Hacking Team Manuals: Sobering Reminder That Privacy is Elusive

Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)

Re:So, we can turn it around?

[TheCarp]

You know, that is not the worst idea...better though, make it backfire.

So a stealthy network of proxies? So that means J Random Hacker is indistinguishable from Agent Bob?

Use this against Mayors, DAs, Governors, State legislators, State Reps, Police chiefs.... and release not a drop of the information found, instead....just make sure you eventually get discovered and the full extent of it gets exposed.

Then without a leaking group taking responsibility, blame will be tossed around, and nobody using such tools or even suspected of using them will be able to fully shake the blame.

Nifty Overview

[VorpalRodent]

Questions about government overreach and whatnot aside, the analyst's manual is quite a nice read on how mundane intelligence analysis can be. They've apparently got a very nice application for establishing persons of interest and automatically creating a directed graph of who knows whom based on address books / calendars, but the rest is still human analysis. I particularly liked the pictures which clearly showed location information as being "somewhere in this two block radius".