volume. Remove the drive from the USB port.
On the ‘dirtier’ machine: Pull the network cards from the machine (wifi, ethernet, bt) temporarily (or better yet, permanently, and use an external device — and only plug it in when you’re using it, remove it when done, on principle). Use a second CD distro to boot from — this should be the leanest distro you can find, if possible, and provide only the minimum of drivers you need (but this is generally difficult to do much about). The exceedingly paranoid might want to try something of a different *nix family (but too complicated to bother getting into, and generally if you’re at that point you’re probably game over anyway). Open with truecrypt on the ‘dirty box’ after a liveboot with 0 connectivity.
NEVER EVER EVER use the drive in the clean machine again.
The thrifty might find ‘lots’ of small drives (hundreds of megs) useful for marketing and the like to be a handy thing to buy — but then you have to worry about how you’re gonna keep them from being infected.
Really it’s a nightmare — and this isn’t even anywhere near as good as what you need to do to have an actual SCIF. ‘They’ have lots of SCIFs. For good reason.
There are two issues here, I think.
1. If you transfer the received encrypted file on a network machine, can you transfer it to an “air gap machine” without infecting that machine?
2. Then there is the issue of the information in the file. Can it be corrupted?
The answer to the first question is of course you can, but you have to set up the USB bus so that it can only be read from custom trusted software. This is something you best do under Linux, not windows.
The answer to the second question is complicated. I think you need two way communication to assure that you are getting the information that you expect, and this is not very convenient with the file transfer method discussed here.
@-Mona-
Use cash to buy cheap USB drives, which would generally be made in China. Install Tails in all them. Rotate them in no particular order. Don’t use the free wifi in McDonnalds or Starbucks, they are usually bugged or, worse, monitored by CCTV.
Yep. Used the same logic jumping Kaspersky after Equation Group. And then the next Kaspersky story came out via Eugene recently (check the intercept version) And don’t the Chinese have two (2) XKeyscore sites? Probably be even easier (not to mention inexpensive) to own foreign manufacturers with little or no Chinese Goverment collusion. What we need are verifible means of independent scanning, testing and analysis (xrays etc) of hardware and peripheral components creating a taxonomy to spot anomalous constructs configs. Be a good subject for several masters degrees easy.
WOW! Well done getting such a comprehensive story out so soon after the leak. ty!
Some PUBLIC hearings about this and the competing products already in use are required.
If legislators (and all the presidential candidates while we’re at it) don’t go on the record about where they stand, there can’t be accountability at the polls.
A vote on legislation after the fact of implementation is already pathetic… but the debate is necessary.
I would also like to hear what Micah and others have to say about preventing access and whatnot… the practical end and consequences.
Well, of course. Because no software is more secure than that from a foreign company named Hacking Team, a company which, according to the story, can’t or won’t keep its own documents from leaking. And of course, is blasé about how the users use this “peculiar and sophisticated” product. Is there any way of telling if its users get a search warrant?
Thank you for getting this story out.
You go, Coram!
Well, I’d better go get a cold drink. My blood is boiling.
RCS anyone?