Kaspersky Lab shows how Governments use hacking tools to hack citizen phones and computers
Where is the balance between citizen right to privacy and the government’s ability to spy on criminals and terrorists? That is the question I had in mind as I headed deeper underground at a recent Kaspersky Security event in London to hear details about the latest research report by Kaspersky Lab which shows how Governments use hacking tools to hack citizens phones and computers.
Many business were severely affected by the recession forcing them to turn to an alternative and innovative methods to regain some of their lost revenue. The criminal world is no exception as they too were forced to take to new methods to make up their losses. Although not new, one such avenue is Cyber Crime, where criminals turned to the Internet, Social Networks and Chat apps to scale up their illicit activities.
Governments and Law Enforcement Agencies know this. However, restricted by archaic laws that have not kept up with technology, they are powerless to fully pursue criminals online as they operate across international borders.
So what is a Government suppose to do ?
The solution seem to reside in the old adage of the “best form of defense is attack”. on the 24th June at the Cyber-Self-Defense Course run by Kaspersky in London, Kaspersky and Citizen Lab released their report showing how governments have been caught using hacking software. According to the research report, Governments around the world are using Hacking Team’s software known as Galileo Remote Control System which has been found in over 40 countries.
Galileo Remote Control System is a suite of products that allows Law Enforcement to collect, intercept and monitor anyone’s cell phone conversations, emails and even listen to their Skype calls, and remotely switch on their target’s webcam and microphone. Essentially these tools allow the Law to institute a man-in-the-middle attack where they intercept information as it travels between people and systems on the internet anywhere in the world.
Morgan Marquis-Boire, Senior Researcher and Technical Advisor at the Citizen Lab explain that “this so-called lawful intercept software is being used around the world and has been seen to target ‘political’ rather than ‘security’ threats”. He cites cases where British-born Bahraini activist Ala’a Shehabi was targeted. So were Citizen Journalists targeted. In fact it would seem that Journalists are a particular favorite target by governments. “I don’t know what Journalists did to the Governments, but they sure don’t like you people”.
So simple to deploy
Sergey Golovanov , Principal Security Researcher & Analysis Team at Kaspersky Lab, states that the software is so easy to use and deploy that it is “almost too easy”. The government has to simple create an Agent which is the malware and this is deployed. Once out in the wild, this malware is able to avoid detection and report back to the Command and Control Server where information is extracted from the targeted device.
Sergey showed the following screenshots which he says are more than likely to be the actual software. Note how simple and intuitive the software is allowing the creator of the malware to enable or disable many features such as recording Calls (Phone, Skype, MSN), Recording Messages (Mail, SMS, Chat), Access Files, Screen shots, GPS location, Contact and Calendars, Website history, Keylog of mouse and capture passwords, remotely activate the camera and the mouse.
Once deployed on the target’s phone, the operator then has access to screens such as these:
What is of particular interest is just how MOBILE these hacking capabilities have become. All Operating Systems are vulnerable with Android being the top hacked system. However the list does include iOS -especially those that have jail-broken their phones (although that is not a barrier to the malware software). The only operating system that has had not reported vulnerabilities is BlackBerry 10.
Some of the configurations that the Kaspersky Team found were the following commands that the malware would issue the mobile phone:
On startup – enable GPS
On SIM change – record calls
On power connection – turn on live microphone
On power connection and On WiFi network – turn on live mic and start taking camera shots every second
The Hacking Team Policy
Hacking Team doesn’t just sell their products to anyone. They only sell to government agencies and not to individuals or private businesses. At least that is what their Customer Policy says:
Since we founded the Hacking Team, we have understood the power of our software in law enforcement and intelligence investigations.
We also understand the potential for abuse of the surveillance technologies that we produce, and so we take a number of precautions to limit the potential for that abuse.
We provide our software only to governments or government agencies. We do not sell products to individuals or private businesses.
We do not sell products to governments or to countries blacklisted by the U.S., E.U., U.N., NATO or ASEAN.
We review potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.
We have established a panel of technical experts and legal advisors, unique in our industry, that reviews potential sales.
In HT contracts, we require customers to abide by applicable law. We reserve the right in our contracts to suspend support for our software if we find terms of our contracts are violated. If we suspend support for HT technology, the product soon becomes useless.
We will refuse to provide or we will stop supporting our technologies to governments or government agencies that:
- We believe have used HT technology to facilitate gross human rights abuses.
- Who refuse to agree to or comply with provisions in our contracts that describe intended use of HT software, or who refuse to sign contracts that include requirements that HT software be used lawfully.
- Who refuse to accept auditing features built into HT software that allow administrators to monitor how the system is being used.
So what does this mean?
Essentially this means that the government has the technical ability to access our phones and computers at will.
But do we care ?
I asked Kaspersky: “In a world where we need to balance the ability for Government to have access to information to protect its citizen, how do you respond to people who say that they are doing nothing wrong so why should they care if the government can access their stuff?”
David Jacoby, Senior Security Researcher at Kaspersky Lab disagrees with the notion of “You shouldn’t worry if you have nothing to hide” as he says that “the right approach in a democracy is not having mass surveillance of a government against its own population, especially when targets are opposition members or activists, but to target and investigate suspects with the supervision of a judge.”
Kaspersky new suite of Internet Security products has new features such as being able to detect when someone tries to remotely activate your computer’s webcam or records your keystrokes or remotely enables your microphone. These will also detect when the Hacking Team software tries to activate malware on your devices. Which technically means it keeps the government out of your business.
David sums up “Kaspersky Lab products protect their users from malware. We don´t believe there is such a thing as good or bad malware. We do not care about the origin of any malware, and we cannot make any judgment on this. Rather, we will detect any malware and protect our users to the best of our ability.”