Hacking Team Manuals: Sobering Reminder That Privacy is Elusive

Advocatus Diaboli writes with a selection from The Intercept describing instructions for commercial spyware sold by Italian security firm Hacking Team. The manuals describe Hacking Team's software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team's manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software. (Here are the manuals themselves.)

So, we can turn it around?

[fustakrakich]

Let's use them to evade the spies, and spy back on them.

Re:So, we can turn it around?

[TheCarp]

You know, that is not the worst idea...better though, make it backfire.

So a stealthy network of proxies? So that means J Random Hacker is indistinguishable from Agent Bob?

Use this against Mayors, DAs, Governors, State legislators, State Reps, Police chiefs.... and release not a drop of the information found, instead....just make sure you eventually get discovered and the full extent of it gets exposed.

Then without a leaking group taking responsibility, blame will be tossed around, and nobody using such tools or even suspected of using them will be able to fully shake the blame.

Re:Marketing material

[Minwee]

You've probably seen these guys before without realizing it. They also manufacture Hollywood OS and keyboards without space bars.

Most honest least used function in the 'system'

[tommyatomic]

PDF page 10 or manual page viii.

Top of the page.

AUDIT
Console section that reports all user and system actions. Used to monitor abuse of RCS.

Even the manual assumes the system will be abused. Any doublespeak marketer would have changed the work 'abuse' to 'use' .
Obviously they are already marketing the system to be abused be governments/law enforcers.

Re:Marketing material

[drinkypoo]

I'm no expert but this will fall into the wrong hands at some point, (if it hasn't already)

didn't you RTFS? It's already in the hands of law enforcement agencies.

Re:Marketing material

[dablow]

I think what it will take for governments to take privacy seriously is for a bunch of political leaders all around the world to be brought down via hacking/spying/big brother and letting the public know about their skeletons. But alas even that will not be sufficient IMHO, the genie has been let out of the bottle, there is no way to put it back. Privacy is dead, it has been since about the year 2000. Once the technology is invented, it is impossible to uninvent unfortunately.

Nifty Overview

[VorpalRodent]

Questions about government overreach and whatnot aside, the analyst's manual is quite a nice read on how mundane intelligence analysis can be. They've apparently got a very nice application for establishing persons of interest and automatically creating a directed graph of who knows whom based on address books / calendars, but the rest is still human analysis. I particularly liked the pictures which clearly showed location information as being "somewhere in this two block radius".

Re:Nifty Overview

[B5_geek]

You have obviously R'd TFS, TFA, and TFM.
What are you doing on /.?
You are too perfect an imposter. No spelling or grammar errors either. Probably some AI.

Should I refer to you as Wintermute?

OS Missing

[HangingChad]

I didn't see Ubuntu or *nix flavors listed in their target operating systems. All the more reason to support open source.