Previous Story
How does the Remote Control System sold by Hacking Team work?
Posted On 16 Jul 2015
The Italian software security company Hacking Team offered to its customers a tool to reinforce the work of the institutions responsible of enforcing the law. But it was hacked and more than 400 gigabytes of data, including e-mails, invoices, purchase orders and databases were published. It was revealed that 74 governments and government agencies acquired this software.
Servers, data encryption and anonymity networks are used as part of the Remote Control System (RCS). The RCS can turn on the camera and take pictures, turn the microphone on and record audio, take screenshots of WhatsApp chats, access to documents and contacts.
The leaked information reveals how the RCS, also called ‘Da Vinci’ and ‘Galileo’ worked, as it contains manuals, pro formas and details of the updates, in addition to prices and details of the necessary equipment to work.
The RCS does not discriminate what data is relevant or not, or which users violate laws in which countries; those who contract its services must do this. In fact, Hacking Team prepares manuals for different user profiles from its platform: analysts, managers, technicians and operators. This user network is defined by the client, in charge of setting targets that will investigate.
The interception chain begins with the RCS operators. They define the profile of the person whose data will be intercepted; This profile includes his computers, mobile phones and networking.
Once the target has been defined, these operators are responsible for requesting the preparation of an `infection agent´ to a master server. This server must also generate the ‘vector of infection’, ie, the way in which the ìnfection agent´ will intercept devices that will be the target of an attack.
A infection vector can transmit the respective agent to a computer in different ways; in this way, its behavior is very similar to a computer virus. The main ways of infection occur through contact of a computer with a storage device or the opening of attachments in e-mails.
Hacking Team also uses a third method: network injectors. They are physical devices across multiple ISPs, that are responsible for intercepting web traffic to video sites, and replace that traffic with infection codes.
The master server also stores everything Hacking Team calls ‘evidence’: Voice recordings made from an infected phone, recorded conversations via Skype, chats and messages from social networks, emails, website history, keys used in Internet browsers, etc.
Source:
http://www.elcomercio.com/