Researchers have discovered that governments are using the same methods of spying as hackers. According to the Associated Press on Tuesday, those methods include using their intended targets’ own computers and phones.
Police and spy agencies around the world are using malicious software implants (called Remote Control System or RCS) in personal devices to spy on their targets. The report states that the malware can be implanted via USB or can be remotely placed on the device via an infected email, link or network traffic injection. The two computer security groups involved in the report, Kaspersky and Citizen Lab, state that police spying methods are coming very close to methods used by hackers with malicious intent.
A senior security researcher elaborates, “In the past, the distinction was pretty easy. If it’s malware, there’s someone bad behind it. The notion of good guys and bad guys is becoming diluted.”
The initial report was done on private Italian firm Hacking Team. On its website, Hacking Team notes that it can steal text messages, listen in on Skype calls and be able to control ‘hundreds of thousands’ of devices at once. Though Hacking Team says it sells its RCS only to governments not blacklisted by NATO and has a screening panel that looks over every potential client, their malware has still been used against 30 journalists and activists.
The sophisticated malware is made to be very secretive. It’s designed to not drain batteries, to send info via wi-fi to avoid chewing through data and, in a very spy-movie manner, has a setting that will allow it to self-destruct if there’s a danger of it being discovered.
The malware allows police to record audio, take photos and track the user through GPS. The Verge reports that the malware works best on Android devices and jailbroken iPhones, but can still work on Windows phones, Blackberrys and standard iPhones..
This report adds to what Edward Snowden has said about the government, specifically the National Security Agency, spying on its people. Wired reports that there are currently 64 command-and-control servers in the United States, which Hacking Team uses to remotely control their malware. The U.S. has the most servers by far, hinting that the most spying is being done by the United States government. The country with the next highest number of servers was Kazakhstan with 49.