Unveiled network of surveillance based on RCS of Hacking Team

“On the issue of repressive regimes, Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the EU, the US, NATO, and similar international organizations or any “repressive regime.”

The list of countries includes Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, and Uzbekistan. In many places, human life has no value and where regimes persecute any opponents.

“First, with respect to human rights, we have encountered a number of cases where bait content and other material are suggestive of targeting for political advantage, rather than legitimate law enforcement operations. Moreover, in an earlier post in this series, we identified the targeting of a US-based news organization. In other cases, however, the material did appear to be indicative of possible criminal investigations. Similarly, we have also found Hacking Team endpoints in regimes with both high and very low rankings in governance, rule of law, and freedom of expression.” states the post.

Hacking Team designed a powerful surveillance malware known as Remote Code System (RCS) that is officially sold to Governments and law enforcement agencies.

Hacking Team company sustains that its RCS malware is “untraceable”, it is the ideal choice for government and intelligence entities. They say that it can scale up to monitor “hundreds of thousands of targets” and is capable of being deployed to Apple, Android, Symbian, and Blackberry mobile devices.

The researchers Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John Scott-Railton published a very interesting post to provide evidence for the presence of RCS spyware in the above countries, Citizen Lab mapped the network of proxy servers used by the software produced by the Hacking Team. Believe me, it is an impressive effort spent by the researchers, that motivated by their passion produced so interesting results.

RCS spyware was used also to target journalists, researchers at Citizen Lab revealed in fact, that the Ethiopian Government used it to spy on Ethiopian journalists in the United States and Europe.

The activist at the Electronic Frontier Foundation (EFF) and an expert in surveillance technology, Eva Galperin commented the Ethiopian case with the following statement:

“If the Ethiopian government is not a Hacking Team customer, then I would sure like to know how their tools wound up being used to spy on Ethiopian journalists.”

The Hacking Team refuses any accusation and remarks its legal conduct that is also monitored by a panel of technical experts

We have established an outside panel of technical experts and legal advisors, unique in our industry, that reviews potential sales. This panel reports directly to the board of directors regarding proposed sales.

The researchers at Citizen Lab remarked that they have found “Hacking Team endpoints in regimes with both high and very low rankings in governance, rule of law, and freedom of expression“.

“It is equally reasonable, however, to conclude that some uses are abusive, partisan, or unaccountable. Our findings of the global proliferation of Hacking Team belies their claims of high-quality due diligence. While they claim to rely on an outside panel for guidance on potential sales, little information is available about its members, processes, or the grounds under which a sale might be rejected.”

In the following table, the list of endpoints traced.

Endpoint IP	Country	First Seen	Last Seen
109.235.193.83	Azerbaijan	6/2/2013	11/26/2013
190.242.96.49	Colombia	10/21/2013	1/7/2014
41.33.151.150	Egypt	3/10/2013	10/29/2013
216.118.232.xxx	Ethiopia	11/18/2013	2/3/2014
81.183.229.xxx	Hungary	6/16/2012	Active
2.228.65.226	Italy	10/26/2012	Active
82.104.200.51	Italy	9/17/2012	12/2/2013
88.33.54.xxx	Italy	6/4/2012	Active
95.228.202.xxx	Italy	9/18/2012	Active
95.228.202.xxx	Italy	9/17/2012	Active
95.228.202.xxx	Italy	9/18/2012	Active
95.228.202.xxx	Italy	9/18/2012	Active
95.228.202.xxx	Italy	9/17/2012	Active
95.228.202.xxx	Italy	9/15/2012	Active
89.218.88.xxx	Kazakhstan	8/21/2013	Active
211.51.14.129	Korea	8/26/2012	1/7/2014
203.217.178.xxx	Malaysia	5/28/2012	Active
189.177.47.xxx	Mexico	1/30/2014	Active
189.177.65.13	Mexico	11/13/2013	12/10/2013
189.177.74.147	Mexico	11/1/2013	11/1/2013
201.157.43.60	Mexico	10/13/2013	1/7/2014
200.67.230.2	Mexico	5/25/2012	Active
41.248.248.xxx	Morocco	6/3/2012	Active
41.248.248.xxx	Morocco	7/25/2012	Active
41.248.248.xxx	Morocco	6/12/2012	Active
41.248.248.xxx	Morocco	5/27/2012	Active
81.192.5.xxx	Morocco	7/25/2012	Active
62.251.188.xxx	Morocco	5/31/2012	Active
197.210.255.178	Nigeria	9/15/2013	10/21/2013
95.49.xxx.xxx	Poland	8/10/2012	Active
37.242.13.10	Saudi Arabia	1/7/2014	1/7/2014
62.149.88.20	Saudi Arabia	6/5/2012	7/2/2013
41.78.109.91	Sudan	12/14/2012	1/12/2014
203.149.47.xxx	Thailand	10/4/2013	Active
95.9.71.180	Turkey	11/13/2013	11/19/2013
81.95.226.134	Uzbekistan	8/7/2013	9/2/2013
81.95.224.10	Uzbekistan	1/22/2013	1/26/2013
217.29.123.184	Uzbekistan	7/21/2013	9/16/2013

We cannot ignore that the market of spyware is very flourishing, and there are many companies that produce malware similar to RCS of the Hacking Team. I want to close this post with the same phrase used by researchers, which summarizes all my concerns

“In conclusion, the combination of global proliferation, as well as dubious promises about “stealth” feature points to the dangers-to-many stakeholders of an unregulated marketplace defined by lack of transparency and accountability.”

 

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Hacking Team, Surveillance)

[adrotate banner=”5″]

[adrotate banner=”13″]