Hacking Team Manuals: Sobering Reminder That Privacy is Elusive 37
Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)
So, we can turn it around? (Score:2)
Let's use them to evade the spies, and spy back on them.
Re: (Score:1)
When "how we snoop on you" stuff comes to light take it as advisement but don't trust it
Kinda like those anarchist cookbooks that include instructions that, if followed, lead to said anarchist blowing themselves up
Re:So, we can turn it around? (Score:4, Interesting)
You know, that is not the worst idea...better though, make it backfire.
So a stealthy network of proxies? So that means J Random Hacker is indistinguishable from Agent Bob?
Use this against Mayors, DAs, Governors, State legislators, State Reps, Police chiefs.... and release not a drop of the information found, instead....just make sure you eventually get discovered and the full extent of it gets exposed.
Then without a leaking group taking responsibility, blame will be tossed around, and nobody using such tools or even suspected of using them will be able to fully shake the blame.
Re: (Score:1)
...make it backfire.
That's the idea. When ol' boy punches up the video, expecting to see the secret terrorist operation, instead gets a video of him engaging in some, uh... "rough sex" with the maid.
Hey, mister, you got any pictures of your wife naked?
No!
Wanna buy some?
Re: (Score:2)
That's not so much what I was thinking.
My thought was more like the Merkle incident. A friend of mine, with much snark, pointed out that it was funny how some of the very same people who defended mass surveillance suddenly changed their tune when it was someone with a name, a "real person"
The american people are not a "real person". The public is just an abstract collection. Merkle is a real person....so make sure it happens to lots and lots of people who they see as "real people". Make them all outraged.
Re: (Score:2)
Yes release not a drop because you want them to suspect intelligence services. The point is not to release all their info, which would have other benefits but, to make them outraged to make them question the intentions of those who would violate them.
The point is to make it about the act of spying not about the results of spying. You don't want the fallout from the scandal to overshadow the scandal.
Marketing material (Score:2)
Sounds like fluffery. "We can do anything; we're the best!"
Re: (Score:3)
You've probably seen these guys before without realizing it. They also manufacture Hollywood OS [tvtropes.org] and keyboards without space bars [tvtropes.org].
Re: (Score:1)
Re:Marketing material (Score:4, Insightful)
I'm no expert but this will fall into the wrong hands at some point, (if it hasn't already)
didn't you RTFS? It's already in the hands of law enforcement agencies.
Re: (Score:2)
Re: Marketing material (Score:1)
Most honest least used function in the 'system' (Score:2)
PDF page 10 or manual page viii.
Top of the page.
AUDIT
Console section that reports all user and system actions. Used to monitor abuse of RCS.
Even the manual assumes the system will be abused. Any doublespeak marketer would have changed the work 'abuse' to 'use' .
Obviously they are already marketing the system to be abused be governments/law enforcers.
Yeah, but... (Score:2)
Yeah, but... (Score:2)
...does it run in Linux?
Yes, but they request that you install Wine first.
Re: (Score:2)
i looked really hard for a matrix of all their promised features showing which ones worked on which systems. What we saw with finfisher was that non-jailbroken could not be directly penetrated. they could do roundabout means like compromising third-party apps or infecting the computers you use if you connect the phone to a computer (there's no need to do that anymore btw).
on the other hand if you're jailbroken then they basically own you (note the ios7/ios8 jealbreaks were released by a mysterious chinese h
Re: (Score:2)
High Detail (Score:1)
Re: (Score:2)
Nifty Overview (Score:5, Interesting)
Re: (Score:3)
You have obviously R'd TFS, TFA, and TFM. /.?
What are you doing on
You are too perfect an imposter. No spelling or grammar errors either. Probably some AI.
Should I refer to you as Wintermute?
EU privacy laws (Score:1)
Desktop agents (Score:2)
Selection: OS X or Windows. Yay!
OS Missing (Score:3)
I didn't see Ubuntu or *nix flavors listed in their target operating systems. All the more reason to support open source.
Re: (Score:2)
All that this lack indicates is that Linux has too small a market share among probable targets to be worth setting up a cookie-cutter process to hack it. Neither Al Quaida (sp? and whose?) nor the German Chancellor's office are likely to have dedicated SAs determined to keep out others by security through obscurity, regardless of it preventing easy usability of popular software that their principals demand.
Use any distribution out of the box, without doing something that makes things interesting (like Sun