LONDON (AP) — Law enforcement agencies across the globe are taking a page out of the hacker's handbook, using targets' own phones and computers to spy on them with methods traditionally associated with cybercriminals, two computer security groups said Tuesday.
Drawing on a cache of leaked documents and months of forensic work, two reports about the private Italian firm Hacking Team expose a global network of malicious software implants operated by police and spy agencies in dozens of countries.
"This in many ways is the police surveillance of the now and the future," said Morgan Marquis-Boire, a security researcher with Citizen Lab and a lead author of one of the reports. "What we need to actually decide how we're comfortable with it being used and under what circumstances."
Citizen Lab's work, paired with a report published simultaneously by Moscow-based Kaspersky Lab, helps complete the picture of state-sanctioned surveillance sketched by Edward Snowden's sensational revelations about the National Security Agency and its international allies.
While many of Snowden's revelations dealt with the mass monitoring of communication as it flows across the globe, Hacking Team brags about more aggressive forms of monitoring that let authorities turn people's phones and laptops into eavesdropping tools.
Hacking Team's chief spokesman, Eric Rabe, dismissed the reports as consisting of a lot of old news. Hacking Team's ability to break into iPhones and BlackBerrys is "well known in the security industry," he said in an email.
"We believe the software we provide is essential for law enforcement and for the safety of all in an age when terrorists, drug dealers and sex traffickers and other criminals routinely use the Internet and mobile communications to carry out their crimes," he said.
Rabe invoked Hacking Team's customer policy, which says the company sells only to governments which it screens for human rights concerns. A company-established panel — whose membership Rabe declined to specify — checks out every potential client. While Hacking Team realizes that its software can be abused, the policy says the company takes "a number of precautions to limit the potential for that abuse."
Those precautions haven't prevented copies of Hacking Team's malicious software from being used to target more than 30 activists and journalists, according to a tally maintained by Citizen Lab, a research group based at the University of Toronto's Munk School of Global Affairs.
Citizen Lab's report provided an unusual level of insight into how the malware operates, showing how devices can be compromised through booby-trapped emails or infected USB sticks, or even pushed onto handsets by a pliant telephone company.
Screenshots released by Citizen Lab appear to show a control panel complete with on-off switches for recording text messages, calls, keystrokes and visited websites. Other options open to Hacking Team's customers include the ability to force infected phones to take regular pictures or video and to monitor the position of an infected handset via Google Maps, effectively turning a target's phone into both a hidden camera and a tracking device.
Continue reading this story on the...