Researchers find out how governments hijack phones

[wraith808]

Researchers Find and Decode the Spy Tools Governments Use to Hijack Phones

Newly uncovered components of a digital surveillance tool used by more than 60 governments worldwide provide a rare glimpse at the extensive ways law enforcement and intelligence agencies use the tool to surreptitiously record and steal data from mobile phones.

The modules, made by the Italian company Hacking Team, were uncovered by researchers working independently of each other at Kaspersky Lab in Russia and the Citizen Lab in Canada, who say the findings provide great insight into the trade craft behind Hacking Team’s tools.

The new components target Android, iOS, Windows Mobile, and BlackBerry users and are part of Hacking Team’s larger suite of tools used for targeting desktop computers and laptops. But the iOS and Android modules provide cops and spooks with a robust menu of features to give them complete dominion over targeted phones.

They allow, for example, for covert collection of emails, text messages, call history and address books, and they can be used to log keystrokes and obtain search history data. They can take screenshots, record audio from the phones to monitor calls or ambient conversations, hijack the phone’s camera to snap pictures or piggyback on the phone’s GPS system to monitor the user’s location. The Android version can qlso enable the phone’s Wi-Fi function to siphon data from the phone wirelessly instead of using the cell network to transmit it. The latter would incur data charges and raise the phone owner’s suspicion.

Scary stuff... and good info.  More at link.

[Renegade]

That Hacking Team site is scary.

http://www.hackingte....php/customer-policy

Customer Policy
Since we founded the Hacking Team, we have understood the power of our software in law enforcement and intelligence investigations.
We also understand the potential for abuse of the surveillance technologies that we produce, and so we take a number of precautions to limit the potential for that abuse.
We provide our software only to governments or government agencies.  We do not sell products to individuals or private businesses.
We do not sell products to governments or to countries blacklisted by the U.S., E.U., U.N., NATO or ASEAN.
We review potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.
We have established a panel of technical experts and legal advisors, unique in our industry, that reviews potential sales.
In HT contracts, we require customers to abide by applicable law.  We reserve the right in our contracts to suspend support for our software if we find terms of our contracts are violated.  If we suspend support for HT technology, the product soon becomes useless.
 
We will refuse to provide or we will stop supporting our technologies to governments or government agencies that:
We believe have used HT technology to facilitate gross human rights abuses.
Who refuse to agree to or comply with provisions in our contracts that describe intended use of HT software, or who refuse to sign contracts that include requirements that HT software be used lawfully.
Who refuse to accept auditing features built into HT software that allow administrators to monitor how the system is being used.
 
HT policies and procedures are consistent with the U.S. Know Your Customer guidelines.  We conduct ongoing employee training to assure that employees know and understand the provisions of these guidelines.
Should we discover “red flags” described in these guidelines while negotiating a sale, we will conduct a detailed inquiry into the matter and raise the issue with the potential customer.   If the “red flags” cannot be reasonably explained or justified, we may suspend the transaction.
 
Our review will include:
Statements made by the potential customer either to HT or elsewhere that reflect the potential for abuse.
The potential customer's laws, regulations and practices regarding surveillance including due process requirements.
Credible government or non-government reports reflecting that a potential customer could use surveillance technologies to facilitate human rights abuses.
 
Hacking Team encourages anyone with information about apparent misuse or abuse of our systems and solutions to promptly report that information to us at [email protected] e-mail address is being protected from spambots. You need JavaScript enabled to view it .
 
Hacking Team has established a process of monitoring news media, activist community blogs and other Internet communication, and other available sources for expressed concerns about human rights abuses by customers or potential customers.  Should questions be raised about the possible abuse of HT software in human rights cases, HT will investigate to determine the facts to the extent possible.  If we believe one of our customers may be involved in an abuse of HT software, we will contact the customer as part of this investigation.  Based on the results of such an investigation, HT will take appropriate action.

Umm...

BWAHAHAHAHAHA~!

Psst! C'mere... You look like a smart cookie, and have I got a deal for you!

[wraith808]

hey... I was presenting without comment

[Renegade]

hey... I was presenting without comment

-wraith808 (June 25, 2014, 09:16 AM)

Oh, don't take me the wrong way. That company is VERY scary.

It's the entire "Oh, but we really care about your privacy and human rights and the children and puppy dogs and..." -- Yeah... that is just priceless. Just how stupid do they think people are when reading that? Hell, they'd probably be doing good by selling to non-NATO "approved" states. Pfft. I don't have that acquired taste for horse manure that some people might have.

[SeraphimLabs]

hey... I was presenting without comment

-wraith808 (June 25, 2014, 09:16 AM)

Oh, don't take me the wrong way. That company is VERY scary.

It's the entire "Oh, but we really care about your privacy and human rights and the children and puppy dogs and..." -- Yeah... that is just priceless. Just how stupid do they think people are when reading that? Hell, they'd probably be doing good by selling to non-NATO "approved" states. Pfft. I don't have that acquired taste for horse manure that some people might have.

-Renegade (June 25, 2014, 09:42 AM)

That terms of service is totally abusable too.

A basic cops 101 course is all I would need to get sworn in by the local ASPCA as an animal control officer- government agency status. It would then be possible to deal with this company to purchase some of their toys, on the pretext that it will only be used to help deal with local animal abuse by listening for abuse in action on target suspects.

Once it is in hand, they would have to be monitoring you themselves to know if you were actually using it as promised or not. And if this company tried that they would find themselves out of business.

[Stoic Joker]

Just how stupid do they think people are when reading that?

-Renegade (June 25, 2014, 09:42 AM)

Have you ever worked in Tech Support..?

We will refuse to provide or we will stop supporting our technologies to governments or government agencies that:
We believe have used HT technology to facilitate gross human rights abuses.
Who refuse to agree to or comply with provisions in our contracts that describe intended use of HT software, or who refuse to sign contracts that include requirements that HT software be used lawfully.
Who refuse to accept auditing features built into HT software that allow administrators to monitor how the system is being used.

-Hacking Team Customer Policy

Now, define Administrator for me.. (Edward...)

[Edvard]

When I worked as telephone support for Sprint cellular, we had a few callers that proved to be entertaining in their kookiness.  One lady called and just started telling me how the government had tapped her phone and how they would shut it off randomly just to let her know they were listening and could control everything about it and that they knew her location at all times.  "Uh-huh... Yeah?.... Wow, really?" was about all I could bring myself to say, especially when she mentioned how many meds she was taking regularly.  

Finally she said the reason for her call was to check her balance of minutes.  I gave her the information and the phone signal started breaking up.  She commented "Yep, that means they're triangulating on my signal, I should probably go."  I wished her a good day and hung up with more than a little skepticism.

Reading this, I'm a little less skeptical...