Feeds

Hacking Team snoopware found on US servers

Citizen Lab tags foreign governments for spying in America

The Essential Guide to IT Transformation

Canada's Citizen Lab has added to its record of uncovering government snooping using Hacking Team's software, has dropped a bombshell: it's accused 12 American data centres of hosting clients deploying the spyware.

In its latest report, Hacking Team's US Nexus, Citizen Lab* says there are 114 servers in America, in at least a dozen data centres, that are part of RCS (Remote Control Software) circuits.

The group says their identification of RCS traffic isn't some routing accident, but demonstrates “the purposeful use of US servers for the surreptitious transmission of wiretapped data to foreign governments.”

The governments it accuses of snooping are, in other words, using RCS to wiretap on individuals – for example, citizens in the US, journalists reporting on their countries' affairs, expats and activists – and send the data offshore. This violates US laws, such as the Computer Fraud and Abuse Act and the Wiretap Act, Citizen Lab writes.

Their name-and-shame list says names Linode, Internetserver, InMotion Hosting, GoDaddy, ColoCrossing, Sharktech, Endurance International, Infolink, NOC4Hosts and HostDime as having government customers who are operating, or have operated, RCS in US data centres.

The governments named include Uzbekistan, Poland, Mexico, Colombia, Morocco, Thailand, the UAE, Korea* Morocco and Azerbaijan (*the report doesn't say North or South Korea; El Reg presumes it means Norks).

“The extensive and deliberate use of dedicated US hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns,” Citizen Labs says. “These include whether RCS client countries violate US law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware. Moreover, RCS client countries, by exposing wiretap data to US and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.”

The authors also say that in some cases, spyware servers were disguised as legitimate Websites – newspapers, financial services firms, and ABC News – presumably to mislead targets. Most Hacking Team servers, Citizen Lab writes, present the Google search page when someone lands on their address.

Other countries apparently hosting RCS servers, and in which this would probably be illegal, include the UK, Germany, The Netherlands and Canada. ®

Bootnote *Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada that focuses on researching the relationship between technology, human rights, and global security. ®

The Essential Guide to IT Transformation

More from The Register

next story
Just TWO climate committee MPs contradict IPCC: The two with SCIENCE degrees
'Greenhouse effect is real, but as for the rest of it ...'
Has Europe cut the UK adrift on data protection?
EU reckons we've one foot out the door anyway
'Blow it up': Plods pop round for chat with Commonwealth Games tweeter
You'd better not be talking about the council's housing plans
Arrr: Freetard-bothering Digital Economy Act tied up, thrown in the hold
Ministry of Fun confirms: Yes, we're busy doing nothing
Government's 'Google Review' copyright rules become law
Welcome in a New Era ... of copyright litigation
Help yourself to anyone's photos FOR FREE, suggests UK.gov
Copyright law reforms will keep m'learned friends busy
Apple smacked with privacy sueball over Location Services
Class action launched on behalf of 100 million iPhone owners
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.