Leaked Product Demo from RCS Labs

We have leak from yet another cyberweapons arms manufacturer: the Italian company RCS Labs. Vice Motherboard reports on a surveillance video demo:

The video shows an RCS Lab employee performing a live demo of the company's spyware to an unidentified man, including a tutorial on how to use the spyware's control software to perform a man-in-the-middle attack and infect a target computer who wanted to visit a specific website.

RCS Lab's spyware, called Mito3, allows agents to easily set up these kind of attacks just by applying a rule in the software settings. An agent can choose whatever site he or she wants to use as a vector, click on a dropdown menu and select "inject HTML" to force the malicious popup to appear, according to the video.

Mito3 allows customers to listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard.

Slashdot thread

Posted on September 9, 2016 at 2:18 PM • 8 Comments

Comments

My InfoSeptember 10, 2016 5:14 PM

"... It also allows police to..."

That's nothing but Mob rule. Haven't we quite firmly established on this forum that anything we "allow" "police" to do to our computers, we are also (and probably more likely in actual practice) allowing the Mob to do? By "Mob" I mean groups such as La Cosa Nostra, vory v zakone, North and South American drug cartels, the gangs of L.A., Crips and Bloods from Portland, Oregon, various skinheads, KKK and affiliates from Detroit, triads from Hong Kong and other such groups.

It's called the "silver and lead" system -- silver (money under the table) if you cooperate, lead (bullet to the head) if you don't. Very effective.

I'm sorry if I disturb your dear readers, Mr. Schneier, but this is the Internet, life's rough, and I assure you the aforementioned criminal groups are definitely online and not a figment of anyone's paranoid imagination.

AnonSeptember 11, 2016 12:55 AM

Cyberweapon? As has been mentioned before, it elevates it to a status it doesn't deserve. "State-sponsored malware" is much clearer, IMHO.

@hawk: I don't see where that is necessary in this attack scenario?

DanielSeptember 11, 2016 4:34 PM

@Jacob

Thanks for posting that link. That fact has not gotten enough press. While there may be three zero days that were uncovered, we now know there is at least one zero day still in the wild, and it is perhaps the most powerful zero day of them all. Everyone with that model of iPhone should be restless.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.