Leaked Demo Video Shows How Government Spyware Infects a Computer (vice.com) 116
An anonymous reader quotes a report from Motherboard: Motherboard has obtained a never-before-seen 10-minute video showing a live demo for a spyware solution made by a little known Italian surveillance contractor called RCS Lab. Unlike Hacking Team, RCS Lab has been able to fly under the radar for years, and very little is known about its products, or its customers. The video shows an RCS Lab employee performing a live demo of the company's spyware to an unidentified man, including a tutorial on how to use the spyware's control software to perform a man-in-the-middle attack and infect a target computer who wanted to visit a specific website. RCS Lab's spyware, called Mito3, allows agents to easily set up these kind of attacks just by applying a rule in the software settings. An agent can choose whatever site he or she wants to use as a vector, click on a dropdown menu and select "inject HTML" to force the malicious popup to appear, according to the video. Mito3 allows customers to listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard. The company's employee shows how such an attack would work, setting mirc.com (the site of a popular IRC chat client) to be injected with malware (this is shown around 4:45 minutes in). Once the fictitious target navigates to the page, a fake Adobe Flash update installer pops up, prompting the user to click install. Once the user downloads the fake update, he or she is infected with the spyware. A direct link to the YouTube video can be found here.
Authenticity? (Score:1)
Why should the purported "spyware" be able to do anything real, when tax payer money is easier to grab than ever before?
Re: Authenticity? (Score:1)
You just dont get it, son
Info on how access is obtained? (Score:5, Interesting)
In the video it shows that the fake flash installation is to avoid the certificate warnings about the mitm attack. Yet how is the mitm set up? Have they gained access to network devices or another section of this network
Re: (Score:1)
Re: (Score:2)
On my computer? Not bloody well.
Re: (Score:2)
Re: (Score:2)
All kinds of heuristic and behaviour tests are sold by different AV brands globally. So its best to just attempt to look like random expected malware and go after one silly click happy user.
If the AV detects the intrusion, its just random malware. No other AV detection is escalated, nobody starts looking as the AV brands know.
Often the users must be ready to click or it would not be offered as is?
Re 'sneak i
really? (Score:2, Interesting)
it relies on popups to work?
Re: (Score:2)
Why not? People are stupid and click everything.
YFN super secret spyware == social engineering (Score:1)
Slick tricks to trick user to downloading and installing malware.
Re: (Score:2)
Aka Redneck-Virus. Please click here for infection.
Government? (Score:3)
Re:Government? (Score:5, Informative)
This was intentionally leaked. People who watch this video are going to think the govt hackers are some retards. They aren't showing you the Microsoft backdoor that NSA uses to access Microsoft's CEIP data, or the one to access any windows PC. MS has in the legal fine print they are allowed to enter your computer remotely and even run programs. This would also include anyone MS wishes to also give access to.
Re: (Score:2)
Yeah, I was looking for that too.
It's a standard malware app (badly) arranged to look good.
Re: (Score:1)
So you're saying... (Score:2)
How Government Spyware Infects Microsoft Windows (Score:3, Informative)
The article forgot to mention the malware only 'infects' Microsoft Windows desktops.
Re:How Government Spyware Infects Microsoft Window (Score:5, Funny)
Re: (Score:1)
Defendable (Score:2)
Re:Defendable (Score:5, Interesting)
Re: (Score:2)
I am a bit alarmed firefox v48.0.2 didn't seem to complain that the certificate passed wasn't the same as the certificates my site has pinned. I wonder if this is a configuration issue on my end or if I'm misunderstanding the way key-pinning should work.
This is the comment that deserves +6 Informative this year. Thank you.
Re: (Score:2)
HSTS isn't relevant in this case (HTTPS using the Fiddler certificate is still HTTPS), but it does seem like HPKP isn't working correctly there. Assuming you'd previously visited your site without Fiddler interpositioning, within the pinning max-age interval.
Oh, wait: I should have checked the docs first. Mozilla says:
As usual the attacks should not work (Score:5, Insightful)
The problem as usual is that people are not educated in security. Anybody being a minimum of paranoid would refuse to install a plugin like that froma random web page. Heck flash would probably not work from a random web page.
Re: (Score:2)
The problem as usual is that people are not educated in security. Anybody being a minimum of paranoid would refuse to install a plugin like that froma random web page.
You'd hope, but most of my friends and all of my family are not IT people and they cover the spectrum from "skeptical about random popups" to "likely to click on anything that pops up with a dire warning telling them they need to click on it immediately". In general people that don't work in IT just don't care about security on their PCs and they grossly underestimate the danger. My brother is a pretty smart guy but he works in sales and over a decade ago he ran an old Win 98 PC at home that he made no at
False! (Score:1)
Flash updates, that look exactly like that, are notorious for "randomly" popping up and requesting installation when trying to work, whether on a web page or not. These Falsh updates are so frequent that even I would not give much thought to one randomly popping up after I opened a browser.
I've seen many fake Flash install attempts and this one is flawless. The Flash install pop-up looks entirely real. The source URL for the Flash install shows Adobe. This source URL is not quite normal behavior, but only t
Re: (Score:1)
Thumbnails are stored in your home directory, in a subdirectory named, appropriately enough, .thumbnails.
If you get a popup in bash (whatever that is; bash is text-only terminal so are you talking about some kind of a window made out of text characters) that asks you for root access to deal with some kind of thumbnails, there's something that either nefarious or really unusual happening and I would be giving a lot of thought to how to proceed before entering the root password at that point.
Re: (Score:3)
The problem as usual is that people are not educated in security.
We could blame the victims, or we actually point the finger at the company making the computer intrusion tools and the government agencies that fail to prosecute them for aiding and abetting crimes.
Hey, Adobe - how about you destroy this company in court for misappropriation of trademark and willful destruction of reputation? It would be small penance for never doing a massive security audit of flash-plugin.
Would this infect a Chromebook? (Score:2)
Would this infect a Chromebook? I am told they are virus proof.
Flash is reason why I use Chrome... (Score:2)
Chrome has a built in Flash player. Always updated.
So when I see a "you must update Flash" i know it's bogus, since I'm already updated. I tell my family this, since they're non-techies and wouldn't be able to tell a legit popup from a fake. (Im not going to be 100% either).
Oh and Chrome sandboxes its built-in flash better than the plugin can.
Re: (Score:1)
government! (Score:4, Funny)
A Hack for Darwinism.. (Score:1)
Re: Why are you people so worried about this? (Score:3, Insightful)
Sir, your stupidity is pegged off, scale high.
Re: (Score:2)
Ah, I think you missed the sarcasm in the parent post.
Re: Why are you people so worried about this? (Score:5, Insightful)
That's probably because a lot of people say the exact same thing without being sarcastic at all.
Re: (Score:1)
An excellent illustration of Poe's Law in fact. https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:1)
So no one has ever used or would ever use their position/knowledge for person gain or personal reasons? Would you trust your neighbor with this or anyone you went to highschool with this? The government is made of people and people make mistakes... a lot of mistakes.
Re: Why are you people so worried about this? (Score:2)
I think it's time for are computers so I have the open-source bias software. At least with the open source software we have a chance of ensuring that there is no hacked code to usurp our privacy.
I am more concerned about hacking the Intel or AMP CPU.
Re: (Score:2)
Mmm.... 5/10 on the troll scale. Good effort, lots of triggers, but overused.
Re:Why are you people so worried about this? (Score:4, Insightful)
We've already seen too many abuses of these powers.
Re: (Score:3)
Re:Why are you people so worried about this? (Score:5, Insightful)
Unless you're clearly up to no good, you don't have to worry about spyware like this.
You mean up to no good like Angela Merkel [theguardian.com], Chirac, Sarkozy and Hollande the last three French presidents [liberation.fr], and 35 world leaders [theguardian.com]?
But of course you don't need to be a celebrity or a politician to be up to no good. You could be trying to help people through a humanitarian organization like the Red Cross, Doctors Without Borders [nella.org], [dailykos.com], or you could just have said something bad about the government of a minor island [theintercept.com], etc.
And even if you're not one of the above 'bad people', you could simply be one of the 90% of people [mashable.com] who are collateral surveillance victims. So no, you don't need to be up to no good to be under surveillance and that's something to be concerned about.
Re: (Score:3)
yes and the parent to this comment ignores the fact that those governments also spy on the USA.
And you ignore the fact that they're not bugging the phones of our highest elected officials. But its 'OK' for the US to do it to them.
American Exceptionalism is largely about treating even your allies like vassal states.
Re: (Score:2)
All you have to do to be the target of spyware like this is "be interesting", or an unfortunate collateral in the quest towards someone who is interesting. "Interesting" here is rather loosely defined and can basically encompass most of the world population.
Re: Why are you people so worried about this? (Score:1)
Re:Why are you people so worried about this? (Score:5, Insightful)
Re: (Score:2)
"If you have nothing to hide you have nothing to fear".
If you had nothing to hide you would be perfectly willing to wander round naked all the time and have no curtains on your windows. You'd be willing to install microphones in all the rooms in your house and let any passer-by listen in. You'd be willing to give me your online banking details.
I could go on. Yes I have something to hide. We all do.
What I legitimately have to fear is unauthorized access to the notes I keep for my needs, such as bank account numbers, insurance policies, driver permit info, etc. Data that I suppose should not reside within a cellphone.
Here is something I would like to address about security. Since I believe that there is no stopping government invasion of privacy.
We should be able to get an open-source computer bios. A bios that is trimmed down severely, and where the major half of the bios is open source code residing
Re: (Score:2)
The government doesn't have time to investigate most people. Unless you're clearly up to no good, you don't have to worry about spyware like this. I've never understood why Slashdot users are so paranoid about this type of surveillance. What exactly are you hiding? Terrorism? Illegal porn? Money laundering with Bitcoins? If you weren't breaking the law, you wouldn't have anything to be concerned about.
You assume the only thing it might be used for is terrorism or crime. What if it is a political faction listening in to another one?
That is what happens in most of the world, and why the bulk of the US Constitution was formulated around not giving the king the tools to root through the stuff of their political opponents.
With no tracking or logging, and little more than a checkbox for getting a warrant, it is trivial to bypass this. That is the problem.
And even if the US didn't have this problem with 100%
Re: (Score:1)
Of course we, the honest citizens have nothing to worry about from software like this.
People who believe that monitoring occurs in the manner shown in this video are the same people who think we have nothing to worry about regarding mass surveillance. Those who are aware are concerned about something else. This is not how we lose our freedoms on mass.