back to article EXPOSED: Massive mobile malware network used by cops globally

A probe by Citizen Lab at the University of Toronto and computer security firm Kaspersky Lab has uncovered a massive network of mobile malware for all phone types that is sold by an Italian firm to police forces around the world. The malware, dubbed Remote Control System (RCS), was produced by a company called Hacking Team. It …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Unhappy

    Jesus H F*cking Christ.

    That is all.

    1. Rick Giles

      Jesus H Tap Dancing Christ.

      There... FIxed it for you.

      1. Anonymous Coward
        Anonymous Coward

        nah it was right the first time.

        Jesus H F*cking Christ.

        re-fixed it for you.

  2. DougS Silver badge

    Remote operated jailbreak?

    Don't they mean automated? Otherwise it would require that they not only compromise the victim's computer, but also have someone available to "remote operate" the jailbreak when he happens to connect it to.

    I guess if you keep your iOS current you're somewhat safer, as Evasi0n jailbreaks are generally not able to keep up with iOS releases (no 7.1 or 7.1.1 support currently, for instance)

  3. Khaptain Silver badge
    Black Helicopters

    Nokia 3310

    Looking better every day.......

    1. Destroy All Monsters Silver badge
      Thumb Up

      Re: Nokia 3310

      Free donut crumbs and a disused pepper spray can .. now on your phone!

      Unless you keep it simple.

    2. Bartholomew

      Re: Nokia 3310

      Guess what even non smart phones can remotely have their firmware upgraded by telcos.

      The telcos know where you are (triangulation with three base stations has your location within a nanosecond of the distance traveled by radio waves - so about a foot). The location is updated about 24 time a second when you are on a call and about 24 times a minute when you are not.

      And statically they know when you are sleeping and when you are awake. In the telco industry 2am to 4am on a Sunday night/Monday morning is known as dead time that they can do what they like with their network, and almost no phone user would notice any downtime.

      There are many time windows available to remotely upgrade the handset firmware and for the spyware install to go totally unnoticed by owner.

      The FBI in 2006 have used this technique to have some criminals carry around bugs (mic on). And pressing the power off button just runs some code which turn off any blinking lights and powers down the display, the phone is still running the spyware code. Search for "FBI taps cell phone mic as eavesdropping tool"

      1. Sander van der Wal

        Re: Nokia 3310

        Need to make a call, but the battery in the phone. Done, remove the battery.

        1. hplasm Silver badge
          Coat

          Re: Nokia 3310

          If you have to but the battery into the phone, it's probably in the wrong way......

      2. Whitter
        Black Helicopters

        Re: Nokia 3310

        You mean you don't wrap your phone in tinfoil when it is "off"? How quaint! ;)

      3. DougS Silver badge

        Carriers updating firmware

        Bit of an advantage for the iPhone here - carriers can't upgrade your firmware. That may not matter much in the US, but for non-US users, especially those in countries where the carrier is under defacto control of the government, the inability of the carriers to do this could be comforting for dissidents (or criminals)

        Of course, if iPhone use became widespread among the "undesirables" for that reason, the government would ban iPhones, or treat those who have one with increased suspicion.

    3. Richard Jones 1
      Happy

      Re: Nokia 3310

      6230i looks pretty good apart from the shortage of batteries. However the hysteria sounds a little odd. There are what >20 million phones in the UK. Who in hell's name would try to install this on all of that lot except someone who wanted to create a DDOS on their own tracking system. OK, at some point, later than yesterday I will walk the old dog who may get as far as the field and we may or may not walk to the top of the field and back home again. Later the supermarket may take a hit when I buy some groceries and get captured on their video, wow. I might even visit my daughter and granddaughter coming home with two dogs as well as the said humans. fI trackamagic is really lucky they might pick up a message to say I will be there in 2 minutes. Frankly it is easier to work out my movements via traffic cams.

      The biggest problem with most data sets is combing down a huge volume to the maybe one or two bits that are of some use.

      Now some bait for the dodgy down voters.

      If you are in law enforcement, do you want to know every one who uses a cashpoint (you can get that data from the bank anyway and HMRC do have easy access) or the scumbag who robs the darned thing or rips off your, or (more importantly) my account. My money is on catching the scumbag and since their methods are frankly illegal I do not care if they are identified via an initially dodgy method. I only hope that the arrest is solid and the stupid injustice system does not give them a £5 fine and a travel voucher along with indefinite rights to [rob] sorry stay in the country.

      1. JetSetJim Silver badge

        Re: Nokia 3310

        Knowing where everyone is (while on a call) is relatively easy - the company I work for does it all the time. Knowing where everyone is in realtime is hard(er) though. But not impossible. The data volumes aren't that great.

        Knowing where anyone is when they are not on a call is not that straighforward without compromising the phone. You can get some location information, but it's much coarser (typically a collection of cells (location area/routeing area/tracking area, depending on tech) granularity. Thankfully, there's all those "normal" apps that ping the network for updates (weather widgets), location checks (google does this), content updates (email clients), and this can get you back into the "in call" state much more frequently than you'd think, hence getting a better fix on your location.

  4. Crazy Operations Guy Silver badge

    Firewalling cell phone data connections

    I wish there was a method of building a hardware firewall for a cell phone. Crap like this is getting out of hand and I would like the ability to block it. A simple processor between the Phone's main processor and the Radio module would do wonders for mobile security.

    1. adnim

      Re: Firewalling cell phone data connections

      I really don't know enough about Android. Perhaps some tinkering with rild the radio interface layer daemon and its user space library would provide some sort of "x is trying to establish a connection to y. Press ok to allow" dialogue. Perhaps it is possible to code protection into the kernel. I never compiled a kernel for Android though. If I wasn't so lazy or I cared more I might research this. My mitigation is I don't install just any app on my phone. And I never install apps that are nothing more than a gateway to a website.

    2. Allan George Dyer Silver badge

      Re: Firewalling cell phone data connections

      Until you plugged in to an infected computer...

      1. KjetilS

        Re: Firewalling cell phone data connections

        Until you plugged in to an infected computer...

        At least with android you have to enable third party sources _and_ enable developer mode before you can install apps via USB.

  5. Jim O'Reilly

    Warrantless search for $500?

    In many countries, usage of this tool requires a warrant. If it is being used illegally, will that invalidate convictions?

    1. Eddy Ito Silver badge

      Re: Warrantless search for $500?

      One would think it would invalidate a conviction in some countries. It certainly won't invalidate an assassination, political or otherwise as it would be difficult to remove the kiddie porn that only just appeared on the phone three minutes before the bust. If it can be installed remotely I have to assume it can also be removed remotely.

      1. Steve Evans

        Re: Warrantless search for $500?

        Whilst the information gained from the illegal tap would be inadmissible in many courts, the information gained from it might give the "feds" information which could have them sitting across the road and photographing the drug deal... Photographic evidence which they can then use, just as long as they keep quiet about how they happened to be sitting there watching ("We received an anonymous tip" would seem to cover it).

        1. Eddy Ito Silver badge

          Re: Warrantless search for $500?

          At least there will be an easy way to tell the difference between a manufactured 'anonymous tip' and a real one although it won't do much good. If they actually spend resources doing things like surveillance and gathering evidence then it will be obvious the tip is being faked to cover a spy operation. We all know how real anonymous tips get handled.

      2. Don Jefe

        Re: Warrantless search for $500?

        Right? Invalidating assassinations is fucking hard. The best defense I've seen is for the assassin to claim he is a super secret government agent charged with eliminating a doppelgänger, the real person had been dead for years. Presenting the first responders with an invoice really tops it all off nicely.

        The 'body snatcher' defense is good too. The target of the assassination used the blackest of ancient magics, or advanced alien technology (your choice) to swap bodies with the assassin who became enraged when the false entity was using the assassin's previous body to commit horrible crimes.

        Either one of those defenses might invalidate an assassination. It's hard to say really, but if you find yourself facing a judge on charges of attempted assassination either one of those defenses is probably worth trying.

        1. xperroni
          Windows

          Re: Warrantless search for $500?

          Either one of those defenses might invalidate an assassination. It's hard to say really, but if you find yourself facing a judge on charges of attempted assassination either one of those defenses is probably worth trying.

          No.

          Sorry, but I'd rather take my chances with "it wasn't me", "I didn't do it" or "but I have an alibi". Which one would depend on the circumstances, I'd have to play it by the ear.

          PS: That thing on the walls isn't chocolate, it's mold. Stop eating it.

    2. Vimes

      Re: Warrantless search for $500?

      Look up 'parallel reconstruction'. This is a method already used by the DEA when trying to hide the fact that data used to support arrests had originated from within the NSA.

      http://uk.reuters.com/article/2013/08/07/uk-dea-irs-idUKBRE9761B620130807

    3. Ross K Silver badge
      Black Helicopters

      Re: Warrantless search for $500?

      In many countries, usage of this tool requires a warrant. If it is being used illegally, will that invalidate convictions?

      Aww, that's cute. You think law enforcement agencies worry about warrants.

      Just in case you've been on holiday in Antarctica or on Mars for the last few years, you might want to read up on that Edward Snowden guy and the company he worked for.

  6. This post has been deleted by a moderator

  7. Steve Evans

    So.....

    ...accessing computer systems without a warrant is ok now?

    1. Destroy All Monsters Silver badge

      Re: So.....

      Insisting on a warrant is today likely to be decried as "unfair" and possibly "inefficient".

      1. Anonymous Coward
        Anonymous Coward

        Re: So.....

        Insisting on a warrant is today likely to be decried as "unfair" and possibly "inefficient".

        Don't forget the "helping communists/terrorists/whatever" thing..

  8. Don Jefe

    Hacking Team?

    What the hell anti-virus guys? 'Hacking Team'? How the fuck do you not look into 'Hacking Team'? I realize you guys like to do your thing with fancy algorithms and stuff, I get that. But Christ, no company should ever pass up low hanging fruit. They are right there and obviously have a reasonably effective INTERNATIONAL SALES AND MARKETING PRESENCE.

    Tottering Jesus, I hope nobody in the anti-virus field was ever, or will ever be, involved in UN weapons inspections:

    'Mr. Assad, what is this facility labeled 'Chemical Weapons Research and Development' used for?'

    'Oh, that is our Torah printing and kosher dill pickle canning campus. It's terribly boring there, just ignore it.'

    I know a lot of Italians, and they are a surprisingly diverse bunch of people, but there are precisely zero fucking Jedi in Italy. None. At least not any strong enough to Jedi Mind Trick the global anti-virus industry. Hey! Maybe Jedi are the answer 'Help us Obi-Wan, you're our only hope'.

    Alternatively, some college kids who rake through the, free to access, lists of businesses in every country on Earth and look for companies that sound vaguely suspicious. Any company with 'hacking' in their name is at least worth a look, maybe a phone call too? Sure, it might be an axe manufacturing company or maybe a school for journalists, who knows.

    I maintain a murder of Interns just for things like this. I reward them with fewer beatings and sometimes money, for coming up with clever ideas. Some of them are pretty smart, and they'll work for peanuts since they're getting university credit for working in their chosen field. I reckon you anti-virus guys ought to look into some interns too. You guys can borrow some of mine if you'd like. They're disposable, so if you don't like them you can just toss them in the wheelie bin, no need to send them back. Let me know!

    1. Destroy All Monsters Silver badge
      Paris Hilton

      Re: Hacking Team?

      Not sure whether psychotic attack or trying to make sense?

      1. Don Jefe

        Re: Hacking Team?

        Hard to say really. I ask myself that sort of thing all the time, but I don't trust his answers.

      2. xperroni
        Big Brother

        Re: Hacking Team?

        Not sure whether psychotic attack or trying to make sense?

        Psychotic breakdown apart, he does have a point. The company is called "Hacking Team", for the gods' sake. They don't make the slightest effort to disguise what services they offer, either – here, just take a look at their website, which by the way is Google-indexed. Kudos to Kaspersky for mapping the C/C servers, but really, these guys couldn't be more conspicuous if they stuck an "EVIL SCIENTIST LAIR" written sign in their offices' front lawn.

      3. TheOtherHobbes

        Re: Hacking Team?

        >Not sure whether psychotic attack or trying to make sense?

        Also applies globally.

        1. Don Jefe

          Re: Hacking Team?

          Syria exporting the Torah and kosher pickles would be either extremely strange or extremely hilarious, depending on your worldview, but no matter what they told you, it would be madness not to verify what they said. Not looking into the bleeding obvious is one of those things that can really setback a career you know.

          Blame the Interns for my calling them a murder. I tried armada, fleet, gaggle, swarm, pack, herd, collective and a few others, but somebody always complained. Nobody is really sure what to do with murder though. Sometimes I'm rewarded with one of those wonderful 'slow blinks' when I introduce one of my murderers, those make me happy, and sometimes people just walk away, but they don't complain. Nobody complains.

    2. frank ly

      Re: Hacking Team?

      I'm wondering why Syria would have a Torah printing and kosher dill pickle canning campus. Apart from that, it all made sense. Maybe I should be a UN weapons inspector.

    3. xperroni
      Mushroom

      Re: Hacking Team?

      Also, I take issue with using "murder" as a collective for interns. This is derogatory to crows, which are smart, praiseworthy creatures.

      1. Robert Helpmann?? Silver badge
        Childcatcher

        Re: Hacking Team?

        How about "an ineptitude of interns" or perhaps "a submission of interns?"

        1. h4rm0ny
          Thumb Up

          Re: Hacking Team?

          Let's cut straight to the essential attribute and call them a Cheapness of Interns.

          (Beautiful post, btw).

  9. PunkTiger
    Black Helicopters

    Y'know, the more I read about things like this, the longer I'll hang on to my venerable Motorola V600.

    1. xperroni
      Coat

      Ah, the V600. My one-and-only clamshell cellphone, really digged it. Then one day it slipped off from the holster and into the ground. Wasn't quite the same ever again.

  10. oblivion
    Thumb Down

    Prosecute the cops

    If a device is found to contain this malware and no court order or warrant exists, then the police should be prosecuted to the fullest extent possible for unauthorized access and illegal wiretapping, just as any malicious hacker would be.

    1. vagabondo
      Black Helicopters

      Re: Prosecute the cops

      "the fullest extent possible"

      The devil is in the detail.

      Could this be a case for a new breed of secret courts? Instead of keeping the accused and defence out, only the defence would have access to the evidence, charges, etc. The prosecution would be denied access in the interests of national, security, efficiency, respecting the needs of the establishment, etc.

    2. Hans 1 Silver badge
      Big Brother

      Re: Prosecute the cops

      >If a device is found to contain this malware and no court order or warrant exists, then the police should be prosecuted to the fullest extent possible for unauthorized access and illegal wiretapping, just as any malicious hacker would be.

      I totally agree, fsck, really ... now, just remind me, where do you go to report this ? You really think you'll get away with it ? Good luck ...

  11. skeptical i
    Big Brother

    *sigh* I suppose it was just a matter of time, huh. :\

    "We gave you myspace, fecebook, twaddle, and so many ways to make it easy for you to give us your info on your timetable and think you were still in control, but not all of you fell for it.

    So now we're getting Serious.

    If you have nothing to hide, you have nothing to fear.

    All your everything are belong to us, citizen."

  12. Rick Giles
    Pirate

    McAfee EMM

    We have our McAfee EMM set to perform a Jail break status check on our iOS devices every 90 days. I wonder if I'm going to start seeing a lot of my users devices going to Non Compliant in the console soon...

    Or is this thing just that stealthy?

    1. Anonymous Coward
      Anonymous Coward

      Re: McAfee EMM

      Doesn't installing anything from McAfee mean that you have handed up your secrets?

      1. Pascal Monett Silver badge

        Not necessarily. It does, however, mean that whatever you installed it on will be almost unusable from that point on.

  13. Anonymous Coward
    Anonymous Coward

    Ios it's a wonderful thing

    Isn't it! And this puts a whole new accurate dimension to fan droids :p

    Anonymously, just like my phone.

  14. oblivion
    Alert

    Another reason to root your phone

    Not only will it give you more access and awareness of running processes, but you can block IPs by adding them to the hosts file on the device and redirecting them. Now let's have the IPs of those command and control servers. Also another reason to run Cyanogen.

    1. Hans 1 Silver badge

      Re: Another reason to root your phone

      Surely you know /etc/hosts.deny, right ? No need to redirect ... just sayin'

  15. vagabondo
    Big Brother

    If this is available to the "goodies"

    then it is almost definitely available to the baddies. If the local cops have access to the average citizens mobile communications, I would be surprised if Big Crime was not monitoring state prosecutors, investigators, and other criminal organizations. Or is there already a defence against RCS, and its real use is to spy on the average citizen and politician?

    1. Don Jefe

      Re: If this is available to the "goodies"

      Of course it's available to the 'bad guys'. Selling your stuff to both sides of an ongoing conflict is one of the core precepts in any sort of weapons provisioning endeavor. Guns, aircraft, missiles, software, whatever, sales to the 'good guys' cover all your operating expenses and sales to 'bad guys' are 98% pure profit. Generally, the 'bad guys' are limited to one revision/upgrade behind what's available to the 'good guys'. For more information visit the sites for Thales, BAE, Lockheed, General Dynamics, etc, and click on the 'Investors' link in the 'About' menu.

  16. James Boag

    Hold on we just spent how much on a phone hacking trial

    Hold on we just spent how much on a phone hacking trial ?

    When we had the technology infrastructure and unless our security services are seriously incompetent the evidence in place,

    If the correct information had been presented to the trial then all the "Defendants" may have really got what they deserved, at a fraction of the price that we were charged,

    I just can't see the value of this if we don't use it !

  17. Anonymous Coward
    Anonymous Coward

    How to detect it?

    My android phone spent some time being "looked after" by the UK Border Agency. Is there any way to detect this malware?

    1. S4qFBxkFFg

      Re: How to detect it?

      You want the phone to be able to connect to the internet (or try to) through a wireless router you control (and are confident hasn't been mucked around with - buying one cash from a physical shop might be worthwhile), while being unable to connect to the phone network (remove sim, go somewhere with no signal, etc.).

      Set the router to log as much as it can.

      Check the logs for the relevant IPs.

      Be aware, this malware might cache data and transmit it in bursts at set times, it might not communicate over wifi at all, etc. etc.

      1. Anonymous Coward
        Anonymous Coward

        Re: How to detect it?

        I've already done some packet inspecting with wireshark and found nothing suspicious. Will take your advice about router logging - thanks.

        These are worrying times privacy-wise but I should point out that all the law enforcement people I had dealings with, including SOCA, were absolutely fucking clueless about this sort of thing.

  18. earl grey Silver badge
    Flame

    all your data are belong to us

    Seriously, all of it.

    Including the stuff we secretly loaded onto your phone you had no idea about.

  19. Anonymous Coward
    Anonymous Coward

    hang on...

    According to the news phone hacking is illegal! I am amazed that so many people have commented on how awful it is that a newspaper listened to someone's voicemail without authority and yet they do not bat an eyelid to news of government interception of their email, phone calls, texts etc.

    Are the masses being spoon fed stories such as this to get them used to the idea of intrusion into their 'private lives'?

    and for those who say "If you have nothing to hide then you have nothing to fear..." two things. You do not have the right to look into the private life of another individual, try getting access to David Cameron's emails and see where that lands you, secondly words of wisdom from the late Bill Hicks

    "What business is it of yours what I do, read, buy, see, or take into my body as long as I do not harm another human being on this planet? And for those who are having a little moral dilemma in your head about how to answer that question, I'll answer it for you. NONE of your f*****g business"

  20. Anonymous Coward
    Anonymous Coward

    Typical innit

    You wait for years for an industrial-scale illegal phone-hacking conspiracy and then three come along at once!

  21. GrumpyOldMan

    In the UK we have the Computer Misuse Act that has now been tightened up even more. I believe it covers phones - they are computers after all. Semaphone and old-tech Royal Mail now looking really attractive.

  22. MyHandle256

    Old hat really

    Read "Killing Pablo" by Mark Bowden, a book documenting how the DEA and FBI tracked down and located Pablo Escobar. They found him and took down the operation with bugged firmware on cartel cellphones, although they dont go into details of who, why how and where this happened. I'm sure SXnowden culd fill us in on those details though. This was a throway detail that the general public didnt grasp back then, as obviously the "good guys" in the US would only use this to capture "bad guys". Even when "powered off" (it just looked like it was off), the mic was still active and transmitting. They had spy planes flying over Colombia to pick up the traffic. The biggest problem they had was paying enough local colombians to actually decipher all the local slang and cartel codewords.

    This was 1993. Back then, having snake on your Nokia made it a smartphone. Just imagine what they can hide in amongst all the Gb's and clock cycles these days.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020