A group calling itself the Shadow Brokers has claimed to have hacked an elite cyberattack organization associated with the U.S National Security Agency (NSA), and is offering the stolen technology to the highest bidder. Citizen Lab Senior Research Fellow Claudio Guarnieri discussed the credibility of the claims with The Wired.
Hacking Team, a Milan-based developer of “offensive security” technology that markets its products to governments and law enforcement agencies around the world, was significantly compromised when hackers leaked nearly 400 GB of its internal data, including emails, client files, and financial documents. The leak was announced via Hacking Team’s own compromised Twitter account, and the content made publicly available. Among other things, the leaked documents confirmed our findings that the company sells its software to several governments with repressive human rights records, such as Ethiopia, Sudan, Rwanda, Saudi Arabia, Kazakhstan, and more.
Independent Researcher Claudio Guarnieri has partnered with Privacy International, Digitale Gesellschaft, Electronic Frontier Foundation and Amnesty International to publicly release the Detekt tool, which allows journalists and human rights defenders to scan their computers for traces of known surveillance spyware.
Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.
Our latest report identified three instances where Ethiopian journalist group ESAT was targeted with spyware in the space of two hours by a single attacker. In each case, the spyware appeared to be RCS (Remote Control System), which is programmed and sold exclusively to governments by Milan-based Hacking Team.