American Targeted By Digital Spy Tool Sold To Foreign Governments

An anonymous reader points out a report in Wired of an American woman at a "renowned academic institution" who received targeted malware from what was most likely a foreign government. "... analysis of [the downloader] showed that it was the same downloader that has been used in the past to install Remote Control System (RCS), a spy tool made by the Italian company Hacking Team and sold to governments." What's significant about this malware is that it is made by an Italian firm who claims they sell it only to government and law enforcement bodies, and it isn't of much use to your standard botnet operator. "The RCS tool, also known as DaVinci, records text and audio conversations from Skype, Yahoo Messenger, Google Talk and MSN Messenger, among other communication applications. It also steals Web browsing history and can turn on a computer’s microphone and webcam to record conversations in a room and take photos. The tool relies on an extensive infrastructure to operate and therefore is not easily copied and passed to non-government actors outside that infrastructure to use for their own personal spy purposes, according to a Hacking Team spokesman." There's no solid proof indicating who is responsible, but the malware email contained a link to a website in Turkey. "Turkey is a member of the North Atlantic Treaty Organization alliance. If authorities there were behind the hack attack, it would mean that a NATO ally had attempted to spy on a U.S. citizen on U.S. soil, presumably without the knowledge or approval of U.S. authorities, and for reasons that don't appear to be related to a criminal or counter-terrorism investigation."

Re:

[TWiTfan]

It's sad that the people who created Stuxnet a few years back probably thought they were doing a noble thing. But the first thing I thought when I read about it was "How long before someone turns this back against us?"

It's like the atomic bomb. Creating it was beneficial in the short term for the U.S. But, in the end, its main result was a nuclear arms race that came all-too-damn-close [wikipedia.org] to causing a nuclear apocalypse (and may yet).

Re:

[Lumpy]

"... STUXNET targets SCADA systems. Unless she running a reactor or dam equipment from her laptop I don't think this has anything to do with STUXNET."

So I am not allowed to run Uranium Enrichment in my garage? Yet more rights taken from my 2nd amendment!

Let me guess, they are against my building of an ICBM in my back yard as well.....

Re:

[filthpickle]

Goddamn Obama.

Re:

[flayzernax]

Because of the nature of this spyware (targeting social contacts and trying to snoop in on private life) it sounds more like a a colleague asked their buddies (or stole) a copy to spy on her because they lack any interpersonal skills. After RTFAing though it seems like it was a completely unprofessional job or just someone phising at random who's got worse spelling than I. Also the article neglects to mention her area of research. It could be something completely unimportant to "spies".

It could have also be

Re:

[rioki]

Actually stuxnet targets the PCs that run the engineering software for SCADA systems (like mine). It then alters the SPS' program, if it is a of a special configuration. The next regularly scheduled download into the SPS will then ensure then the altered program gets executed. This worked quite well, since you don't see what you are compiling and downloading, but I am currently working on a feature that would have made that more obvious... maybe... if you can see the three little changes under the thousands

Re:

[gmuslera]

That was just the payload, that with the appropiate sources [thehackernews.com] could vary. Bricking your laptop [pcworld.com] could be the less harmful thing it could do, you will still be free and have money in the bank to buy another.

Re:

[lister king of smeg]

from what i recall stuxnet also shared a lots of code in common with another pernicious computer virus conficker that has infected computer all over the world

Re:

[cangrejoinmortal]

I believe no one in Stuxnet's dev team feel they were doing a good thing, they were smart people and smart people doing smart things for the warmongers always feel guilt and shame, even if only a little. Only very stupid or malicious people feel war efforts are noble.

Re:

[Jockle]

That makes zero sense.

Don't be so goddamn sanctimonious

[Anonymous Coward]

The poor USA is getting spied on. The audacity! A country that's always on its best behavior and has NEVER spied on allies, ever! Besides, are you sure that this isn't rebound spying, where the US lets others spy on US citizens to get information that they wouldn't be allowed to acquire directly themselves?

Re:

[telchine]

rebound spying, where the US lets others spy on US citizens to get information that they wouldn't be allowed to acquire directly themselves?

This was my first thought when I read it.

The way things are going...

[alexo]

> It is the job of any national government to protect itself from its citizens

FTFY.

Re:

[sir-gold]

The US IS the sole cause of all the current evils in the world. (not counting the crazyness that is North Korea)

Every enemy that the US currently faces was created by US foreign policy. The Arabs wouldn't be pissed at the US if it wasn't for the US support of Israel, Mexico and South America wouldn't be in a constant state of civil war if it wasn't for the US war on drugs, and Asia wouldn't be the garbage pile that it is if US Trade Policy favored US labor instead of corporate profits.

Re:

[tibman]

craaaazzyyy

F'ing Mods need to read Mod rules!

[s.petry]

Please explain to me, oh person that modded this flamebait, how an opinion which is rather common (especially outside of the US) is flamebait? Perhaps a rational person with mod points will correct the rating? I have no mod points today, or would do so myself.

As a side note, more and more Americans are beginning to see the validity of these opinions.

Re:

[sir-gold]

Just because China or Russia would do it too (given the chance) doesn't make it right. The US needs to stop interfering with the rest of the world's affairs. The US especially needs to tell Israel to go get stuffed. They have been wasting money (and making enemies) for over 60 years, protecting a bunch of people who most definitely don't need (or deserve) protecting. The Jews need to either make peace with their neighbors, or go find someplace else to hide, preferably somewhere that isn't someone else's an

Re:

[Muros]

As for rebound spying, while I wouldn't put it past certain US agencies of doing that, it is unlikely, and to automatically assume this is the case is to reveal a skewed worldview where the United States is the sole cause of evil in the world.

Can I say false dichotomy?

Re:

[Big Hairy Ian]

Do let me know how you'd like your Darwin Award Nomination Phrased :)

Re:

[rioki]

Did you not read it. The CIA issues it sometime in the 80s

Re:

[RoknrolZombie]

Technically yes - it's against US law for the US to spy on it's own citizens without due cause.

That being said, the US doesn't pay much attention to what's actually "legal" anymore, opting for "It's easier to ask for forgiveness than permission"...the same model that's gotten us so far in the last 30 years.

Re:

[interkin3tic]

I assure you that the people being spied upon are not the people who were spying on citizens of other countries. So I don't see the hypocrisy.

Re:

[Jockle]

You can replace the words "USA" with the name of damn near any other nation on the planet and the statement will remain accurate.

And... that makes it okay somehow? I don't see where he mentioned other countries not doing any of that at all.

Re:

[gmuslera]

Feeling in their own skin what they are doing to others (via their "representatives") is a good first step. That antivirus could not [slashdot.org] detect that kind of things because government orders adds a bit of spice. But anyway, they won't know how widespread this will become, whoever [washingtonpost.com] could warn them will be considered an enemy of the state, and prosecuted no matter where in the world they are.

Slavery...

[Rockoon]

If we sell all the Americans targeted by spy tools to other governments then that might close the budget gap!

Re:

[SJHillman]

It seems to work for Facebook. Let's just hope the US Government doesn't have an IPO, it could shatter the illusion of what it's actually worth.

Davinci? Hack the Gibson!

[Anonymous Coward]

Hack the Planet!

"If ... would ... presumably ... don't appear to"

[QuasiSteve]

There's no solid proof indicating who is responsible

Thanks, all we really needed to know, I guess.

but the malware email contained a link to a website in Turkey.

Let me send you one with a link to a website in Mexico. Sorry, make that Sweden. Germany? Italy? Take your pick.

"Turkey is a member of the North Atlantic Treaty Organization alliance. If

And there the subject line finds its origin. I love a good tinfoilhat story, but this is not even that. This is pretty much wild guesses.

Re:

[pellik]

I'm inclined to believe that Turkey may be responsible here. Remember, these aren't actors capable of writing their own spyware. They simply bought a package from someone else and, presumably, put in their email address where it called for an email address in configuration. Hanlon's razor.

Re:

[AHuxley]

Re: "these aren't actors capable of writing their own spyware" - Italy has had its SISMI military intelligence agency using the telco 'network' in very creative ways.
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal [wikipedia.org]
If that is the quality of the systems created/used/requested over time in the EU, the ability to enter one computer network seems not too hard?
ie if you have a simple domestic surveillance program covering 1000's of people, whats one US network in 2013 with that skill/support set?
You also

Re:

[Technician]

If you read the article, the researcher did not download or examine the payload. They used a honeypot to view the downloader, but not the payload. The payload could be anything, but the downloader was used by a known software vendor.

Though investigators didn’t obtain the file that the downloader was supposed to install, analysis of it showed that it was the same downloader that has been used in the past to install Remote Control System (RCS), a spy tool made by the Italian company Hacking Team and

Spies Exist ?!?!! *clutches pearls*

[sirwired]

Whoa! Stop the presses!!! You mean to tell me that countries that are nominally allies sometimes carry out covert intelligence operations against each other?

If this comes as a shock to anybody, anywhere, you need to crawl out from under the proverbial rock. It happens all. the. time.

And "a link to a website in Turkey" is hardly proof of anything. At all. And if it came from a GMail account, would there be dark aspersions that Google was behind it all?

Re:

[auric_dude]

Is Turkey now the new China?

Re:Spies Exist ?!?!! *clutches pearls*

[OolimPhon]

Is Turkey now the new China?

I don't know. Why don't you try making me a pot of tea in a turkey and tell me how it tastes?

Re:

[sir-gold]

I was with you right up until you said "hacking the brain with radio",

Unless by "radio" you really meant "television", and by "hacking the brain" you really meant "turning it into mush with mindless reality TV shows", in which case you would be totally correct.

Re:

[ahabswhale]

You do realize that the US's allies spy on the US as well. It's not a new phenomenon either. It's been going on for a very long time. I hate to break it to you but the US didn't invent all of this evil shit.

Holy leap of logic, batman!

[nedlohs]

Though investigators didn’t obtain the file that the downloader was supposed to install, analysis of it showed that it was the same downloader that has been used in the past to install Remote Control System (RCS), a spy tool made by the Italian company Hacking Team and sold to governments. A digital certificate used to sign the downloader has also been used in the past with Hacking Team’s tool.

So because a difference piece of software has been used in conjunction with RCS in the past, this use o

Editors, bang up job.

[Taibhsear]

Came here wondering how an American woman got sold to a foreign government. Great job as always, editors.

Re:

[Racemaniac]

Same here, took me ages before i understood what the title was supposed to mean.

Re:

[T.E.D.]

In their defense, if the editors didn't make the headlines confusing, most ./ readers wouldn't RTFSummary either.

It must be a real burden to edit a text-oriented website for people who hate to read.

Hmmm ...

[gstoddart]

If authorities there were behind the hack attack, it would mean that a NATO ally had attempted to spy on a U.S. citizen on U.S. soil, presumably without the knowledge or approval of U.S. authorities, and for reasons that don't appear to be related to a criminal or counter-terrorism investigation.

I'm pretty sure the US already does this -- possibly not for reasons other than criminal or counter-terrorism though.

But, really, since we know with Carnivore and pretty much everything else the US spies on NATO allies as well.

Unless we're meant to believe the US only does this on NATO allies with their express approval and oversight. Because, a t a minimum, we know the CIA has kidnapped people in Italy, a NATO member, without telling anybody.

Does anybody really think countries don't actively spy on their allies if they feel the need?

The first 3 times I read it

[TangoMargarine]

The headline parsed as "(American Targeted By Digital Spy Tool) Sold To (Foreign Governments)."

"without the approval of U.S. authorities"

[lee n. field]

it would mean that a NATO ally had attempted to spy on a U.S. citizen on U.S. soil, presumably without the knowledge or approval of U.S. authorities

Why in the world would anyone think this?

America is not getting spied on

[kruach aum]

A woman at an academic institution in the US is getting spied on. This is an important distinction sadly ignored by the attention grabbing headline; not everything every person does in a country should count as a direct proxy for that country. If it did, the act of spying would be a logical contradiction.

Punctuation

[Frankie70]

Americans should not be sold to foreign govt, irrespective of whether these Americans are targeted by Digital Spy Tools or not. It's like throwing the baby out with the bathwater or something.

William Gibson called it

[idontgno]

The street finds its own uses for things.

-- William Gibson, "Burning Chrome" [wikipedia.org]

Of course it's of no use to hackers

[pseudorand]

...because hackers have better tools they get for free from the Interwebs. Of course, if it does turn out to be hackers, this Italian firm could always stick a EULA on it and have the BSA enforce. Hackers aren't afraid of the government, but BSA lawyers scare everyone.

Say what? American sold to a foreign government?

[Prune]

How hard would it have been to reword the title to the equally concise, yet unambiguous, "Digital Spy Tool Sold To Foreign Governments Used to Target American"?

Re:

[femtobyte]

((Digital Spy) Tool) Sold To (Foreign Governments Used to (Target American))? Foreign governments accustomed to a Target American were sold a digital spy named Tool?

Re:

[Prune]

http://i306.photobucket.com/albums/nn250/paawkx/cat_confus.jpg [photobucket.com]

Re:

[femtobyte]

Just pointing out (pedantically) that your "unambiguous" version of the sentence is not perfectly unambiguous: there are multiple different grammatically correct ways to interpret the phrase.

For example, "used to" might be taken in the sense of "a spoon is used to eat soup," or as in "he is used to being correct"; in the latter case, "Target" might be an adjective modifying "American," rather than the verb form "to Target". It might be the "Foreign Governments" that are "used to target American," rather tha

what i really wanna know

[cripkd]

... Is how much was the american that was first spied upon sold for and to what foreign government? Is the spied americans a market worth getting into?

*Not* McAfee?

[macraig]

Damn, reading the title of the submission I thought for sure I'd be reading another lurid tale of John McAfee being singled out for persecution by TPTB. What a disappointment!