Feeds

Hacking Team snoopware found on US servers

Citizen Lab tags foreign governments for spying in America

Security for virtualized datacentres

Canada's Citizen Lab has added to its record of uncovering government snooping using Hacking Team's software, has dropped a bombshell: it's accused 12 American data centres of hosting clients deploying the spyware.

In its latest report, Hacking Team's US Nexus, Citizen Lab* says there are 114 servers in America, in at least a dozen data centres, that are part of RCS (Remote Control Software) circuits.

The group says their identification of RCS traffic isn't some routing accident, but demonstrates “the purposeful use of US servers for the surreptitious transmission of wiretapped data to foreign governments.”

The governments it accuses of snooping are, in other words, using RCS to wiretap on individuals – for example, citizens in the US, journalists reporting on their countries' affairs, expats and activists – and send the data offshore. This violates US laws, such as the Computer Fraud and Abuse Act and the Wiretap Act, Citizen Lab writes.

Their name-and-shame list says names Linode, Internetserver, InMotion Hosting, GoDaddy, ColoCrossing, Sharktech, Endurance International, Infolink, NOC4Hosts and HostDime as having government customers who are operating, or have operated, RCS in US data centres.

The governments named include Uzbekistan, Poland, Mexico, Colombia, Morocco, Thailand, the UAE, Korea* Morocco and Azerbaijan (*the report doesn't say North or South Korea; El Reg presumes it means Norks).

“The extensive and deliberate use of dedicated US hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns,” Citizen Labs says. “These include whether RCS client countries violate US law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware. Moreover, RCS client countries, by exposing wiretap data to US and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.”

The authors also say that in some cases, spyware servers were disguised as legitimate Websites – newspapers, financial services firms, and ABC News – presumably to mislead targets. Most Hacking Team servers, Citizen Lab writes, present the Google search page when someone lands on their address.

Other countries apparently hosting RCS servers, and in which this would probably be illegal, include the UK, Germany, The Netherlands and Canada. ®

Bootnote *Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, Canada that focuses on researching the relationship between technology, human rights, and global security. ®

Security for virtualized datacentres

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
JINGS! Microsoft Bing called Scots indyref RIGHT!
Redmond sporran metrics get one in the ten ring
Driving with an Apple Watch could land you with a £100 FINE
Bad news for tech-addicted fanbois behind the wheel
Murdoch to Europe: Inflict MORE PAIN on Google, please
'Platform for piracy' must be punished, or it'll kill us in FIVE YEARS
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Sony says year's losses will be FOUR TIMES DEEPER than thought
Losses of more than $2 BILLION loom over troubled Japanese corp
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Why Oracle CEO Larry Ellison had to go ... Except he hasn't
Silicon Valley's veteran seadog in piratical Putin impression
Big Content Australia just blew a big hole in its credibility
AHEDA's research on average content prices did not expose methodology, so appears less than rigourous
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.