Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] OFFTOPIC Re: Mapping Hacking Team’s “Untraceable” Spyware

Slim Amamou slim at
Mon Feb 17 05:25:24 PST 2014

Your HTTPS server does not support TLS1.2 which is annoying since it became
the default security standard in Firefox 27 (since Snowden revealed that
commonly used encryption in https servers and clients is vulnerable)

Here's a working URL :

You don't need https for public content, generally

On Mon, Feb 17, 2014 at 1:39 PM, Ronald Deibert <r.deibert at>wrote:

> Dear LibTech
> On behalf of the Citizen Lab I am pleased to announce the second in a
> series of posts about Hacking Team,
> authored by Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and
> John Scott-Railton.  The summary
> is pasted below.
> Here is the link to the full report:
> Cheers
> Ron
> Mapping Hacking Team’s “Untraceable” Spyware
> *February 17, 2014*
> Categories: Reports and Briefings<>
> , Research News <>
> *Authors:* Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and
> John Scott-Railton.
> *This post is the second in a series of posts that focus on the global
> proliferation and use of Hacking Team’s RCS spyware, which is sold
> exclusively to governments.*
> Summary
>    - Remote Control System (RCS) is sophisticated computer spyware
>    marketed and sold exclusively to governments by Milan-based Hacking Team.
>    1<>  Hacking
>    Team was first thrust into the public spotlight in 2012 when RCS was used
>    against award-winning Moroccan media outlet Mamfakinch,2<> and
>    United Arab Emirates (UAE) human rights activist Ahmed Mansoor.3<> Most
>    recently, Citizen Lab research found that RCS was used to target Ethiopian
>    journalists in the Washington DC area.4<>
>    - In this post, we map out covert networks of “proxy servers” used to
>    launder data that RCS exfiltrates from infected computers, through third
>    countries, to an “endpoint,” which we believe represents the spyware’s
>    government operator; this process is designed to obscure the identity of
>    the government conducting the spying.  For example, data destined for an
>    endpoint in Mexico appears to be routed through four different proxies,
>    each in a different country.  This so-called “collection infrastructure”
>    appears to be provided by one or more commercial vendors — perhaps
>    including Hacking Team itself.
>    - Hacking Team advertises that their RCS spyware is “untraceable” to a
>    specific government operator.  However, we claim to identify a number of
>    current or former government users of the spyware by pinpointing endpoints,
>    and studying instances of RCS that we have observed.  We suspect that
>    agencies of these 21 governments are current or former users of RCS:
>    Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea,
>    Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia,
>    Sudan, Thailand, Turkey, UAE, and Uzbekistan.  Nine of these countries
>    receive the lowest ranking, “authoritarian,” in *The Economist*’s 2012
>    Democracy Index.5<>  Additionally,
>    two current users (Egypt and Turkey) have brutally repressed recent protest
>    movements.
>    - We also study how governments infect a target with the RCS spyware.
>     We find that this is often through the use of “exploits” — code that takes
>    advantage of bugs in popular software.  Exploits help to minimize user
>    interaction and awareness when implanting RCS on a target device.  We show
>    evidence that a single commercial vendor may have supplied Hacking Team
>    customers with exploits for at least the past two years, and consider this
>    vendor’s relationship with French exploit provider VUPEN.
> Ronald Deibert
> Director, the Citizen Lab
> and the Canada Centre for Global Security Studies
> Munk School of Global Affairs
> University of Toronto
> (416) 946-8916
> PGP:
> r.deibert at
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at

Slim Amamou | سليم عمامو
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list