Secret Manuals Show that Spyware Has Been Sold to Despots and Cops Worldwide
When Apple and Google unveiled new encryption schemes last month, law enforcement officials complained that they wouldn’t be able to unlock evidence on criminals’ digital devices. What they didn’t say is that there are already methods to bypass encryption, thanks to off-the-shelf digital implants readily available to the smallest national agencies and the largest city police forces — easy-to-use software that takes over and monitors digital devices in real time, according to documents obtained by The Intercept.
We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”
The manuals describe Hacking Team’s software for government technicians and analysts, showing how it can activate cameras, exfiltrate emails, record Skype calls, log typing, and collect passwords on targeted devices. They also catalog a range of pre-bottled techniques for infecting those devices using wifi networks, USB sticks, streaming video, and email attachments to deliver viral installers. With a few clicks of a mouse, even a lightly trained technician can build a software agent that can infect and monitor a device, then upload captured data at unobtrusive times using a stealthy network of proxy servers, all without leaving a trace. That, at least, is what Hacking Team’s manuals claim as the company tries to distinguish its offerings in the global marketplace for government hacking software.
Hacking Team’s efforts include a visible push into the U.S. Though Remote Control System is sold around the world — suspected clients include small governments in dozens of countries, from Ethiopia to Kazakhstan to Saudi Arabia to Mexico to Oman — the company keeps one of its three listed worldwide offices in Annapolis, Maryland, on the edge of the federal intelligence and law-enforcement cluster around the nation’s capital; has sent representatives to American homeland security trade shows and conferences, where it has led training seminars like “Cyber Intelligence Solutions to Data Encryption” for police; and has even taken an investment from a firm headed by America’s former ambassador to Italy. The United States is also, according to two separate research teams, far and away Hacking Team’s top nexus for servers, hosting upwards of 100 such systems, roughly a fifth of all its servers globally.
The company has made at least some sales to American entities, according to comments its outspoken co-founder and CEO David Vincenzetti made in l’Espresso in 2011. “We sell Remote Control System to institutions in more than 40 countries on five continents,” he told the Italian newsmagazine. “All of Europe, but also the Middle East, Asia, United States of America.” In the English-language press, where Hacking Team has been more circumspect about its client list, Vincenzetti’s l’Espresso comments about selling implants to U.S. institutions seem to have fallen through the cracks. Asked about them, Hacking Team spokesman Eric Rabe told The Intercept, “we do not identify either our clients or their locations.”(After publication of this article, Vincenzetti responded with a letter, available here along with a reply from The Intercept.)
Whatever the extent of its U.S. sales, Hacking Team’s manuals deserve an audience in America and beyond. This summer, researchers at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, including the co-author of this piece, published excerpts of the manuals and technical descriptions of Hacking Team’s capabilities. Publishing the manuals in their entirety here will give the public a better understanding of the sophistication of these relatively low-cost and increasingly prevalent surveillance tools. That sort of understanding is particularly important at a time when digital monitoring has spread from large federal agencies to local police departments and as more national governments gain the once-rarified ability to deploy digital implants across borders. Turnkey solutions like RCS effectively multiply the online threats faced by activists, dissidents, lawyers, businessmen, journalists, and any number of other computer users.
A Niche for Commercial Spyware
Within the U.S., there’s relatively little information on the prevalence of law enforcement hacking. The FBI only rarely discloses its use in criminal cases. Chris Soghoian, principal technologist with the American Civil Liberties Union’s Project on Speech, Privacy and Technology, who has closely tracked the FBI’s use of malware, says that agents use vague language when getting judges’ permission to hack devices. “This is a really, really, invasive tool,” Soghoian says. “If the courts don’t know what they’re authorizing, they’re not a good check on its use. If we as a society want malware to be used by the state, we ought to have a public debate.”
What is clear is that large nations with well-funded intelligence establishments have long been capable of the kind of surveillance Hacking Team offers. In 2001, it was first reported that the FBI had developed malware known as Magic Lantern, which could take over a computer and log its users’ keystrokes, as a way around encryption. Soghoian says it’s likely that the bureau and American intelligence agencies get more customized spying solutions from contractors other than Hacking Team. Countries such as China and Russia probably develop their spyware in-house.
Hacking Team and the German firm FinFisher have taken over another niche, as the most prominent purveyors of user-friendly, off-the-shelf spyware for less moneyed customers, says Ben Wagner, director of the Center for Internet and Human Rights at the European University Viadrina. A recent leak of FinFisher data showed customer service communications between the company and Bahrain, Pakistan, Estonia, and a regional police department in Australia, among other clients. The cost of a Hacking Team installation package, meanwhile, ranges from 200,000 to 1 million euros, Vincenzetti told l’Espresso in 2011. Pricey, but not out of reach.“If those countries didn’t have access to Gamma [FinFisher’s former parent company] or Hacking Team, they probably wouldn’t be able to do this kind of surveillance,” says Wagner. “Those are the two that we know about who have really gone for this targeted surveillance market for smaller and midsize countries.”
Soghoian thinks that “to the extent that Hacking Team has sold in the U.S., it would be to less well-resourced federal agencies or bigger local police teams.”
Hacking Team has built up enough of a profile to become something of an icon in its home country. “Elegant and tan” Vincenzetti has been lauded as a poster-boy for modernizing the Italian economy and is touted to stateside investors at events like “Italy Meets the USA.” Among those promoting Hacking Team is Innogest, an Italian venture capital firm headed by the former U.S. ambassador to Italy Ronald Spogli. The company is in Innogest’s own portfolio.
Despite the acclaim, Hacking Team — and its competitor FinFisher — have drawn the ire of human rights and privacy activists. “We have not that many companies doing nasty things for not that much money on a global scale, but with huge human rights effects,” Wagner said.
Companies like Hacking Team refer to their products as “lawful intercept” technology. They need at least the pretense of dealing with legitimate actors because the legality of surveillance software depends on the behavior of its users. That’s all that fundamentally separates their software from tools for crime or repression. But evaluating that legitimacy becomes tougher as prices fall and customers proliferate.
Hacking Team offers the assurance that its users are all government institutions. Spyware is perfectly legal in law enforcement or intelligence investigations “if used with the proper legal authorization in whatever jurisdiction they’re in,” according to Nate Cardozo, staff attorney at the Electronic Frontier Foundation. Hacking Team’s “customer policy” also claims that it will not sell to countries listed on international “blacklists” or that it believes “facilitate gross human rights abuses.” The company won’t disclose what it means by blacklists, how its review process works, or which, if any, customers have been dumped. Hacking Team’s spokesman refused to provide details beyond what is on the company’s website.
There’s evidence the company is not being particularly selective about to whom it sells. Of 21 suspected Hacking Team users tracked down by Citizen Lab, nine had been given the lowest possible ranking, “authoritarian,” in The Economist’s 2012 Democracy Index, and four of those were singled out for particularly egregious abuses — torture, beatings and rapes in detention, lethal violence against protestors — by Human Rights Watch.
Its competitors face similar criticism. Activists in Bahrain and Ethiopia have found FinFisher spyware on their computers. (FinFisher did not respond to an emailed request for comment.)
The U.S. government has shown an interest in policing the improper use of packaged malware. The Justice Department just recently brought its first case against a spyware developer, arresting a Pakistani man who marketed StealthGenie, an app that does some of the same things as Hacking Team’s RCS – monitoring all phone calls, messages, emails, texts and more without the owner’s knowledge — except for individuals rather than governments. Announcing the charges against StealthGenie’s maker, an assistant attorney general called the spyware “reprehensible…expressly designed for use by stalkers and domestic abusers who want to know every detail of a victim’s personal life.”
How It Works
Key to the spread of software like Hacking Team RCS is that it’s designed to be simple for non-experts to use.
In a brochure, Hacking Team boasts, “You cannot stop your targets from moving. How can you keep chasing them? What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain. Remote Control System does exactly that.”
Hacking Team manuals, dated September 2013, provide step-by-step instructions for technicians, administrators, and analysts on how to infect a device and set up spying.
The software can be installed physically, via a USB stick, if the authorities have direct access to the computer (imagine a police stop or an airport search.)
Or, the infection can happen remotely. It could take the familiar form of a phishing attack or email scam – as a group of Moroccan reporters found out in 2012. A document promising them a secret scoop (it was titled “scandale,” in French) turned out to be a decoy for Hacking Team software. An Emirati blogger fell victim to the same trick. The implant can also be melded with legitimate, useful software that the victim is prompted to download.
As The Intercept has previously reported, Hacking Team also installs its bugs via “network injectors” – physical devices housed with internet service providers, that allow them to intercept ordinary web traffic, like streaming video, and replace it with infectious code. (After we reported that YouTube and Microsoft Live were exploitable in this way, both companies moved to fix the vulnerabilities.)
From page 107 of the RCS Technician’s Guide. Click to enlarge.
Then there are covert network injections. The spyware installer might lay in wait in a hotel, or a Starbucks, and gain access to your computer by “emulating an access point” – in other words, pretending to be a free wifi hotspot to which the victim connected previously. The manual also describes how the software can deploy password-busting tools to break into closed wifi networks.
From RCS Technician’s Guide, page 115. Click to enlarge.
From RCS Technician’s Guide, page 117. Click to enlarge.
The Hacking Team manuals recommend that customers buy a code signing certificate from Verisign (now Symantec), Thawte, or GoDaddy– companies that offer a stamp of assurance that signals to operating systems and anti-virus scanners that the software is legitimate. Getting what Symantec calls its “digital shrinkwrap” added to Hacking Team software makes it less likely to be detected. (Symantec declined to comment on how it handles malware in issuing certificates. GoDaddy and Thawte did not respond.)
Via one of those methods, the “agent” — ie., the bug — is implanted on any of these devices:
From RCS Technician’s Guide, page 39. Click to enlarge
And set up to start recording:
From RCS Technician’s Guide, page 71. Click to enlarge.
The “analyst” can then explore and take virtually anything from the target’s phone or computer, at least according to the manual.
From RCS Analyst’s Guide, page 59-60. Click to enlarge.
Here our analyst selects an investigation – code-named “Swordfish,” and described as a “Terrorist Attack in Singapore.”
From RCS Analyst’s Guide, page 32. Click to enlarge.
Opening that up, he sees the targets in swordfish – “Alejandro Reade,” “Joey Fargo,” and “Jimmy Page” – “head of the terrorist cell.”
From RCS Analyst’s Guide, page 34. Click to enlarge.
Here’s what he’s looking at on Jimmy’s computer: his desktop, Skype account, Firefox browsing. All of that can be exported from the bugged device to the spy’s computer, undetected.
From RCS Analyst’s Guide, page 49. Click to enlarge.
But before he sends everything off to his higher-ups, he can have a listen, to decide if it’s relevant:
From RCS Analyst’s Guide, page 56. Click to enlarge.
And can even translate it:
From RCS Analyst’s Guide, page 48. Click to enlarge.
Once he’s got all that, he maps out the various people and places tied to his target.
From RCS Analyst’s Guide, pages 66-67. Click to enlarge.
Entities are automatically linked by the software based on their contacts – either as a “know,” a “peer,” or an “identity” (ie., two addresses associated with the same person.)
From RCS Analyst’s Guide, pages 68, 70, and 71. Click to enlarge.
Here are Jimmy and his friends in an industrial lot in Los Angeles:
From RCS Analyst’s Guide, page 76. Click to enlarge.
From RCS Analyst’s Guide, page 81. Click to enlarge.
And here’s the man himself, with all his vital stats. Web sites and physical locations get similar profiles. That photo, the manual notes, will default to the “first image captured by the webcam.”
From RCS Analyst’s Guide, page 85. Click to enlarge.
For more on how this all works, see Citizen Lab’s report, and explore the full set of documents below.
Manuals
Hacking Team RCS 9 Analyst’s Guide (PDF):
Hacking Team RCS 9 Administrator’s Guide (PDF):
Hacking Team RCS 9 Technician’s Guide (PDF):
Hacking Team RCS 9 System Administrator’s Guide (PDF):
Hacking Team RCS Invisibility Report (PDF):
Hacking Team RCS 9.0 Changelog (PDF):
Hacking Team RCS 9.1 Changelog (PDF):
Update: Added a link to a response letter from Vincenzetti. Nov. 3, 2014 4:20 pm ET
Top Photo: Pablo Blazquez Dominguez/Getty Images; Vincenzetti: Google+
Email the authors: cora.currier@theintercept.com, morgan@firstlook.org
Whatch the malware links in the comments section. The gals aren’t happy about this article.
I hope Snowden was able to download the devious schemes of the Bilderberg Group. That will explain the real reason behind all the activities of NSA, FBI, GCHQ and all the hackers. That group is the master, rest are all servants doing the master’s bidding.
On page 143 of the technical manual, there is a comment “for further information on how to obtain a digital certificate, contact the HackingTeam support service.” On page 139 there are general instructions for obtaining a code signing certificate. Question is: will people agree to allow installation of software if it is signed by an entity which cannot be confused with the legitimate provider of the software? This seems of some interest because, as mentioned in the article, commercial software vendors find any association with this sort of hacking to be very detrimental to their reputations, and are willing to expend substantial resources to overcome such holes. I assume that HackingTeam would not knowingly undertake any conspiracy to demean and dilute the trademarks of reputable companies by assisting their customers in registering spyware with an easily confused name, but I do wonder what alternative approach would be effective.
I should also note the warning on page 106 of the same that “any change in the file system (I.e. any file created on the desktop) will be visible to the user. Be careful.” We should emphasize that this kind of backdoor access to “suspects’” computer systems in general will not merely allow SEARCHES for evidence, but also CREATION of evidence – potentially followed by the traceless self-uninstallation of the spyware module. Given the apparent prevalence of this software as described in the article, and the authoritarian nature of the regimes using it, it is the duty of every one of us reading to commit ourselves that if called to serve on a jury in a child pornography case, we WILL regard any claim by the accused that the files are the result of “hacking” to not merely create a doubt, but a REASONABLE doubt in their case. This software illustrates what we should already have known: modern computers simply are not secure, NOT under the control of the ostensible owner. Of course, I doubt that our resolution, however nobly intended, will matter much; I think inevitably it will be the responsibility of those falsely accused to commit enough spectacular acts of vengeful terrorism that the world takes them seriously.
They (the software vendor) could be fronting, wittingly or unwittingly, for some other intelligence organization. When they (the customers) install the control software on their own computers to monitor others, they may be opening themselves up to whoever fronted the technology to the vendor.
Once installed, they essentially become assets of the CIA, NSA, Mossad etc.
My Twitter TL just had what purports to be a pic of a letter Hacking Team sent to TI in respoonse to above: https://twitter.com/apblake/status/528762982973865984/photo/1
I’m not real sure, but the RCS 9.0 Changelog pages seem to suggest their surveillance software may be less all-encompassing for iOS than other operating systems. It touted an improvement that seems to lag what you might expect. iPhone 3GS and iOS 4.1 improvement – touted in a version 9.0 update from 2013? Is this as odd as it seems?
How do these “people” sleep at night??? This is a very chilling story, even more so because we just don’t know the full extent of all this malware hacking and tracking. BTW – any of you tech folks have comments on the FBI’s request for more hacking powers? There’s a hearing next week.
reference: http://www.theguardian.com/us-news/2014/oct/29/fbi-powers-hacking-computers-surveillance
Hmmmmm – well, I decided to do some further checking myself online. Here’s my roundup regarding the above topic (FBI proposed changes to Rule 41):
http://observergal.blogspot.com/2014/11/lets-just-hack-everybody-shall-we.html
Yeah and I wouldn’t put it past these motherfuckers in Congress to allow these fucking creeps in the FBI to do it. Given the concept of “mission creep”, I’ve got $1k that says at some point, they’ll even ask Congress to pass a law mandating every single newborn to be injected with an RFDI chip…. er…wait…OMG.
Shades of Benito Mussolini…
http://chippietherfid.com/
If I didn’t see it with my own eyes…..
All of this raises all sorts of red flags. It does document what many of us are suspecting that an assortment of people are doing. There are many questions regarding human rights and due process and maybe even questions of jurisdiction.
It just occurred to me that the world would greatly benefit from a technical book that Micah might want to consider writing along the lines of his most recent article here.
Most people want to protect their digital privacy not because they ball out in the nefarious, but precisely because of the opposite: to assert their rights to privacy but like myself, could use a little help…
There are only a handful of operating systems. For me, short of manipulating and modifying some modules and possibly messing up some stuff, I must rely on sound ideas that trained hands have to offer.
Having said all that: who stole my comments that briefly appeared here yesterday?
The law is the canvas of obligations imposed to the serfs.
It is the tissue of appearances perpetuating their servitude.
The less the imposition is tolerated, the heavier the canvas.
The more the servitude is revealed, the less resistant the tissue.
Thank once again to THE//INTERCEPT for a well informed and documented report; especially in the wake of the current attempts by the FBI (Justice Department) and the FCC to further undermine both the express and implied Constitutional rights of everyone.
In addition to the fun and importance of participating in discussions such as this, it is also important to support working informed activists that are attempting to curtail both private and governmental incursions into these basic human rights. In its most recent news letter (Oct. 30th) the EFF (Electronic Frontier Foundation) had this, in pertinent part, to say:
“EFF members shape the path to a better digital future. Members protect the rights of users around the world by funding legal action, advocacy campaigns, and open source software. This year, members stood behind EFF’s work in four federal cases against illegal NSA surveillance. Members enabled the creation of the HTTPS Everywhere and Privacy Badger software tools to protect digital communications. And members powered a campaign generating hundreds of thousands of pro-net neutrality messages to the FCC. We’re accomplishing this ambitious work—and much more—with the support of people like you.”
So…….after venting and ranting, and exhausting all the known repetitive memes and forecasts of doom and gloom, try doing a little substantive activism on the side. (;-})
“Work is love made visible.” KG
As Usual,
EA
This is exactly the kind of article a person could sing along too:)
On the invisibility document, what does the green cells and the “cannot upgrade to elite” mean?
The bit about tracking peoples whereabouts is disturbing. The sorts of information our government agencies want, mapping our personal relationships, associations, travel habits etc. are exactly the information they shouldn’t have. And it isn’t just the Government. Every time I try to log in with DISCUS or Google+ it asks to know about me. It then wants to know who my friends are. Really? Sell out my friends just so I can log in to their stupid website? WTF is that about?
I think that for me, the golden age of the Internet is over. Even YouTube is going “Clippy” offering unsolicited and unhelpful help. My cable company keeps trying to sell me “television that gets to know you.” Do they have any idea how repulsive and Orwellian that is? Years ago Times Square was wall to wall trash, porn shops and strip clubs. It got so bad that people stopped going there. Eventually, they had to clean it up.
Interesting how Hacking Team’s spyware isn’t compatible with GNU/Linux desktop operating systems, like Debian or Ubuntu. (Though I’m sure it could be, if they took the time to develop it.)
Hacking Team RCS 9.1 Changelog has an entry “Agent (Linux) New Module: mic recordings” which suggests that they do offer a linux implant.
Yet another reason to use open source operating systems. Myself, I am torn between Linux and OpenBSD. Adware, spyware, and malware have for years been an absolute scourge for MS Windows and various mobile operating systems. All kinds of criminals and shady characters develop and distribute malicious software for a variety of reasons, and I don’t see the outrage against them. I imagine almost all Windows and/or Apple operating systems are infected with something or another, and unless users notice something directly, they just don’t care. Do you think despotic regimes and law enforcement agencies are going to forgo the same tools? FinFisher and Remote Control Systems are just two of them. There are hundreds or even thousands of kinds of spyware in the wild.
Use a more secure operating system, install an adblocker and maybe a javascript blocker (add-ons like AdBlock Plus, NoScript, Ghostery), don’t surf smut online, don’t draw attention to yourself, and you’ll probably be just fine, but all the same, I wouldn’t trust anything to be private on any computer that is ever connected to the internet. It’s just the nature of the beast. Security simply wasn’t a priority when mainstream desktop and mobile hardware, operating systems, web browsers, and other applications were developed, and such systems have and will continue to have innumerable vulnerabilities for hackers to exploit.
not sure where you got the manuals but, depending on the source, i’m a bit wary of opening any document file regarding a company that has infected people through document files (especially the playground of scripts and bugs that are PDFs).
in any case, this software does little if anything new. it’s like “backtrack for dummies”. open source stuff that’s been available for free over the years slapped together with a shiny GUI on top. if governments/agencies are that lazy and uninformed, let them waste their money. the could spend 1/10th whatever these scam artists charge and hire a few script kiddies fresh out of high school. same results i’m guessing.
Cora and Morgan, a few hours ago, I successfully posted a comment here. It was not offensive by any reasonable person’s standards. I always use the same handle Pat B. It is now missing from the comment entries here, or my cellphone is manipulated (it is hacked) so that the post fails to show. I do not believe that either of you removed the post. But to be sure, did you remove the comment?
If you did not, and none of your Intercept colleagues did (all of whom I respect) then someone must have deemed it too damning to be viewed by the world.
I wonder which one of these PDF’s contains the zero-day.
First, as I understand the nature of technology (which is not so much) the cost of a new capability starts dropping quickly and spreads rapidly as the cost goes down. So what the NSA has today shortly corporations and small states or smaller enterprises (such as local police) and of course eventually but not very long after or contemporaneous with these smaller units the so called bad actors learn about them and how to use them. Because of the dynamic nature of techno ware soft or hard its impossible to keep it locked up long.
The other issue is that there is already a vast sea of our information and information about us out there stored by NSA, Google and no doubt many others. As technology or knowledge of how to use it spreads – and it can’t be stopped – the only outcome is that more and more “players” will be accessing the data, and the sea like the real sea in global warming is rising by the day, minute, second.
Perhaps our only salvation will be that so many people and organizations have access that the data looses its value.
quote”Perhaps our only salvation will be that so many people and organizations have access that the data looses its value.”unquote
Salvation? The only salvation available is to recognize you are an idiot, that wants to believe your further contribution to this dialog will result in some future change that will mitigate your beliefs.. Meanwhile, the humans who’ve already recognized the totalitarianism epidemic being perpetrated on humanity, are retreating to the fringes of geological survival that allows themselves and their families to perpetuate survival of their seed till such time they must face the technological evil of planet wide genocide of those who repudiate capitalism. Meanwhile, hit Walmart for your temporary belief everything is ok.
@Chronicle What was the purpose of this comment?
I think the important question you are getting at is the following:
How has technology change politics?
Here is my take on that question:
http://wp.me/P4X83e-1
Just proves that there are more bugs & ears, than there are in an Iowa cornfield !
Copy from Clipboard is a red flag for us. We use Clipboard to protect banking passwords from Zeus. That could be the main value for many international Gamma and Hacking Team customers — stealing from US bank accounts.
Fukking disgusting. This is how the world lurches toward fascism and tyranny. Money. There is no money in protecting freedom. That word is only used in the basest way, as propaganda to motivate the huddled masses….
Yesterday, I saw a commercial for one of the big corrupt banks with a few actors promoting some new bank/credit scheme and
one of the actors said, “Money is freedom.”
This struck me as the mindset which is at the core of most injustice and is probably not questioned by most people.
The mindset would mean that the more you love money, the more you love freedom and that the greediest people
are the most freedom-loving role models.
Clearly, Washington and Wall Street worship money as freedom and have little use for those who are not rich.
It also would mean that for the “money is freedom” believers, justice depends upon your bank account.
Astute comment, Clark. I think it is clear that TPTB don’t care for anyone not wealthy/elite. And your last comment: “justice depends upon your bank account” certainly rings true. A study of justice system statistics regarding experiences and sentences of rich vs. poor would confirm that. And that’s before we get to the idea of challenging government policies or practices. Most people can’t sometimes because of fear, but also because of the financial drain it would cost them.
“despots and cops”
someone needs to be introduced to the vin diagram… sounds a lot like “predators & wolves”…
IT people have long known that tools like this must exist–the problem has been that there hasn’t been ANY coverage of it–mostly due to the fact that its so technical.
We have a massive surveillance state with all the malicious toys and zero accountability working against ordinary citizens.
What are people going to do about this kind of stuff? It isn’t going to stop unless people organize and do something about it.
I agree, Blackout, but what to do? Vote Democrat or Republican? Protest in the street? Write your congress and/or president? Congress has either been complicit or inept when it comes to the surveillance being perpetrated on the whole planet. My guess is a mix of the two. It was revealed in a recent Intercept article there are 17 (known) intelligence gathering entities in the USA. How can the Congress reasonably expect to oversee that many agencies with such busy schedules(campaigning)? At this point nothing short of a complete change of the guard, Congress, Supreme Court, dissolution of every cabinet position and governing agency such as the alphabet soup of law or intelligence gathering apparatus. When corruption has ascended to it’s present odoriferous level, piecemeal overhaul will just have us chasing our tails. Do we really want a revolution though? They are messy and at times even deadly. If you have any ideas, I and most likely others are all ears.
its a good question. But without a revolution (and revolution COULD happen without a lot of bloodshed) we will be subjected to increasing levels of violence anyway via the apparatus of tyranny. So the only real question is: would you rather fight for something you love, or fight to survive in a place you hate.
Whatever you decide I suggest that if you have a strong informative opinion which might perhaps cite an individual making large sums of money off tax payers then do be discreet as much as you can and place a return address to your congressman or senator. Otherwise the corporate creeper software owner will hunt you down and the legislatures will have you investigated for mail fraud since you didn’t put a return address. It is best not to have to be a high profile whistleblower and just a citizen with a issue to address. However, if you have inside news to blast that does give more to chew on while they discuss your letter be cautious. But don’t plan on change to soon. I think your best bet is to plead to the reporters here to do more stories that have personal situations where a person has actually been unjustly harassed for trying to protect freedoms. Good luck!
You bring up a valid point. You may find part of the answer in the question: What is the nature of double government and national security with respect to infringements on our Constitutional and natural human rights?
Here is my take:
http://wp.me/p4X83e-9t
Does this imply that virtually nothing connected to the internet at any point in time is safe from being hacked? And, even if it is heavily encrypted, it can be deciphered?
No… but the amount of opsec needed to stay safe is virtually impossible for all but the most experienced tech users.
See the previous article published by The Intercept for an idea of the diligence and expertise needed: https://firstlook.org/theintercept/2014/10/28/smuggling-snowden-secrets/
Im sorry but if you feel that using GnuPG, OTR or Tails is technically difficult I you have to be pretty slow
Being the Luddite that I am, I must ask — Are Blackberry smart phones immune, or largely immune, to this type of hacking?
The manual claims it works for Blackberry https://prod01-cdn02.cdn.firstlook.org/wp-uploads/sites/1/2014/10/04-analyst-guide-p39.png
The article talked about how this technology is out there and being used by the governments so that Apple’s new encryption won’t make a difference. I suspect it is more subtle than that. This technology takes time to set up for an individual target. In the United States it may require approval by a judge? I suspect that approval is done in secret by a FISA court judge who rubber stamps every request he gets. There is also bulk surveillance which is not individualized that has been discussed a lot since Snowden’s revelations. Bulk surveillance would be rendered useless if the phones used encryption that could not be quickly decrypted in bulk. Is that what is going on?
In Newark New Jersey in the 90s there was an epidemic of car thefts. So everyone started putting wheel locks on their vehicles. The wheel locks could be bypassed by a thief, but it might take a few minutes so the thief wouldn’t mess with the car (even though in a few minutes they could defeat the wheel lock system). I suspect that an analogous situation is occurring here.
I think it was good that this article pointed out that there was the case of a guy selling the “stalker” software and the feds called it reprehensible, and yet they are using the same technology. I thought the same thing when I saw that case in the news. So it is ok for the government to do it, but not individuals?
The article also pointed out that foreign governments are employing this technology and they do not have even the little protections that we have here (like getting a warrant from a judge).
The problem with your wheel lock analogy is that stealing a car is a manual process. These are automated processes, meaning that the programmer of this software (or indeed of NSA’s TURBINE: https://firstlook.org/theintercept/2014/03/12/nsa-plans-infect-millions-computers-malware/) just has to program it once to defeat the security measure, and then it can automatically attack thousands or millions of PCs or phones with no additional effort.
That’s the main thing to understand about this era of surveillance that we are in: end point attacks (to completely control your devices and potentially see and record everything you do REGARDLESS of encryption) are automated to affect potentially millions of devices with very little effort.
Agreed. The barriers we install only require more time and money to circumvent even Cora’s picture above could be tracked through facial recognition as they were using to find the English ISIS be-header. The agencies interested have all the money they need.
Gee, with a name like Hacking Team,what’s not to trust? Someone needs to publish an Encryption and Hacking manual for Dummies. I can throw around the terms but, being kinda old and unfamiliar with much but the most basic computer technology, it’s not very meaningful.
‘hacking’ and ‘encryption’ are good words.Usually, one hacks for some greater public purpose, what ‘hactivism’ is, such as finding out that a certain site, about security, has their pw’s in plain text, and knows certain things about government, like what a Grand Jury is doing—things that are secrets.
‘Hacking Team’ is a bad product, that someone is trying to sell to low-level police departments and poor countries.
I don’t know how to encrypt or how to hack, but I enjoy reading about them.
As usual, what’s lacking from this story is the perspective from real-life victims of this invasive technology. People are only moved by stories that are ‘relatable.’ So until you show some poor unsuspecting American’s photo captured while sitting in their undies playing CandyCrush you are not going to motivate the masses. Please, please start writing stories that appeal to ordinary Americans.
Can you post direct links to the PDFs from now on instead of the needless obfuscation?
Click on the expand buttons in the corners of the embeds in the bottom. You can download the PDFs from Document Cloud. They’re also all here: https://firstlook.org/theintercept/documents/
also now there are pdf links
So, let me get this straight, you put the lime in the coc….wrong rabbit trail. The very same thing governments do in legal pursuit of our data would land you and I in jail. Sounds reasonable to me. I keep forgetting, government=good, people=bad. Silly me.
This spammer “callsup” jerk manages to get posts with multiple link posts to take in every single thread on The Intercept.
Its only spam if it isn’t relevant to the topic. What is it exactly about the questions I pose that you think are not relevant? If you have any unique thoughts of your own on the matter please engage in the discussion, else have a bowl of cry baby soup and shut up. Thank you.
Would you agree that almost every single article on the intercept is related to National Surveillance, Infringements on our rights, technology, and politics? IF that is is the case then the questions I post, which I just so happen to attach a link to my perspective on the question is not spam but a method for creating discussion. If someone responded to my question on the thread at the intercept I would be happy to engage, but nobody has so I keep asking questions.
Personally, I would find it highly annoying if people just kept posting bloviating bile that is not focuses or centered on a specific or tailored question. I know the number of people who have visited my blog and I also know the average visitor reads multiple pages every visit. If my questions, thinking, or writing were shit then someone would have attempted to point that out. You and your complaint are a statistical outliers and the main thrust of your complaint is that my article topic related question and link to my point of view is linked. Either constructively and meaningfully contribute with your or qeustions and point of view or close your pie hole. Thank you.
I expressed my opinion about your spamming; no point repeating it. I don’t care if you take issue with it. And I sure don’t have any intention of abiding by your orders, for god’s sake. To my knowledge you’ve now posted two actual comments in total on “The Intercept” which are not your usual spam comments. Both of them are you throwing a childish hiss fit because someone called you out on your spamming.
@kitt Actually, those are arguments that debunk your notion of spamming. People like you just troll boards. Thank you.
Kitt – Here is a challenge for you. Why is it that Kitt hasn’t contributed anything to the discussion threads but complaints? Post a question that is related to the topic of the article, or attempt to address other questions posed. Then you might start earning some respect.
Thank you for proving my point.
Spyware is perfectly legal in law enforcement or intelligence investigations “if used with the proper legal authorization in whatever jurisdiction they’re in,” according to Nate Cardozo, staff attorney at the Electronic Frontier Foundation. Hacking Team’s “customer policy” also claims that it will not sell to countries listed on international “blacklists” or that it believes “facilitate gross human rights abuses.” The company won’t disclose what it means by blacklists, how its review process works, or which, if any, customers have been dumped. Hacking Team’s spokesman refused to provide details beyond what is on the company’s website.
Surely there must be some way to fight these kinds of companies through the courts?
What’s the problem?
Hacking Team is a citizen, with the same privacy rights individual citizens enjoy in any self-proclaimed democracy.
“Spyware is perfectly legal in law enforcement or intelligence investigations “if used with the proper legal authorization in whatever jurisdiction they’re in,” ”
In the old days, the police could tap your phone and read your letters and bug your house. But spyware is like going in and confiscate all communication without a warrant. If they need this kind of surveillance, they should install it with the Internet Service Providers and phone companies. A backdoor in every computer and phone is like removing any personal liberty. This stuff seems just too easy.
Bravo!
The goodness of unregulated free markets has always been self-evident, but evidence is always welcome! These invisible hands are providing citizens with the products they need most, in the most efficient, transparent manner possible, and the documentation is further proof markets can solve any problem, anywhere. There can be no more debate: purely self-interested business people are the pinnacle of human evolution.
The sarcasm is strong with this one. Good job!
This Hacking Team remote control system product would be VERY handy for the so-called investment bankers.
In order to circumnavigate for their own profits during the inevitable economic collapse which the bankers(sic) will
cause (with the protection of Washington),
the Wall Street criminals will be more likely to steal from selected depositors and then cry out that they were hacked
in order to suck more money out of the rest of society.
The democrat/republican/libertarian corporate government will probably give the bankers the money to buy the system
under the lie of improving security.
Then, the policing agencies will use the system to keep track/punish anyone who criticizes the banker criminals.
The comment section of Intercept drives me bonkers…
And you read it because bonkers is your desired condition?
I should I said I meant that posting on The Intercept drives me bonkers. You can post a comment from one email and it wont appear at all, I post with another email and it works, just five minutes later. What was my first email blocked or something? Its bizarre!
I’ll add to it they also apparently manufacture and edit the content on a few different levels. about half of their situation is manipulating the actual activity, there’s many ways they’ve found to do that and in the end the actual intercepted information can become irrelevant or completely “untrue”, even very factual technical information becomes worthless and false because they simply study how to make the result whatever they want. at the same time they’re using this as indisputable evidence behind closed doors saying the evidence is so clear they don’t need to investigate or discuss it with anyone.
You mean to tell me that any well funded organization with the need to spy on a person can do it for a price and these malware companies are selling to everyone and anyone, dictatorships, tyrannous regimes, mercenaries!? And our government allows this!?!? OMG OMG, couldn’t the terrorists use this against us!?!? We have to bomb Italy immediately to protect us all!!! Obama to the drone cave!!
How long before “targets” simply go old school and revert to analog; paper, carriers, etc?
There was a news report post Snowden that Russia was buying electric typewriters for some or maybe all of their sensitive clerical work. Can’t verify veracity of report or source.
There was a time not too long ago where all of these abilities except for the network infiltration was easily attained by your average,experienced hacker; and some of these abilities even by scripkiddies.
The Three main threats National Surveillance poses to our freedoms according to Jack Balkin at Yale Law School are:
1) Parallel set of laws that circumvent the Bill of Rights
2) Administration/Law Enforcement that is emblematic of the parallel rules
3) Private Power and Private/Public cooperation
See more here:
http://wp.me/p4X83e-1w
Looks very impressive. Too good to be true?
The problem is that most computer users don´t know how to secure their equipment. Most modern popular operating systems needs to be easy to use for everybody, thereby unfortunately becoming full of holes.
There will probably arrive various counter-measures for this malware soon.
How has technology changed politics?
http://wp.me/P4X83e-1
What is the nature of Double Government and national security with respect to infringements on our rights?
http://wp.me/p4X83e-9t
What does Obama and his NSA Review Panel really think about privacy/security and why?
http://wp.me/p4X83e-9P
I can’t find your ‘add to shopping basket’ button.
I know you can afford it now, Duce, because that comment is priceless! Thanks for the laugh this morning!
Too bad. I found a better one
https://ghostgunner.net/
Don’t despair. Julian Assange is cashing in on the Wikileaks brand to bring us a complete line of radical-chic apparel and accessories.
“He [Assange] added that the monetization of the WikiLeaks brand would help rake in additional funds for the non-profit online organization, since it mainly relies on donations. Olafur will be in India over the weekend to talk to potential partners. [..] However, New Delhi-based brand expert Santosh Desai is skeptical about the brand’s potential as a marketing success. WikiLeaks and Assange are great brands. But don’t you think that trying to monetize them will defeat the whole ideology of what they stand for? To be successful, they will need a very focused approach,” he said.”
It appears that radical chic, anti-capitalist capitalism has become the new business model for the newly emerging non-profit, product-oriented, anti-establishment establishment.
http://timesofindia.indiatimes.com/business/india-business/Coming-soon-T-shirts-jeans-from-WikiLeaks/articleshow/44734529.cms