In Part 1, we analyze a newly discovered Android implant that we attribute to Hacking Team and highlight the political subtext of the bait content and attack context.
In Part 2, we expose the functionality and architecture of Hacking Team’s Remote Control System (RCS) and operator tradecraft in never-before published detail.
Introduction
This report analyzes Hacking Team’s Android implant, and uses new documents to illustrate how their Remote Control System (RCS) interception product works. This work builds on our previous research into the technologies and companies behind “lawful interception” malware. This technology is marketed as filling a gap between passive interception (such as network monitoring) and physical searches. In essence, it is malware sold to governments. Unlike phone monitoring and physical searches, however, most countries have few legal guidelines and oversight for the use of this new power. In light of the absence of guidelines and oversight, together with its clandestine nature, this technology is uniquely vulnerable to misuse. By analysing the tools, and their proliferation at the hands of companies like Hacking Team and Gamma Group, we hope to support efforts to ensure that these tools are used in an accountable way, and not to violate basic principles of human rights and rule of law.
In a report published earlier this year, we presented the results of a global scanning effort, and identified 21 countries with deployments of Hacking Team’s Remote Control System monitoring solution. In addition, alongside other researchers, we have uncovered a range of cases where “lawful interception” software has been used against political targets by repressive regimes. Political and civil society targets have included Mamfakinch in Morocco, human rights activist Ahmed Mansoor in the UAE, and ESAT, a US-based news service focusing on Ethiopia. In all of these cases, a tool marketed for “law enforcement” was used against political, rather than security threats. In still other cases, like Malaysia [PDF], we have found bait documents and seeding suggestive of political targeting...
https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/
No comments:
Post a Comment