from citizenlab.org: This report analyzes Hacking Team’s Android implant, and uses new
documents to illustrate how their Remote Control System (RCS)
interception product works. This work builds on our previous research into
the technologies and companies behind “lawful interception” malware.
This technology is marketed as filling a gap between passive
interception (such as network monitoring) and physical searches. In
essence, it is malware sold to governments. Unlike phone monitoring and
physical searches, however, most countries have few legal guidelines
and oversight for the use of this new power. In light of the absence of
guidelines and oversight, together with its clandestine nature, this
technology is uniquely vulnerable to misuse. By analysing the tools, and
their proliferation at the hands of companies like Hacking Team and Gamma Group,
we hope to support efforts to ensure that these tools are used in an
accountable way, and not to violate basic principles of human rights and
rule of law.
In a report published earlier this year, we presented the results of a global scanning effort, and identified 21 countries
with deployments of Hacking Team’s Remote Control System monitoring
solution. In addition, alongside other researchers, we have uncovered a
range of cases where “lawful interception” software has been used
against political targets by repressive regimes. Political and civil
society targets have included Mamfakinch in Morocco, human rights activist Ahmed Mansoor in the UAE, and ESAT, a US-based news service focusing on Ethiopia. In all of these cases, a tool marketed for “law enforcement” was used against political, rather than security threats. In still other cases, like Malaysia [PDF], we have found bait documents and seeding suggestive of political targeting.