Feeds

Hacking Team snoopware found on US servers

Citizen Lab tags foreign governments for spying in America

Build a business case: developing custom apps

Canada's Citizen Lab has added to its record of uncovering government snooping using Hacking Team's software, has dropped a bombshell: it's accused 12 American data centres of hosting clients deploying the spyware.

In its latest report, Hacking Team's US Nexus, Citizen Lab* says there are 114 servers in America, in at least a dozen data centres, that are part of RCS (Remote Control Software) circuits.

The group says their identification of RCS traffic isn't some routing accident, but demonstrates “the purposeful use of US servers for the surreptitious transmission of wiretapped data to foreign governments.”

The governments it accuses of snooping are, in other words, using RCS to wiretap on individuals – for example, citizens in the US, journalists reporting on their countries' affairs, expats and activists – and send the data offshore. This violates US laws, such as the Computer Fraud and Abuse Act and the Wiretap Act, Citizen Lab writes.

Their name-and-shame list says names Linode, Internetserver, InMotion Hosting, GoDaddy, ColoCrossing, Sharktech, Endurance International, Infolink, NOC4Hosts and HostDime as having government customers who are operating, or have operated, RCS in US data centres.

The governments named include Uzbekistan, Poland, Mexico, Colombia, Morocco, Thailand, the UAE, Korea* Morocco and Azerbaijan (*the report doesn't say North or South Korea; El Reg presumes it means Norks).

“The extensive and deliberate use of dedicated US hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns,” Citizen Labs says. “These include whether RCS client countries violate US law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware. Moreover, RCS client countries, by exposing wiretap data to US and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.”

The authors also say that in some cases, spyware servers were disguised as legitimate Websites – newspapers, financial services firms, and ABC News – presumably to mislead targets. Most Hacking Team servers, Citizen Lab writes, present the Google search page when someone lands on their address.

Other countries apparently hosting RCS servers, and in which this would probably be illegal, include the UK, Germany, The Netherlands and Canada. ®

Bootnote *Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada that focuses on researching the relationship between technology, human rights, and global security. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?