Slashdot Mirror
American Targeted By Digital Spy Tool Sold To Foreign Governments
An anonymous reader points out a report in Wired of an American woman at a "renowned academic institution" who received targeted malware from what was most likely a foreign government. "... analysis of [the downloader] showed that it was the same downloader that has been used in the past to install Remote Control System (RCS), a spy tool made by the Italian company Hacking Team and sold to governments." What's significant about this malware is that it is made by an Italian firm who claims they sell it only to government and law enforcement bodies, and it isn't of much use to your standard botnet operator. "The RCS tool, also known as DaVinci, records text and audio conversations from Skype, Yahoo Messenger, Google Talk and MSN Messenger, among other communication applications. It also steals Web browsing history and can turn on a computer’s microphone and webcam to record conversations in a room and take photos. The tool relies on an extensive infrastructure to operate and therefore is not easily copied and passed to non-government actors outside that infrastructure to use for their own personal spy purposes, according to a Hacking Team spokesman." There's no solid proof indicating who is responsible, but the malware email contained a link to a website in Turkey. "Turkey is a member of the North Atlantic Treaty Organization alliance. If authorities there were behind the hack attack, it would mean that a NATO ally had attempted to spy on a U.S. citizen on U.S. soil, presumably without the knowledge or approval of U.S. authorities, and for reasons that don't appear to be related to a criminal or counter-terrorism investigation."
The poor USA is getting spied on. The audacity! A country that's always on its best behavior and has NEVER spied on allies, ever! Besides, are you sure that this isn't rebound spying, where the US lets others spy on US citizens to get information that they wouldn't be allowed to acquire directly themselves?
If we sell all the Americans targeted by spy tools to other governments then that might close the budget gap!
"His name was James Damore."
Hack the Planet!
It's sad that the people who created Stuxnet a few years back probably thought they were doing a noble thing. But the first thing I thought when I read about it was "How long before someone turns this back against us?"
It's like the atomic bomb. Creating it was beneficial in the short term for the U.S. But, in the end, its main result was a nuclear arms race that came all-too-damn-close to causing a nuclear apocalypse (and may yet).
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Thanks, all we really needed to know, I guess.
Let me send you one with a link to a website in Mexico. Sorry, make that Sweden. Germany? Italy? Take your pick.
And there the subject line finds its origin. I love a good tinfoilhat story, but this is not even that. This is pretty much wild guesses.
I'm inclined to believe that Turkey may be responsible here. Remember, these aren't actors capable of writing their own spyware. They simply bought a package from someone else and, presumably, put in their email address where it called for an email address in configuration. Hanlon's razor.
Whoa! Stop the presses!!! You mean to tell me that countries that are nominally allies sometimes carry out covert intelligence operations against each other?
If this comes as a shock to anybody, anywhere, you need to crawl out from under the proverbial rock. It happens all. the. time.
And "a link to a website in Turkey" is hardly proof of anything. At all. And if it came from a GMail account, would there be dark aspersions that Google was behind it all?
So because a difference piece of software has been used in conjunction with RCS in the past, this use of that software must also have something to do with RCS?
If you read the article, the researcher did not download or examine the payload. They used a honeypot to view the downloader, but not the payload. The payload could be anything, but the downloader was used by a known software vendor.
The truth shall set you free!
Came here wondering how an American woman got sold to a foreign government. Great job as always, editors.
"... STUXNET targets SCADA systems. Unless she running a reactor or dam equipment from her laptop I don't think this has anything to do with STUXNET."
So I am not allowed to run Uranium Enrichment in my garage? Yet more rights taken from my 2nd amendment!
Let me guess, they are against my building of an ICBM in my back yard as well.....
Do not look at laser with remaining good eye.
> It is the job of any national government to protect itself from its citizens
FTFY.
I'm pretty sure the US already does this -- possibly not for reasons other than criminal or counter-terrorism though.
But, really, since we know with Carnivore and pretty much everything else the US spies on NATO allies as well.
Unless we're meant to believe the US only does this on NATO allies with their express approval and oversight. Because, a t a minimum, we know the CIA has kidnapped people in Italy, a NATO member, without telling anybody.
Does anybody really think countries don't actively spy on their allies if they feel the need?
Lost at C:>. Found at C.
The headline parsed as "(American Targeted By Digital Spy Tool) Sold To (Foreign Governments)."
Unity? Screw that: XFCE. Slashdot Beta? Screw that: SoylentNews. Australis? Screw that: Pale Moon. UX developers DIAF
I was with you right up until you said "hacking the brain with radio",
Unless by "radio" you really meant "television", and by "hacking the brain" you really meant "turning it into mush with mindless reality TV shows", in which case you would be totally correct.
Do let me know how you'd like your Darwin Award Nomination Phrased :)
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Re: "these aren't actors capable of writing their own spyware" - Italy has had its SISMI military intelligence agency using the telco 'network' in very creative ways. ....
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal
If that is the quality of the systems created/used/requested over time in the EU, the ability to enter one computer network seems not too hard?
ie if you have a simple domestic surveillance program covering 1000's of people, whats one US network in 2013 with that skill/support set?
You also had http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004–2005
~ 100's Greek government and top-ranking civil servants
Any state friendly with the NSA (the USA used Turkey eg Karamursel as the UK GCHQ used Cyprus) - generations going back to Adana flights, U2 from Turkey, generations of sigint collection. That help will not be forgotten by the USA when requesting access to top level US software/hardware telco vendors and cleared any export issues.
As for "without the knowledge or approval of U.S. authorities" - the NSA would have understood this event, how much they felt/had to tell other "U.S. authorities" about ongoing foreign operations is ???
The CIA had Operation CHAOS http://en.wikipedia.org/wiki/Operation_CHAOS to spy on people protesting the Vietnam War/Cuba/antiwar issues, perhaps groups in the US gov are just helping EU/friendly govs do the same with people of interest around the world as they protest?
Domestic spying is now "Benign Information Gathering"
it would mean that a NATO ally had attempted to spy on a U.S. citizen on U.S. soil, presumably without the knowledge or approval of U.S. authorities
Why in the world would anyone think this?
A woman at an academic institution in the US is getting spied on. This is an important distinction sadly ignored by the attention grabbing headline; not everything every person does in a country should count as a direct proxy for that country. If it did, the act of spying would be a logical contradiction.
Americans should not be sold to foreign govt, irrespective of whether these Americans are targeted by Digital Spy Tools or not. It's like throwing the baby out with the bathwater or something.
Because of the nature of this spyware (targeting social contacts and trying to snoop in on private life) it sounds more like a a colleague asked their buddies (or stole) a copy to spy on her because they lack any interpersonal skills. After RTFAing though it seems like it was a completely unprofessional job or just someone phising at random who's got worse spelling than I. Also the article neglects to mention her area of research. It could be something completely unimportant to "spies".
It could have also been part of a program run by a US agent to spread fear and spook people to spying from foreigners, hence the deliberate exposure and sloppiness.
Sounds a bit like getting worried about kids peaking into each others windows. Nothing to see here... slap their asses and move along. Not even news.
There is not enough information to make this any more noteworthy than just normal malware looking for personal information or financial information.
I believe no one in Stuxnet's dev team feel they were doing a good thing, they were smart people and smart people doing smart things for the warmongers always feel guilt and shame, even if only a little. Only very stupid or malicious people feel war efforts are noble.
Actually stuxnet targets the PCs that run the engineering software for SCADA systems (like mine). It then alters the SPS' program, if it is a of a special configuration. The next regularly scheduled download into the SPS will then ensure then the altered program gets executed. This worked quite well, since you don't see what you are compiling and downloading, but I am currently working on a feature that would have made that more obvious... maybe... if you can see the three little changes under the thousands others.
But I think GP's post was not about stuxnet but about cyber "weapons" in general and in that case I totally agree with him.
-- William Gibson, "Burning Chrome"
Welcome to the Panopticon. Used to be a prison, now it's your home.
You do realize that the US's allies spy on the US as well. It's not a new phenomenon either. It's been going on for a very long time. I hate to break it to you but the US didn't invent all of this evil shit.
Are agnostics skeptical of unicorns too?
Goddamn Obama.
...because hackers have better tools they get for free from the Interwebs. Of course, if it does turn out to be hackers, this Italian firm could always stick a EULA on it and have the BSA enforce. Hackers aren't afraid of the government, but BSA lawyers scare everyone.
How hard would it have been to reword the title to the equally concise, yet unambiguous, "Digital Spy Tool Sold To Foreign Governments Used to Target American"?
"Politicians and diapers must be changed often, and for the same reason."
That was just the payload, that with the appropiate sources could vary. Bricking your laptop could be the less harmful thing it could do, you will still be free and have money in the bank to buy another.
((Digital Spy) Tool) Sold To (Foreign Governments Used to (Target American))? Foreign governments accustomed to a Target American were sold a digital spy named Tool?
from what i recall stuxnet also shared a lots of code in common with another pernicious computer virus conficker that has infected computer all over the world
---Saying gnome 3 is better than windows 8 not so much a compliment as it is damning with light praise.
... Is how much was the american that was first spied upon sold for and to what foreign government? Is the spied americans a market worth getting into?
Curiously yours, crip.
Damn, reading the title of the submission I thought for sure I'd be reading another lurid tale of John McAfee being singled out for persecution by TPTB. What a disappointment!
That makes zero sense.
Just because China or Russia would do it too (given the chance) doesn't make it right. The US needs to stop interfering with the rest of the world's affairs. The US especially needs to tell Israel to go get stuffed. They have been wasting money (and making enemies) for over 60 years, protecting a bunch of people who most definitely don't need (or deserve) protecting. The Jews need to either make peace with their neighbors, or go find someplace else to hide, preferably somewhere that isn't someone else's ancient holy land.
I can't imagine what those people were thinking when they set up Israel where they did, were they TRYING to piss off the Arabs?. It would be like a bunch of Gaelic Pagans suddenly deciding that the Vatican City now belongs to the Irish, and staging a permanent hostile takeover (backed up by the most powerful military in the world).
http://i306.photobucket.com/albums/nn250/paawkx/cat_confus.jpg
"Politicians and diapers must be changed often, and for the same reason."
Just pointing out (pedantically) that your "unambiguous" version of the sentence is not perfectly unambiguous: there are multiple different grammatically correct ways to interpret the phrase.
For example, "used to" might be taken in the sense of "a spoon is used to eat soup," or as in "he is used to being correct"; in the latter case, "Target" might be an adjective modifying "American," rather than the verb form "to Target". It might be the "Foreign Governments" that are "used to target American," rather than the "Digital Spy Tool," etc. etc.
Language is a tricky thing --- and most human languages are not especially well structured to produce purely unambiguous statements. A large amount of context (that you naturally and easily fill in) is necessary; one of the big problems that makes "natural language" computer control or automated translation extremely difficult.