Feeds

Hacking Team snoopware found on US servers

Citizen Lab tags foreign governments for spying in America

Choosing a cloud hosting partner with confidence

Canada's Citizen Lab has added to its record of uncovering government snooping using Hacking Team's software, has dropped a bombshell: it's accused 12 American data centres of hosting clients deploying the spyware.

In its latest report, Hacking Team's US Nexus, Citizen Lab* says there are 114 servers in America, in at least a dozen data centres, that are part of RCS (Remote Control Software) circuits.

The group says their identification of RCS traffic isn't some routing accident, but demonstrates “the purposeful use of US servers for the surreptitious transmission of wiretapped data to foreign governments.”

The governments it accuses of snooping are, in other words, using RCS to wiretap on individuals – for example, citizens in the US, journalists reporting on their countries' affairs, expats and activists – and send the data offshore. This violates US laws, such as the Computer Fraud and Abuse Act and the Wiretap Act, Citizen Lab writes.

Their name-and-shame list says names Linode, Internetserver, InMotion Hosting, GoDaddy, ColoCrossing, Sharktech, Endurance International, Infolink, NOC4Hosts and HostDime as having government customers who are operating, or have operated, RCS in US data centres.

The governments named include Uzbekistan, Poland, Mexico, Colombia, Morocco, Thailand, the UAE, Korea* Morocco and Azerbaijan (*the report doesn't say North or South Korea; El Reg presumes it means Norks).

“The extensive and deliberate use of dedicated US hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns,” Citizen Labs says. “These include whether RCS client countries violate US law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware. Moreover, RCS client countries, by exposing wiretap data to US and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.”

The authors also say that in some cases, spyware servers were disguised as legitimate Websites – newspapers, financial services firms, and ABC News – presumably to mislead targets. Most Hacking Team servers, Citizen Lab writes, present the Google search page when someone lands on their address.

Other countries apparently hosting RCS servers, and in which this would probably be illegal, include the UK, Germany, The Netherlands and Canada. ®

Bootnote *Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada that focuses on researching the relationship between technology, human rights, and global security. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Bono apologises for iTunes album dump
Megalomania, generosity and FEAR of irrelevance drove group to Apple deal
HBO shocks US pay TV world: We're down with OTT. Netflix says, 'Gee'
This affects every broadcaster, every cable guy
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
SCREW YOU, EU: BBC rolls out Right To Remember as Google deletes links
Not even Google can withstand the power of Auntie
Arab States make play for greater government control of the internet
Nerds told to get lost in last-minute power grab bid at UN meeting
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
America's super-secret X-37B plane returns to Earth after nearly TWO YEARS aloft
674 days in space for US Air Force's mystery orbital vehicle
10 Top Tips For PRs Considering Whether To Phone The Register
You'll Read These And LOL Even Though They're Serious
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.