[liberationtech] New Citizen Lab Report

Alan Snitow and Deborah Kaufman secrets at igc.org
Tue Mar 4 16:37:32 PST 2014 

	Excellent report, but a question: why always the caveat that the spyware is "sold exclusively to goverments?" 
	Is there no evidence that companies, detective agencies and other entities could be using similar means to track their own critics? Or that 
some governments pass the technology onto semi-governmental agencies or private companies allied closely with regimes? Is there a wall
that would prevent this from happening?
	Many regards.
	Alan Snitow
		

On Mar 4, 2014, at 11:37 AM, Ronald Deibert wrote:

> Dear LibTech
> 
> I am pleased to announce a new Citizen Lab report, authored by Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, John Scott-Railton, and Sarah McKune, called "Hacking Team's US Nexus." This report is the third in a series on Hacking Team's global proliferation, this time focusing on US data hosting services being employed as part of foreign espionage campaigns.
> 
> The full report is here:
> https://citizenlab.org/2014/02/hacking-teams-us-nexus/
> 
> And the Washington Post story on the report is here:
> http://www.washingtonpost.com/world/national-security/italian-spyware-firm-relies-on-us-internet-servers/2014/03/03/25f94f12-9f00-11e3-b8d8-94577ff66b28_print.html
> 
> A high level summary is posted below.
> 
> Cheers
> Ron
> 
> 
> 
> Hacking Team’s US Nexus
> 
> Authors: Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, John Scott-Railton, and Sarah McKune
> 
> This post is the third in a series of posts that focus on the global proliferation and use of Hacking Team’s RCS spyware, which is sold exclusively to governments.
> 
> Summary
> 
> Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team.  RCS can record Skype calls, copy passwords, e-mails, files and instant messages, and turn on a computer or phone’s webcam and microphone to spy on nearby activity.  An earlier Citizen Lab report showed how one RCS user -- believed to be the Ethiopian Government -- targeted journalists in the Washington DC area with the spyware.  Previously, governments have used RCS to target journalists in Morocco, activists in the UAE, and a US-based critic of Turkish charter schools.
> 
> Two weeks ago, the present authors released a report Mapping Hacking Team’s “Untraceable” Spyware, which identifies 21 governments that we suspect are current or former users of RCS.  The report showed that computers infected with RCS send surveillance data back to the government operator through a series of servers in multiple third countries, called a proxy chain or circuit.  This is to prevent someone who discovers a copy of the spyware or an infected computer from tracing it back to the government.  For example, an infected target may discover that his computer is sending information to a server in Fremont, California, but would not be able to trace the ultimate destination of this information to Uzbekistan.
> 
> In this post, we delve deeper into these proxy chains, and find that in at least 12 cases, US-based data centers are part of this dedicated foreign espionage infrastructure.  Our analysis traces these proxy chains, and finds that US-based servers appear to assist the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.  Azerbaijan, Ethiopia, and Uzbekistan receive the lowest ranking, “authoritarian,” in The Economist’’s 2012 Democracy Index.
> 
> The extensive and deliberate use of dedicated US hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns. These include whether RCS client countries violate US law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware. Moreover, RCS client countries, by exposing wiretap data to US and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.  
> 
> We also identify several cases where US-based spyware servers were disguised as the websites of US companies, including a small New York-based financial services firm related to an SEC investigation, a small Oregon newspaper, and ABC News.  We believe that the disguises were designed to mislead targets if they discovered that their systems were communicating with these servers.  Thus, we believe that the targets of the the spyware in these instances had some familiarity with these companies.
> 
> 
> Ronald Deibert
> Director, the Citizen Lab 
> and the Canada Centre for Global Security Studies
> Munk School of Global Affairs
> University of Toronto
> (416) 946-8916
> PGP: http://deibert.citizenlab.org/pubkey.txt
> http://deibert.citizenlab.org/
> twitter.com/citizenlab
> r.deibert at utoronto.ca
> 
> 
> 
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys at stanford.edu.


Alan Snitow & Deborah Kaufman
Snitow-Kaufman Productions
2600 Tenth Street #603
Berkeley, CA 94710
510 841-1068
secrets at igc.org
www.snitow-kaufman.org
Facebook: Snitow-Kaufman Productions









-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140304/89c01808/attachment.html>

More information about the liberationtech mailing list