Leaked Demo Video Shows How Government Spyware Infects a Computer

An anonymous reader quotes a report from Motherboard: Motherboard has obtained a never-before-seen 10-minute video showing a live demo for a spyware solution made by a little known Italian surveillance contractor called RCS Lab. Unlike Hacking Team, RCS Lab has been able to fly under the radar for years, and very little is known about its products, or its customers. The video shows an RCS Lab employee performing a live demo of the company's spyware to an unidentified man, including a tutorial on how to use the spyware's control software to perform a man-in-the-middle attack and infect a target computer who wanted to visit a specific website. RCS Lab's spyware, called Mito3, allows agents to easily set up these kind of attacks just by applying a rule in the software settings. An agent can choose whatever site he or she wants to use as a vector, click on a dropdown menu and select "inject HTML" to force the malicious popup to appear, according to the video. Mito3 allows customers to listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard. The company's employee shows how such an attack would work, setting mirc.com (the site of a popular IRC chat client) to be injected with malware (this is shown around 4:45 minutes in). Once the fictitious target navigates to the page, a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware. A direct link to the YouTube video can be found here.

Re: Why are you people so worried about this?

Sir, your stupidity is pegged off, scale high.

Re: Why are you people so worried about this?

[mwvdlee]

That's probably because a lot of people say the exact same thing without being sarcastic at all.

Re:Why are you people so worried about this?

[phantomfive]

If it weren't for the abuses we've already seen (look up LOVEINT for just a simple example), if it weren't for secret courts that approve warrants and perform trials with hidden evidence, then maybe you would have a point.

We've already seen too many abuses of these powers.

As usual the attacks should not work

[aepervius]

"a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware."

The problem as usual is that people are not educated in security. Anybody being a minimum of paranoid would refuse to install a plugin like that froma random web page. Heck flash would probably not work from a random web page.

Re:Why are you people so worried about this?

[fgouget]

Unless you're clearly up to no good, you don't have to worry about spyware like this.

You mean up to no good like Angela Merkel, Chirac, Sarkozy and Hollande the last three French presidents, and 35 world leaders?

But of course you don't need to be a celebrity or a politician to be up to no good. You could be trying to help people through a humanitarian organization like the Red Cross, Doctors Without Borders, , or you could just have said something bad about the government of a minor island, etc.

And even if you're not one of the above 'bad people', you could simply be one of the 90% of people who are collateral surveillance victims. So no, you don't need to be up to no good to be under surveillance and that's something to be concerned about.

Re:Why are you people so worried about this?

[cs96and]

"If you have nothing to hide you have nothing to fear". If you had nothing to hide you would be perfectly willing to wander round naked all the time and have no curtains on your windows. You'd be willing to install microphones in all the rooms in your house and let any passer-by listen in. You'd be willing to give me your online banking details. I could go on. Yes I have something to hide. We all do.