Hackers For Government Hire: A Growing and Deeply Disturbing Industry

Wikileaks recently continued the release of what they refer to as the “Spy Files.” These files provide a look into some of the companies behind the rapid commercialization of the spy equipment industry, who’s clients include repressive governments and dictatorial regimes around the world. In a press release announcing these files Wikileaks states:

Across the world, mass surveillance contractors are helping intelligence agencies spy on individuals and ‘communities of interest’ on an industrial scale.

The Wikileaks Spy Files reveal the details of which companies are making billions selling sophisticated tracking tools to government buyers, flouting export rules, and turning a blind eye to dictatorial regimes that abuse human rights.

One of the companies highlighted is an Italian based company called Hacking Team, a firm I had never heard of or read about until I came across an article from The Verge yesterday. What I read was pretty terrifying. The Verge explains that:

In 2001, a pair of Italian programmers wrote a program called Ettercap, a “comprehensive suite for man-in-the-middle attacks” — in other words, a set of tools for eavesdropping, sniffing passwords, and remotely manipulating someone’s computer. Ettercap was free, open source, and quickly became the weapon of choice for analysts testing the security of their networks as well as hackers who wanted to spy on people. One user called it “sort of the Swiss army knife” of this type of hacking.

Ettercap was so powerful that its authors, ALoR and NaGA, eventually got a call from the Milan police department. But the cops didn’t want to bust the programmers for enabling hacker attacks. They wanted to use Ettercap to spy on citizens. Specifically, they wanted ALoR and NaGA to write a Windows driver that would enable them to listen in to a target’s Skype calls.

That’s how a small tech security consultancy ended up transforming into one of the first sellers of commercial hacking software to the police. ALoR’s real name is Alberto Ornaghi and NaGA is Marco Valleri. Their Milan-based company, Hacking Team, now has 40 employees and sells commercial hacking software to law enforcement in “several dozen countries” on “six continents.”

Today, Hacking Team’s flagship product, Da Vinci, enables law enforcement at federal, state, or local levels to collect heaps more data than the National Security Agency’s controversial PRISM program is reportedly capable of gathering. With Da Vinci, the police can monitor a suspect’s cell phone conversations, emails, and Skype calls, and even spy on the target through his or her webcam and microphone. It’s as if the investigator were standing behind a suspect using their computer.

Now check out the Hacking Team’s promotional video. One word: Creepy.

To protects us from the terrorists I’m sure.

Full article here.

In Liberty,
Mike

Follow me on Twitter!

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G


Follow me on Twitter.

4 thoughts on “Hackers For Government Hire: A Growing and Deeply Disturbing Industry”

  1. I’m a computer security expert; my current position is senior consultant at an information assurance firm. If anyone would like to ask me any questions regarding my opinion on this or similar issues, feel free to ask.

    For what it’s worth, there’s quite a few of these “swiss army knife” tools out there that are free (as in available, not free of cost) to the public, but generally are funded somehow by defense related companies. You can find some of them by searching for “metasploit”, “IDA Pro”, “nmap”, “Core Impact Pro”, “burp suite”, “wireshark”, and “maltego”.

    Those products, and ettercap, really aren’t as scary as they sound. I’ve used almost all of those in my work. They almost all require a very good vantage point in a network to take advantage of them. In other words, you need to already have serious control over the network before you can exploit these tools. Of course, our favorite benefactors at the NSA all have these vantage points, and that is what we should be truly scared of.

    Because the NSA is so powerful and omnipresent, many technologies design to protect you from bad guys just don’t do the trick if you’re trying to preserve what’s left of your 4th amendment rights. Furthermore, they have an extraordinary budge and expertise in cryptography and security. You can all safely assume that the NSA can decrypt any traffic you emit on the Internet, either because they’ve compromised trusted infrastructure (DNS or root certificate authorities) or they’ve literally broken the underlying cryptography.

    Cheers.

    Reply
  2. Apple’s Fingerprint ID May Mean You Can’t ‘Take the Fifth’

    There’s a lot of talk around biometric authentication since Apple introduced its newest iPhone, which will let users unlock their device with a fingerprint. Given Apple’s industry-leading position, it’s probably not a far stretch to expect this kind of authentication to take off. Some even argue that Apple’s move is a death knell for authenticators based on what a user knows (like passwords and PIN numbers).

    While there’s a great deal of discussion around the pros and cons of fingerprint authentication — from the hackability of the technique to the reliability of readers — no one’s focusing on the legal effects of moving from PINs to fingerprints.

    Because the constitutional protection of the Fifth Amendment, which guarantees that “no person shall be compelled in any criminal case to be a witness against himself,” may not apply when it comes to biometric-based fingerprints (things that reflect who we are) as opposed to memory-based passwords and PINs (things we need to know and remember).

    The privilege against self-incrimination is an important check on the government’s ability to collect evidence directly from a witness. The Supreme Court has made it clear that the Fifth Amendment broadly applies not only during a criminal prosecution, but also to any other proceeding “civil or criminal, formal or informal,” where answers might tend to incriminate us. It’s a constitutional guarantee deeply rooted in English law dating back to the 1600s, when it was used to protect people from being tortured by inquisitors to force them to divulge information that could be used against them.

    http://www.wired.com/opinion/2013/09/the-unexpected-result-of-fingerprint-authentication-that-you-cant-take-the-fifth/

    Reply

Leave a Reply