How does the Remote Control System sold by Hacking Team work?

The leaked information reveals how the RCS, also called ‘Da Vinci’ and ‘Galileo’ worked, as it contains manuals, pro formas and details of the updates, in addition to prices and details of the necessary equipment to work.

The RCS does not discriminate what data is relevant or not, or which users violate laws in which countries;  those who contract its services must do this. In fact, Hacking Team prepares manuals for different user profiles from its platform: analysts, managers, technicians and operators. This user network is defined by the client, in charge of setting targets that will investigate.

The interception chain begins with the RCS operators. They define the profile of the person whose data will be intercepted; This profile includes his computers, mobile phones and networking.

Once the target has been defined, these operators are responsible for requesting the preparation of an `infection agent´ to a master server. This server must also generate the ‘vector of infection’, ie, the way in which the ìnfection agent´ will intercept devices that will be the target of an attack.

A infection vector can transmit the respective agent to a computer in different ways; in this way, its behavior is very similar to a computer virus. The main ways of infection occur through contact of a computer with a storage device or the opening of attachments in e-mails.

Hacking Team also uses a third method: network injectors. They are physical devices across multiple ISPs, that are responsible for intercepting web traffic to video sites, and replace that traffic with infection codes.