At USENIX Security 2014 Citizen Lab researchers presented two papers on targeted threats against civil society communities as part of a dedicated session on the topic entitled Tracking Targeted Attacks against Civilians and NGOs.
Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.
This report maps out covert surveillance networks of “proxy servers” used to launder data that RCS exfiltrates from infected computers, through third countries, to an “endpoint,” which we believe represents the spyware’s government operator.
Our latest report identified three instances where Ethiopian journalist group ESAT was targeted with spyware in the space of two hours by a single attacker. In each case, the spyware appeared to be RCS (Remote Control System), which is programmed and sold exclusively to governments by Milan-based Hacking Team.