Hacking Team Manuals: Sobering Reminder That Privacy is Elusive

← Back to Stories (view on slashdot.org)

Hacking Team Manuals: Sobering Reminder That Privacy is Elusive

Posted by timothy on Thursday October 30, 2014 @04:13AM from the legitimacy-generally-is-too dept.

Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)

37 comments

Min score:

Reason:

Sort:

So, we can turn it around? by fustakrakich · 2014-10-30 04:22 · Score: 2

Let's use them to evade the spies, and spy back on them.

--
“He’s not deformed, he’s just drunk!”
1. Re:So, we can turn it around? by Anonymous Coward · 2014-10-30 04:29 · Score: 1
  
  When "how we snoop on you" stuff comes to light take it as advisement but don't trust it
  Kinda like those anarchist cookbooks that include instructions that, if followed, lead to said anarchist blowing themselves up
2. Re:So, we can turn it around? by TheCarp · 2014-10-30 04:30 · Score: 3, Interesting
  
  You know, that is not the worst idea...better though, make it backfire.
  So a stealthy network of proxies? So that means J Random Hacker is indistinguishable from Agent Bob?
  Use this against Mayors, DAs, Governors, State legislators, State Reps, Police chiefs.... and release not a drop of the information found, instead....just make sure you eventually get discovered and the full extent of it gets exposed.
  Then without a leaking group taking responsibility, blame will be tossed around, and nobody using such tools or even suspected of using them will be able to fully shake the blame.
  
  --
  "I opened my eyes, and everything went dark again"
3. Re:So, we can turn it around? by fustakrakich · 2014-10-30 05:26 · Score: 1
  
  ...make it backfire.
  That's the idea. When ol' boy punches up the video, expecting to see the secret terrorist operation, instead gets a video of him engaging in some, uh... "rough sex" with the maid.
  Hey, mister, you got any pictures of your wife naked?
  No!
  Wanna buy some?
  
  --
  “He’s not deformed, he’s just drunk!”
4. Re:So, we can turn it around? by TheCarp · 2014-10-30 07:07 · Score: 1
  
  That's not so much what I was thinking.
  My thought was more like the Merkle incident. A friend of mine, with much snark, pointed out that it was funny how some of the very same people who defended mass surveillance suddenly changed their tune when it was someone with a name, a "real person"
  The american people are not a "real person". The public is just an abstract collection. Merkle is a real person....so make sure it happens to lots and lots of people who they see as "real people". Make them all outraged.
  
  --
  "I opened my eyes, and everything went dark again"
5. Re:So, we can turn it around? by Anonymous Coward · 2014-10-30 09:50 · Score: 0
  
  Release not a drop of information? Doesn't quite make sense.
  The thing to do is to randomly select politicians during election time and release obviously stolen in this manner info and then leave the ensuing chaos to itself. Incumbent or challenger, doesn't matter. Do this at all levels of races.
6. Re:So, we can turn it around? by Anonymous Coward · 2014-10-30 23:27 · Score: 0
  
  Its amazing that the Major AV providers have not been 'busted' with representational damage.
  About time the community expose this dirty washing because the good guys are probably NOT the only ones who know the invisibility cloak.
7. Re:So, we can turn it around? by Anonymous Coward · 2014-10-31 10:39 · Score: 0
  
  ...you eventually get discovered and the full extent of it gets exposed.
  Maybe, maybe not. I think we're firmly on a path toward "you eventually get disappeared and nothing gets exposed", though I do think we've got time to turn it around properly.
  - T
8. Re:So, we can turn it around? by TheCarp · 2014-11-04 02:57 · Score: 1
  
  Yes release not a drop because you want them to suspect intelligence services. The point is not to release all their info, which would have other benefits but, to make them outraged to make them question the intentions of those who would violate them.
  The point is to make it about the act of spying not about the results of spying. You don't want the fallout from the scandal to overshadow the scandal.
  
  --
  "I opened my eyes, and everything went dark again"
Marketing material by halivar · 2014-10-30 04:22 · Score: 1

Sounds like fluffery. "We can do anything; we're the best!"
1. Re:Marketing material by Minwee · 2014-10-30 04:38 · Score: 2
  
  You've probably seen these guys before without realizing it. They also manufacture Hollywood OS and keyboards without space bars.
2. Re:Marketing material by Anonymous Coward · 2014-10-30 04:39 · Score: 0
  
  I'm no expert but this will fall into the wrong hands at some point, (if it hasn't already) and be used against governments, politicians, agencies, ect, which could be what these hacking groups are already doing. I'm not even sure why in the hell you would need to have this type of "malware/software" for? Terrorists already are aware their being monitored and have ways to combat it!!
3. Re:Marketing material by drinkypoo · 2014-10-30 05:00 · Score: 3, Insightful
  
  I'm no expert but this will fall into the wrong hands at some point, (if it hasn't already)
  
  didn't you RTFS? It's already in the hands of law enforcement agencies.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:Marketing material by dablow · 2014-10-30 05:02 · Score: 2
  
  I think what it will take for governments to take privacy seriously is for a bunch of political leaders all around the world to be brought down via hacking/spying/big brother and letting the public know about their skeletons. But alas even that will not be sufficient IMHO, the genie has been let out of the bottle, there is no way to put it back. Privacy is dead, it has been since about the year 2000. Once the technology is invented, it is impossible to uninvent unfortunately.
5. Re:Marketing material by q4Fry · 2014-10-30 05:20 · Score: 1
  
  I can't remember the film, but I remember being excited when I saw a HollywoodOS that used KDE.
6. Re: Marketing material by EdwardFurlong · 2014-10-30 08:34 · Score: 1
  
  The problem is when government takes things "seriously" it probably means more laws, more protection for them at the average persons expense.
Most honest least used function in the 'system' by tommyatomic · 2014-10-30 04:45 · Score: 2

PDF page 10 or manual page viii.
Top of the page.
AUDIT
Console section that reports all user and system actions. Used to monitor abuse of RCS.
Even the manual assumes the system will be abused. Any doublespeak marketer would have changed the work 'abuse' to 'use' .
Obviously they are already marketing the system to be abused be governments/law enforcers.
Yeah, but... by K.+S.+Kyosuke · 2014-10-30 04:50 · Score: 1

...does it run in Linux?

--
Ezekiel 23:20
1. Re:Yeah, but... by Noah+Haders · 2014-10-30 16:50 · Score: 1
  
  i looked really hard for a matrix of all their promised features showing which ones worked on which systems. What we saw with finfisher was that non-jailbroken could not be directly penetrated. they could do roundabout means like compromising third-party apps or infecting the computers you use if you connect the phone to a computer (there's no need to do that anymore btw).
  on the other hand if you're jailbroken then they basically own you (note the ios7/ios8 jealbreaks were released by a mysterious chinese hacker group, and the hong kong protesters were hacked on their jailbroken phones). which is why the biggest security risk for iphones is they can be jailbroken. this needs to be fixed ASAP and prevented in future versions.
They cannot by Anonymous Coward · 2014-10-30 05:04 · Score: 0

They cannot activate a camera that isn't there, they cannot record from a microphone that doesn't exist, they cannot record Skype calls that aren't made.
1. Re:They cannot by K.+S.+Kyosuke · 2014-10-30 05:07 · Score: 1
  
  Dat (air)gap!
  
  --
  Ezekiel 23:20
Nifty Overview by VorpalRodent · 2014-10-30 05:38 · Score: 4, Interesting

Questions about government overreach and whatnot aside, the analyst's manual is quite a nice read on how mundane intelligence analysis can be. They've apparently got a very nice application for establishing persons of interest and automatically creating a directed graph of who knows whom based on address books / calendars, but the rest is still human analysis. I particularly liked the pictures which clearly showed location information as being "somewhere in this two block radius".

--
Take it to the limit, everybody to the limit, come on, everybody fhqwhgads.
1. Re:Nifty Overview by B5_geek · 2014-10-30 05:47 · Score: 2
  
  You have obviously R'd TFS, TFA, and TFM.
  What are you doing on /.?
  You are too perfect an imposter. No spelling or grammar errors either. Probably some AI.
  Should I refer to you as Wintermute?
  
  --
  "The price good men pay for indifference to public affairs is to be ruled by evil men." ~Plato (427-347 BC)
2. Re: Nifty Overview by Anonymous Coward · 2014-10-31 04:30 · Score: 0
  
  Search for TiGRNet (or something like that - it's been a decade)
High Detail by Gliscameria · 2014-10-30 05:43 · Score: 1

What?

--
X
Yeah, but... by YahoKa · 2014-10-30 06:44 · Score: 1

...does it run in Linux?
Yes, but they request that you install Wine first.
EU privacy laws by zeroryoko1974 · 2014-10-30 07:38 · Score: 1

Isn't what they are selling against EU privacy laws?
Utter headline fail by Anonymous Coward · 2014-10-30 07:53 · Score: 0

"Hacking" "Team Manuals" - going into the repository and making changes to important documentation to sabotage your team.
"Hacking Team" "Manuals" - who cares about a Hacking Team?
Better headline:
Hacking Team's Manuals Provide Sober Evidence That Privacy Is Elusive
The possessive shows that "Hacking Team" is a name, not a verbal phrase.
Re:High Detail by K.+S.+Kyosuke · 2014-10-30 08:25 · Score: 1

He's trying to confuse the automated agents who're scanning his texts. Or, alternatively, he's trying to shield his brain from the mind-readers in that black van by generating random thoughts.

--
Ezekiel 23:20
GoGo by Anonymous Coward · 2014-10-30 08:40 · Score: 0

Why are these dudes not charged and sent to jail?
Desktop agents by rrohbeck · 2014-10-30 09:16 · Score: 1

Selection: OS X or Windows. Yay!

--
thegodmovie.com - watch it
but that Sharyl Atkinson is totally crazy right? by Anonymous Coward · 2014-10-30 10:00 · Score: 0

I mean a few days ago people on this very site seemed to think that though this software exists apparently nobody uses it and she was crazy to think she was being toyed with electronically?
Wtf? Sub 7 Called by Anonymous Coward · 2014-10-30 10:01 · Score: 0

they want your 1990's functionality back.
OS Missing by HangingChad · 2014-10-30 10:34 · Score: 2

I didn't see Ubuntu or *nix flavors listed in their target operating systems. All the more reason to support open source.

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
1. Re:OS Missing by dwye · 2014-10-30 11:10 · Score: 1
  
  All that this lack indicates is that Linux has too small a market share among probable targets to be worth setting up a cookie-cutter process to hack it. Neither Al Quaida (sp? and whose?) nor the German Chancellor's office are likely to have dedicated SAs determined to keep out others by security through obscurity, regardless of it preventing easy usability of popular software that their principals demand.
  Use any distribution out of the box, without doing something that makes things interesting (like Sun used to have the /bin directory tree in a separate partition which was mounted as read-only) and you are just as vulnerable to script kiddies (even if law enforcement agents) as anyone, although the variability between different distributions might help a bit.
Law enforcement complicity in hacking by Anonymous Coward · 2014-10-30 14:31 · Score: 0

What it means is that law enforcement has full knowledge that back doors and security holes exist in the platforms and yet helps conceal those with inaction. The file grabs are particularly troublesome since they can/are used for corporate espionage. We know countries steal each others business secrets, its a competitive world, and low and behold law enforcement knows all about the tools to do it.
Look at the antivirus results, its pathetic, none of them flag the install of the malware and only 4 prevent upgrading to the full elite install. So much for anti-virus.
Supported platforms appear to be:
Windows
Windows Phone
Android
Linux
iOS
OSX
Which is terrific news if you have an old Symbian phone.