Eyes on you: Experts reveal police hacking methods

2 reports about the Hacking Team expose a global network of malicious software implants.

By: AP | London | Updated: June 24, 2014 9:55 pm


Law enforcement agencies across the globe are taking a page out of the cybercriminal handbook, using targets’ own phones and computers to spy on them with methods traditionally associated with the world’s most malicious hackers, two computer security groups said, on Tuesday.

Drawing on a cache of leaked documents and months of forensic work, two reports about the private Italian firm Hacking Team expose a global network of malicious software implants operated by police and spy agencies in dozens of countries. They also suggest that the lines between high-tech police work and malicious hacking are blurring.

“In the past, the distinction was pretty easy: If it’s malware, there’s someone bad behind it,” said Costin Raiu, a senior security researcher at Russian anti-virus firm Kaspersky. “The notion of good guys and bad guys is becoming diluted.”

The reports by Kaspersky and the Toronto-based Citizen Lab help complete the picture of state-sanctioned surveillance sketched by Edward Snowden’s sensational revelations about the National Security Agency and its international allies.

While many of Snowden’s revelations dealt with the mass monitoring of communication as it flows across the globe, Hacking Team brags about more aggressive forms of monitoring that let authorities turn people’s phones and laptops into eavesdropping tools.

Hacking Team, based in Milan, did not return several messages seeking comment.

On its website, the company takes pains to present itself as one of the good guys. In a moody promotional video with a gravelly voice-over, it boasts of being able to steal text messages, eavesdrop on Skype calls and take control of hundreds of thousands of targeted devices at a time.

Hacking Team’s customer policy says it sells only to governments, which it screens for human rights concerns. A company-established panel of technical experts and legal advisers checks out every potential client, Hacking Team says, and while it realizes that its software can be abused, “we take a number of precautions to limit the potential for that abuse.”

Those precautions haven’t prevented copies of Hacking Team’s malicious software from being used to target more than 30 activists and journalists, according to a tally maintained by Citizen Lab, a research group based at the University of Toronto’s Munk School of Global Affairs.

Citizen Lab’s report provided an unusual level of insight into how the malware operates, showing how devices can be compromised through booby-trapped emails or infected USB sticks, or even pushed onto handsets by a pliant telephone company.

Screenshots released by Citizen Lab appear to show a control panel complete with on-off switches for recording text messages, calls, keystrokes and visited websites. Other options open to Hacking Team’s customers include the ability to force infected phones to take regular pictures or video and to monitor the position of an infected handset via Google Maps, effectively turning a target’s phone into both a hidden camera and a tracking device.

Hacking Team built its programs for stealth. The spy software implanted on iPhones is calibrated to avoid draining the phone’s battery, both Citizen Lab and Kaspersky said. On …continued »

First Published on: June 24, 2014 9:52 pmSingle Page Format
Do you like this story