December 29 – Hamburg, Germany
A group calling itself the Shadow Brokers has claimed to have hacked an elite cyberattack organization associated with the U.S National Security Agency (NSA), and is offering the stolen technology to the highest bidder. Citizen Lab Senior Research Fellow Claudio Guarnieri discussed the credibility of the claims with The Wired.
Citizen Lab Senior Research Fellow Claudio Guarnieri was named to Forbes 30 Under 30 list, in the Enterprise Technology section.
This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes.
Hacking Team, a Milan-based developer of “offensive security” technology that markets its products to governments and law enforcement agencies around the world, was significantly compromised when hackers leaked nearly 400 GB of its internal data, including emails, client files, and financial documents. The leak was announced via Hacking Team’s own compromised Twitter account, and the content made publicly available. Among other things, the leaked documents confirmed our findings that the company sells its software to several governments with repressive human rights records, such as Ethiopia, Sudan, Rwanda, Saudi Arabia, Kazakhstan, and more.
Independent Researcher Claudio Guarnieri has partnered with Privacy International, Digitale Gesellschaft, Electronic Frontier Foundation and Amnesty International to publicly release the Detekt tool, which allows journalists and human rights defenders to scan their computers for traces of known surveillance spyware.
Our latest report analyzes our discovery of an Android application called Qatif Today that is bundled with a Hacking Team payload. The app provides news and information in Arabic with a special relevance to the Qatif Governorate of Saudi Arabia, which is a predominantly-Shia community.
We analyze a newly discovered Android implant that we attribute to Hacking Team and highlight the political subtext of the bait content and attack context. In addition, we expose the functionality and architecture of Hacking Team’s Remote Control system and operator tradecraft in never-before published detail.
Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.
This report outlines an extensive US nexus for a network of servers forming part of the collection infrastructure of Hacking Team’s Remote Control System. The network, which includes data centers across the US, is used to obscure government clients of Hacking Team. It is used by at least 10 countries ranging from Azerbaijan and Uzbekistan to Korea, Poland and Ethiopia. In addition we highlight an intriguing US-only Hacking Team circuit.