Law enforcement agencies and governments are doing as hackers do, spying on their targets through phones and computers with methods used by cybercriminals.

Two separate reports published by Kaspersky Lab and Citizen Lab on the private Italian company Hacking Team detail a massive international infrastructure of Remote Control System malicious software implants that are operated by spy agencies and law enforcers in dozens of nations.

The victims for the hacked surveillance include human rights advocates, activists, politicians and journalists.

The research done by Kaspersky Lab and Citizen Lab outlines the government surveillance methods, revealed by former CIA systems administrator Edward Snowden, which are used by the National Security Agency and its allies.

The research reports uncovered previously unidentified mobile Trojans for both iOS and Android devices. The Trojans are supposedly a part of the "legal" spyware RCS, which is also known by the name of Galileo. 

Kaspersky Lab said that it has been trying to locate the command and control servers of Galileo around the world. Kaspersky Lab's efforts were not futile, revealing over 320 RCS C&C servers worldwide, with most of the servers located in the United States, Kazakhstan, Ecuador, the United Kingdom and Canada.

"The presence of these servers in a given country doesn't mean to say they are used by that particular country's law enforcement agencies. However, it makes sense for the users of RCS to deploy C&Cs in locations they control - where there are minimal risks of cross-border legal issues or server seizures," said Kaspersky Lab principal security researcher Sergey Golovanov. 

Kaspersky Lab reported that Galileo RCS operators built specific malicious implants for each of their targets. The implant is injected into the victim's device through a variety of ways, including spearphishing through social engineering and local attacks through USB cables while the device is synchronizing.

The RCS Trojans can perform several surveillance functions, including revealing the location of the target, taking pictures using the device's camera, copying items from the calendar and registering new SIM cards. The Trojans can also intercept incoming communications, including SMS messages, phone calls, and chat messages sent through third-party applications. The Trojans can also be programmed to trigger functions depending on specific situations, such as recording audio whenever the device is connected to a specific network.

However, Hacking Team, through its chief spokesman Eric Rabe, dismissed the research reports.

"We believe the software we provide is essential for law enforcement and for the safety of all in an age when terrorists, drug dealers and sex traffickers and other criminals routinely use the Internet and mobile communications to carry out their crimes," said Rabe. 

Rabe pointed out that Hacking Team has a customer policy that states that the company only works with governments screened for human rights concerns.

Steve Bellovin from Colombia University, who has written about law enforcement using hacking methodologies, said that there is nothing inherently wrong with the action, comparing it to how police officers carry guns with them. However, he added that there needs to be strict rules set in place before government commissioned Trojans will be released all over the Internet.

ⓒ 2021 All rights reserved. Do not reproduce without permission.