Monday, July 6, 2015

Leaked Emails: How Hacking Team And US Government Want To Break Web Encryption Together

Get ready America: one of the most notorious surveillance providers on the planet, Hacking Team TISI NaN%, is expanding in earnest on US shores. And, if it hasn’t collapsed as a result of a hugely embarrassing attack on its servers, the likes of the FBI, Drug Enforcement Agency and a slew of other US government departments will welcome the controversial company with open arms as they seek to break common encryption across mobiles and desktops.

In response to the demand, Hacking Team is promising capabilities to crack Apple AAPL -0.29% iPhones, Google GOOGL -0.24%Android devices, and the encrypted anonymising network Tor, whilst poking at the security of mobile apps such as Wickr.

This is all according to leaked emails seen by FORBES today, the result of a hack on Hacking Team, a Milan-based outfit that has been criticised for selling to regimes with questionable human rights records, from Sudan to Bahrain to Egypt and beyond. The messages came from the email account of Eric Rabe, Hacking Team’s communications chief, who was unavailable for comment at the time of publication.


Rabe details a close working relationship between Hacking Team and the US government in his emails, talking up its previously-reported work with the DEA. An email from 20 May indicated that the formation of Hacking Team USA, likely to arrive this summer if the hack hasn’t derailed the plans, would not change the working relationship with the DEA, which includes intensive training operations in Bogota, Columbia.
“One or two Washington officials plan to be in Bogota in late June to review operations there,” Rabe said.

The FBI, however, isn’t such a serious customer, according to the correspondence. “The FBI unit that is using our system seems like a pretty small operation and they have purchased RCS as a sort of back up to some other system they use,” Rabe noted.

Talking about a 7 May meeting in Quantico, Virginia,where the FBI Academy is based, operations manager Daniele Milan said the FBI saw the Galileo hacking hacking tool, a Swiss army knife for digital spies created by the Italian organisation, as a “nice-to-have” used for “low-level” investigations.



Milan said the FBI was still keen on new features in future Hacking Team products, in particular those that target Tor, which has been used to host criminal activity, but is also widely used by activists to keep identities safe. “They [the FBI] continue to be interested in new features all the more related to TOR, VPN [virtual private networks] and less-click infections. In the past their targets were 20 per cent on TOR, now they are 60 per cent on TOR. They want to be able to catch the IP of their targets using TOR,” Milan added. She expressed dissatisfaction at missing out on a slice of $600,000+ of the FBI’s budget for “legal interception” technologies.

Work with the US Army was also troubled. According to an email found by ACLU principal technologist Christopher Soghoian, the government body signed a deal in 2011 to use Hacking Team but its budget was cut and it hadn’t been able to get the system working as it hadn’t been given permission to connect the Hacking Team server to the internet.

Another Milan mail from 21 May discusses a meeting with the Metropolitan Bureau of Investigation of Orlando, FL. It appears more business with the US government is on the way. “We briefly met the Director of the MBI, who ackwnoledged [sic] the need for a solution like ours. [NAME REDACTED] agreed and was positive in finding budget, along the lines of the new price list. They are interested in 10 conc. targets to being with, while infection vectors are still to be evaluated.”

Targeting Apple and Google phones
Hacking Team is planning on impressing with more offensive technologies as it builds its business in America. One email dated 30 January, from Milan, outlined a roadmap to be sent to customers. It reads: “It goes without saying that we are continuously looking for solutions to attack unjailbroken iPhones and install our agents on Android easier than it is possible today. We are confident we will have good news on that soon.”

Other files released by the unknown hacker crew on Sunday indicated various efforts to crack iPhones, including attempts to exploit the Newsstand app and use of publicly released jailbreak code, which releases iDevices from Apple control with offensive security techniques. Hacking Team also appeared to have its hands on an official Apple developer certificate, possibly to install its malware, known as Galileo or Remote Control System (RCS).


Some in-depth notes on the level of exploitation across a number of Android devices, from the likes of Samsung, HTC and Huawei, were also included in the epic 415GB dump. It appears the exploits weren’t always successful in accessing voice or texts on phones.

That same Milan email from January indicated some imminent features in Hacking Team’s tools included “physical infection of BitLocker protected disks”, thereby bypassing the much-used Microsoft disk encryption technology, as well as “extraction of information from pictures posted on Facebook and Twitter”. It will also soon be able to “capture of documents edited using Google Docs or Office 365”, the roadmap suggested.

Another email from Milan, dated 15 May, indicated the security-focused messaging application Wickr was on the target list too, thanks to a request from the US government. “I had a call this morning with an agent from Homeland Security Investigations [a body within the Department of Homeland Security], and he told me he got some requests to intercept suspects using this application, Wickr… we may want to keep an eye on it and eventually evaluate to add support.”

Hacking Team founder: the ‘dark net’ is for criminals
Hacking Team CEO David Vincenzetti, going by his emails, certainly considers anti-surveillance technologies concomitant with evil. He has a particular loathing for Tor, which some call the “dark net”.

On 1 June, he said in an email to Rabe that “neutralizing encryption platforms such as the DARKNET [sic] is a totally novel technology outside our flagship product, that is, Remote Control System/Galileo. We have recently invented, and we are presently inventing, much more. Again, the capacity to innovate is our best skill.”

On 31 May, in an email discussing the life sentence handed to Silk Road drug bazaar founder Ross Ulbricht, Vincenzetti said it was an “EXEMPLARY punishment. This is JUST. This IS the Justice we need.”

“The DARKNET is 99 per cent used for all kinds of illegal, criminal, terrorist activities. BitCoin and its ‘evolutions’ are key to DARKNET’s marketplaces. Regardless some gullible investors and a few ruthless  entrepreneurs are leveraging on such new technologies, anonymous currencies should be highly regulated by the Government, the sooner the better.”

In another, the Hacking Team CEO on 15 May claimed renowned cryptographer Bruce Schneier was “exploiting the Big Brother is Watching You FUD (Fear, Uncertainty and Doubt) phenomenon in order to sell his books, write quite self-promoting essays, give interviews, do consulting etc. and earn his hefty money.”

Vincenzetti appears to revel in his status as an overlord of the surveillance state too. In one mail from May, he boasted: “Definitely, we are notorious, probably the most notorious name in the offensive security market. This is great.”

The US government, despite the founder’s brazen attitude, and the anger caused by Hacking Team’s work with the likes of Sudan and Bahrain, has spent a large sum on the technology in its bid to track criminals and foreign threats. Vincenzetti’s opinions do chime with some of those in Washington D.C., namely FBI director James Comey, who has repeatedly called on technology companies, from Apple to Google, to cease providing strong encryption or at least provide the US with backdoor access to people’s phones.

A document obtained by the International Business Times indicated the FBI, which signed on initially in 2011, had spent nearly $700,000 on Hacking Team. Its contract was up last month, though, as noted, it could well sign another deal soon. The Department of Defense had spent $190,000 since 2011, even though its kit wasn’t even working and it’s unclear if it was ever switched on. The DEA has thrown $567,000 at Hacking Team since 2012 and it’s contract is running up to at least December this year.
The DEA said it had no comment on the matter. Neither of the two other government agencies named above had responded to requests for comment at the time of publication.

Spying is a profitable business. Hacking Team will hope it can stay alive after this devastating breach so it can build its profit in the booming surveillance industry of the US.



No comments:

Post a Comment