The nonprofit research team Citizen Lab has discovered the presence of a spyware developed by the Italian Hacking Team in 21 countries. The news doesn’t surprise security community, despite Hacking Team firm always denies any involvement in cyber espionage and surveillance campaigns conducted by authoritarist governments.
“On the issue of repressive regimes, Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the EU, the US, NATO, and similar international organizations or any “repressive regime.”
“First, with respect to human rights, we have encountered a number of cases where bait content and other material are suggestive of targeting for political advantage, rather than legitimate law enforcement operations. Moreover, in an earlier post in this series, we identified the targeting of a US-based news organization. In other cases, however, the material did appear to be indicative of possible criminal investigations. Similarly, we have also found Hacking Team endpoints in regimes with both high and very low rankings in governance, rule of law, and freedom of expression.” states the post.
Nonprofit organizations sustain that there is a sensible increase in the use of surveillance tools operated by governments, another problem that must be seriously considered is that in many cases, these tools could be used for illicit purposes by private companies that intend to spy on employees and competitors.
“Hacking Team has made a number of statements that seem intended to reassure the public, as well as potential regulators, that they conduct effective due diligence and self-regulation regarding their clients, and the human rights impact of their products,” the Citizen Lab researchers report on Monday. “They also market their RCS product as untraceable. Our research suggests that both of these claims ring hollow.”
“Our research reveals that the RCS collection infrastructure uses a proxy-chaining technique, roughly analogous to that used by general-purpose anonymity solutions like Tor, in that multiple hops are used to anonymize the destination of information,” reads the report. “Despite this technique, we are still able to map out many of these chains and their endpoints using a specialized analysis.” Citizen Lab researchers explained.
“If the Ethiopian government is not a Hacking Team customer, then I would sure like to know how their tools wound up being used to spy on Ethiopian journalists.”
The Hacking Team refuses any accusation and remarks its legal conduct that is also monitored by a panel of technical experts
We have established an outside panel of technical experts and legal advisors, unique in our industry, that reviews potential sales. This panel reports directly to the board of directors regarding proposed sales.
The researchers at Citizen Lab remarked that they have found “Hacking Team endpoints in regimes with both high and very low rankings in governance, rule of law, and freedom of expression“.
“It is equally reasonable, however, to conclude that some uses are abusive, partisan, or unaccountable. Our findings of the global proliferation of Hacking Team belies their claims of high-quality due diligence. While they claim to rely on an outside panel for guidance on potential sales, little information is available about its members, processes, or the grounds under which a sale might be rejected.”
In the following table, the list of endpoints traced.
|Endpoint IP||Country||First Seen||Last Seen|
We cannot ignore that the market of spyware is very flourishing, and there are many companies that produce malware similar to RCS of the Hacking Team. I want to close this post with the same phrase used by researchers, which summarizes all my concerns
“In conclusion, the combination of global proliferation, as well as dubious promises about “stealth” feature points to the dangers-to-many stakeholders of an unregulated marketplace defined by lack of transparency and accountability.”
(Security Affairs – Hacking Team, Surveillance)