What's new

Hacking Team hacked: The Pakistan connection, and India's expansion plan

Jango

SENIOR MODERATOR
Joined
Sep 12, 2010
Messages
21,530
Reaction score
99
Country
Pakistan
Location
Pakistan
Consider this: your mobile phone is sending a steady stream of private information and location coordinates to an unknown entity that has included your name on a list of targets to be monitored.

Your computer allows those with a set of very sophisticated, very expensive spyware tools to access your digital life, from saved photos and chat messages to watching and listening to you using your device’s camera and microphone. This massive breach of privacy is virtually undetectable and untraceable.

Now imagine such tools in the hands of the state’s security apparatus.

In a recent report, Privacy International (PI), an organization focused on privacy intrusions, asserted that the government had obtained such surveillance tools from multiple sources, including Ericsson, Alcatel, Huawei, SS8 and Utimaco. There is increasing concern that local Law Enforcement Agencies (LEAs) and intelligence agencies have the ability to intrude into a range of devices to capture data, encrypted or otherwise.

One software that enables such high-level spying is Remote Control System (RCS) — a ‘cyber security’ solution developed by Hacking Team (HT), an Italian IT company notorious for its spy tools that have been sold to countries as far and wide as Sudan, Bahrain, Saudi Arabia, India, Mexico and Russia.

Promotional video Hacking Team released to market RCS
RCS primarily works through the installation of malware, a malicious programme that is remotely transmitted to a device and then used to transfer private data through an internet connection.

Aside from allowing access to photos, emails, chat conversations, social media accounts and passwords, the software can tap phone and Skype calls, take photographs using the infected device’s camera and switch on a device’s microphone – all without the user’s knowledge, and without affecting a device’s battery life.

HT boastfully claims to equip law enforcement agencies solely to “fight crime hidden in the new encrypted digital world”. It repeatedly asserts its RCS hacking software is lawful, and “critical to the work of preventing and investigating crime and terrorism…we serve over 50 clients in more than 30 countries; we have been the first movers and leaders since 2004.”

It was perhaps this notoriety and success that led to HT itself being hacked in July by an anonymous hacker who released 400GB of the company’s data online, of which one million emails have been compiled into a public archive by Wikileaks.

In an attempt at damage control, HT published a message from CEO & Founder David Vincenzetti who admitted there was a security breach, adding that, “the attack on our company was a reckless and vicious crime.”

Enter Pakistan
With HT acknowledging the data leak, the controversial surveillance company’s detailed liaison with global customers has been laid bare - and among the emails are over 1,000 exchanges with a set of actors who claim to be Pakistani contractors representing various state institutions.

Against the backdrop of Privacy International’s report detailing Pakistan’s desire to build a mass surveillance system, these emails reinforce the idea that some elements within Pakistan have purchased, or are in the process of acquiring intrusive hacking tools such as RCS using the names of top LEAs and intelligence agencies.

The email exchanges run from 2011, where HT staff discuss doing business with Pakistan, in which it sees an “exceptional customer”, up to May 2015 where a contractor claims he has received demands from local agencies for surveillance equipment that can be integrated into unmanned air vehicles (drones) and land vehicles.

With many email chains ending abruptly or switching over to phone calls and private meetings online or abroad, the status of RCS being actively used inside Pakistan is currently unknown.

In the examination of emails that follows, the years long exchanges between Pakistan's contractors and HT reveals how the business of surveillance operates, and the dangers it poses.

Hacking Team hacked: The Pakistan connection, and India's expansion plan - Pakistan - DAWN.COM

-------------------------------------------------------------------------------------

This is a looong article, including the Wikileaks emails...do check it out.

I don't know if anyone noticed, but since the past few weeks, there has been a lot of talk going on about ISI hacking and doing cyber espionage and whatnot...this is gonna get interesting...:pop:

@Icarus, any comments youo'd like to add?
 
. .
ive not read the complete article, but bits & pieces... its more of a surveillance, monitoring thing rather then being a hacking stuff... plus this can also be an ethical hacking ... their r alot of companies/individuals who provide such services to diff org around the globe...but one must not completely rule out the possibility of using the same for cyber espionage, unless both parties are bound by a written agreement not to pursue.. i'll read the article in details later :)

Consider this: your mobile phone is sending a steady stream of private information and location coordinates to an unknown entity that has included your name on a list of targets to be monitored.

Your computer allows those with a set of very sophisticated, very expensive spyware tools to access your digital life, from saved photos and chat messages to watching and listening to you using your device’s camera and microphone. This massive breach of privacy is virtually undetectable and untraceable.

Now imagine such tools in the hands of the state’s security apparatus.

In a recent report, Privacy International (PI), an organization focused on privacy intrusions, asserted that the government had obtained such surveillance tools from multiple sources, including Ericsson, Alcatel, Huawei, SS8 and Utimaco. There is increasing concern that local Law Enforcement Agencies (LEAs) and intelligence agencies have the ability to intrude into a range of devices to capture data, encrypted or otherwise.

One software that enables such high-level spying is Remote Control System (RCS) — a ‘cyber security’ solution developed by Hacking Team (HT), an Italian IT company notorious for its spy tools that have been sold to countries as far and wide as Sudan, Bahrain, Saudi Arabia, India, Mexico and Russia.

Promotional video Hacking Team released to market RCS
RCS primarily works through the installation of malware, a malicious programme that is remotely transmitted to a device and then used to transfer private data through an internet connection.

Aside from allowing access to photos, emails, chat conversations, social media accounts and passwords, the software can tap phone and Skype calls, take photographs using the infected device’s camera and switch on a device’s microphone – all without the user’s knowledge, and without affecting a device’s battery life.

HT boastfully claims to equip law enforcement agencies solely to “fight crime hidden in the new encrypted digital world”. It repeatedly asserts its RCS hacking software is lawful, and “critical to the work of preventing and investigating crime and terrorism…we serve over 50 clients in more than 30 countries; we have been the first movers and leaders since 2004.”

It was perhaps this notoriety and success that led to HT itself being hacked in July by an anonymous hacker who released 400GB of the company’s data online, of which one million emails have been compiled into a public archive by Wikileaks.

In an attempt at damage control, HT published a message from CEO & Founder David Vincenzetti who admitted there was a security breach, adding that, “the attack on our company was a reckless and vicious crime.”

Enter Pakistan
With HT acknowledging the data leak, the controversial surveillance company’s detailed liaison with global customers has been laid bare - and among the emails are over 1,000 exchanges with a set of actors who claim to be Pakistani contractors representing various state institutions.

Against the backdrop of Privacy International’s report detailing Pakistan’s desire to build a mass surveillance system, these emails reinforce the idea that some elements within Pakistan have purchased, or are in the process of acquiring intrusive hacking tools such as RCS using the names of top LEAs and intelligence agencies.

The email exchanges run from 2011, where HT staff discuss doing business with Pakistan, in which it sees an “exceptional customer”, up to May 2015 where a contractor claims he has received demands from local agencies for surveillance equipment that can be integrated into unmanned air vehicles (drones) and land vehicles.

With many email chains ending abruptly or switching over to phone calls and private meetings online or abroad, the status of RCS being actively used inside Pakistan is currently unknown.

In the examination of emails that follows, the years long exchanges between Pakistan's contractors and HT reveals how the business of surveillance operates, and the dangers it poses.

Hacking Team hacked: The Pakistan connection, and India's expansion plan - Pakistan - DAWN.COM

-------------------------------------------------------------------------------------

This is a looong article, including the Wikileaks emails...do check it out.

I don't know if anyone noticed, but since the past few weeks, there has been a lot of talk going on about ISI hacking and doing cyber espionage and whatnot...this is gonna get interesting...:pop:

@Icarus, any comments youo'd like to add?
 
.
This is a looong article, including the Wikileaks emails...do check it out.
Thank you for sharing this, it opens up many avenues of questions which are troubling to say the least. That our intelligence uses programs which are double edged swords allowing back doors into our systems or the fact that any person with even a bit of clout can end up laying their hand on the private history of anyone. Read an article on the single message hack vulnerability of android and seeing sent by Samsung mobile at some places is troubling also.
 
.
ive not read the complete article, but bits & pieces... its more of a surveillance, monitoring thing rather then being a hacking stuff... plus this can also be an ethical hacking ... their r alot of companies/individuals who provide such services to diff org around the globe...but one must not completely rule out the possibility of using the same for cyber espionage, unless both parties are bound by a written agreement not to pursue.. i'll read the article in details later :)

That is what the article is saying...surveillance means in effect spying.

Now I know that our country works in a totally different way, but internal spying in the UK by GCHQ or in the US by the NSA is not seen in good light by the public there, and the HR groups and other such organizations would definitely take this issue over here as well.

Especially since this does not have any legal cover in our country. Remember the news piece that ISI was looking to install surveillance equipment on the internet cable landing sites?

My personal opinion on this is that it is something necessary, but then something which needs to be kept in check by some body so that the agencies do not go overboard. In the current scenario in Pakistan it is imperative to keep a check on terror elements who are increasing their use of such VoIP services and other such equipment, such as the Safoora bus attack killers and even TTP, whose cyber equipment has been repeatedly busted in bustling cities.

But then you have to restrict their uses only to people who are actively involved in terrorism only and not on other people to blackmail them or just casual spying, like getting my emails and my passwords and other such information.

So my suggestion would be to make a committee involving military and civilian officials and maybe of some organizations and maybe judiciary which oversees the targets of such surveillance. At least that's better than nothing.

Thank you for sharing this, it opens up many avenues of questions which are troubling to say the least. That our intelligence uses programs which are double edged swords allowing back doors into our systems or the fact that any person with even a bit of clout can end up laying their hand on the private history of anyone. Read an article on the single message hack vulnerability of android and seeing sent by Samsung mobile at some places is troubling also.

Have you seen the series Mr Robot?

In one episode the guy uses a real software to hack into a phone. It's around 10 dollars I think, and you just have to install it into the target phone and voila!
 
.
In one episode the guy uses a real software to hack into a phone. It's around 10 dollars I think, and you just have to install it into the target phone and voila!
Um I have experience using that at a certain time in my life. Install and you get control over a phone and watch as the phone unravels itself. Keyloggers are so old school after one can access the camera and mic.
check out this link
Android phones can be hacked with a simple text - Jul. 27, 2015
Have you seen the series Mr Robot?
Yes I have seen the first 2 episodes.
 
.
That is what the article is saying...surveillance means in effect spying.

Now I know that our country works in a totally different way, but internal spying in the UK by GCHQ or in the US by the NSA is not seen in good light by the public there, and the HR groups and other such organizations would definitely take this issue over here as well.

Especially since this does not have any legal cover in our country. Remember the news piece that ISI was looking to install surveillance equipment on the internet cable landing sites?

My personal opinion on this is that it is something necessary, but then something which needs to be kept in check by some body so that the agencies do not go overboard. In the current scenario in Pakistan it is imperative to keep a check on terror elements who are increasing their use of such VoIP services and other such equipment, such as the Safoora bus attack killers and even TTP, whose cyber equipment has been repeatedly busted in bustling cities.

But then you have to restrict their uses only to people who are actively involved in terrorism only and not on other people to blackmail them or just casual spying, like getting my emails and my passwords and other such information.

So my suggestion would be to make a committee involving military and civilian officials and maybe of some organizations and maybe judiciary which oversees the targets of such surveillance. At least that's better than nothing.



Have you seen the series Mr Robot?

In one episode the guy uses a real software to hack into a phone. It's around 10 dollars I think, and you just have to install it into the target phone and voila!
The title of this article is kinda misleading , You & me both know that there is a difference between spying & hacking.... althou i agree with you that with the current law & order situation we are countering we need to have a surveillance system in place...
 
.
The title of this article is kinda misleading , You & me both know that there is a difference between spying & hacking.... althou i agree with you that with the current law & order situation we are countering we need to have a surveillance system in place...

The title means that the company distributing the software "Hacking Team" got hacked by another hacking group which then distributed the company's emails to wikileaks...
 
.
About mass surveillance: The main reason for mass surveillance is trends prediction with big data, not espionage.
About the article: I don't know why governments are so d*mb to buy this tools and risking leaks when they can code it from zero with a few of programmers quickly, or at least... copy the tools without use the original, with reverse engineering.
 
.
Um I have experience using that at a certain time in my life. Install and you get control over a phone and watch as the phone unravels itself. Keyloggers are so old school after one can access the camera and mic.
check out this link
Android phones can be hacked with a simple text - Jul. 27, 2015

Yes I have seen the first 2 episodes.

Damn...that is indeed scary!

Read the article, and the procedure is that the incoming file is processed by the Android system, so basically, it's what any other malware does, come in with another file and infect the system. Difference here is that you don't need to click the image, it automatically moves...

The software I am talking about from Mr Robot is "flexispy"
 
.
The title means that the company distributing the software "Hacking Team" got hacked by another hacking group which then distributed the company's emails to wikileaks...
i guess i need a STRONG CUP OF COFFEE to wake up .... :coffee::ashamed:
 
.
Damn...that is indeed scary!

THe software I am talking about from Mr Robot is "flexispy"
Phones can be turned on and off at whim now. One should know anything on their laptops, anything done in a room with a laptop or phone is easily monitored. Privacy is not important as security, especially since all those people who use proxies for youtube leave themselves wide open to be hacked or spied on. Have fun while you ponder over that.
 
.
Um I have experience using that at a certain time in my life. Install and you get control over a phone and watch as the phone unravels itself. Keyloggers are so old school after one can access the camera and mic.
check out this link
Android phones can be hacked with a simple text - Jul. 27, 2015

Yes I have seen the first 2 episodes.

One must distinguish between 2 things:
1) Remote administration tools (trojans): keyloggers, mic/cam spy, etc.. there are no mistery in this, and it exists since the first day of computers. It's easy to code by any programmer with networking software coding experience.
2) Bugs/Vulnerabilities/factory backdoors in order to install 1) without user permission. It's not a easy thing like 1.

And if you spy to someone important, the most important is do it without be seen, famous tools dont do this point.
 
.
Phones can be turned on and off at whim now. One should know anything on their laptops, anything done in a room with a laptop or phone is easily monitored. Privacy is not important as security, especially since all those people who use proxies for youtube leave themselves wide open to be hacked or spied on. Have fun while you ponder over that.

Of course, in this world, unless you are a big cyber mojo, you are always vulnerable!
 
.
Quite interesting. It seems as if it is quite easy to spy on someone. Clearly private data is not safe, hacking sounds so exciting. I skimmed through it, @Jango , did LEA's in Pakistan get this technology, according to the article?(i am lazy to read all of it) I wonder how they make such programs.
Um I have experience using that at a certain time in my life. Install and you get control over a phone and watch as the phone unravels itself. Keyloggers are so old school after one can access the camera and mic.
check out this link
Android phones can be hacked with a simple text - Jul. 27, 2015

Yes I have seen the first 2 episodes.
Quite scary and eye opening.
 
.
Back
Top Bottom