Irene Poetranto


US-based Servers Part of Hacking Team’s Surveillance Infrastructure

Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.

Mapping Hacking Team’s Covert Surveillance Networks

This report maps out covert surveillance networks of “proxy servers” used to launder data that RCS exfiltrates from infected computers, through third countries, to an “endpoint,” which we believe represents the spyware’s government operator.

Appendix B: Samples

MD5 Country 946ea5bd506d1ad1d6fac3de1e010cd3 Egypt b520e9f198c365125d49e7894152eebb Hungary 8db7d5c8f282640b9cad55d8d2fa843d Italy 8527f71025a33d47275f6c145e099392 Italy 2f3222670d24071464e22e67921e423c Italy 16fefc84cef47090bcb459888ca4ee4a Italy a1d830653da9cd5daa5aa40239ec73ca Italy b732b34eb831308b58b8dcfc8130e547 Italy b9077ad27c77e0004782443bd5447f17 Italy 2192f9b0209b7e7aa6d32a075e53126d Italy cb8259668b17059f1078227995aad4c2 Italy a32e073132ae0439daca9c82b8119009 Italy 9c223cdebbd6870115a530869491a7a9 Kazakhstan 5ff61876e3fa55128554e413e77c3e55 South Korea bf080077d9d3c362e1f5c2b9e771fb8c Morocco 209a986d8e17d361424dc11ffc69511b Oman 2bd0b6ce1adc950e07ede94e18c9b726 Oman 6767becc4a72159f4306fdcbec723cc3 Oman 1e71cbf364fd05168a9ccaf435eb66e8 Saudi Arabia d115dd439788bf6344010aab606cb8d9 Saudi Arabia f8abcba6172d31a6602a85d7fcd30454 Saudi Arabia 6f2b145f3d078762daa7e0d33b18ad11 Saudi Arabia 23e93ac9b08487a2f0934d04ccd890d1 Turkey 66741da348171175d7be67b8b0e01318 Turkey… Read more »

Appendix A: List of Servers

We redact the last octet of the 186 IP addresses below that matched any of our fingerprints since 1 February 2014. IP Country Owner MY PIRADIUS NET AU MAMMOTH MEDIA PTY LTD JP LINODE LLC JP LINODE LLC JP LINODE LLC JP LINODE LLC JP LINODE LLC… Read more »

Ethiopian Journalist Group Targeted with Hacking Team Spyware

Our latest report identified three instances where Ethiopian journalist group ESAT was targeted with spyware in the space of two hours by a single attacker. In each case, the spyware appeared to be RCS (Remote Control System), which is programmed and sold exclusively to governments by Milan-based Hacking Team.

B4A files suit against UK government

Cyber Stewards Network partner Bytes for All (B4A) is working together with Privacy International (PI) to sue the government of the United Kingdom over their Tempora surveillance program.