Leaked Product Demo from RCS Labs

We have leak from yet another cyberweapons arms manufacturer: the Italian company RCS Labs. Vice Motherboard reports on a surveillance video demo:

The video shows an RCS Lab employee performing a live demo of the company’s spyware to an unidentified man, including a tutorial on how to use the spyware’s control software to perform a man-in-the-middle attack and infect a target computer who wanted to visit a specific website.

RCS Lab’s spyware, called Mito3, allows agents to easily set up these kind of attacks just by applying a rule in the software settings. An agent can choose whatever site he or she wants to use as a vector, click on a dropdown menu and select “inject HTML” to force the malicious popup to appear, according to the video.

Mito3 allows customers to listen in on the target, intercept voice calls, text messages, video calls, social media activities, and chats, apparently both on computer and mobile platforms. It also allows police to track the target and geo-locate it thanks to the GPS. It even offers automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard.

Slashdot thread

Tags: cyberweapons, eavesdropping, leaks, malware, man-in-the-middle attacks, spyware

Posted on September 9, 2016 at 2:18 PM • 8 Comments

Comments

hawk • September 9, 2016 2:30 PM

Based on replacing the certificate on the target.

Jacob • September 9, 2016 3:10 PM

It has been reported that the NSO Group (of the iPhone link hack for iOS 9.3.4 and earlier) had a more advanced hack, a one that did not require any click on the received link – but the Israeli Defense Export Controls Agency (DECA)refused to approve that version’s export to an Arab company.

http://www.timesofisrael.com/israeli-government-okayed-sale-of-spyware-that-exploits-iphones/

Cicino • September 10, 2016 5:36 AM

From Wikileaks – HackingTeam files: RCS presented some of their products to HackingTeam people, in order to try and start a collaboration.

https://wikileaks.org/hackingteam/emails/emailid/10796

My Info • September 10, 2016 5:14 PM

“… It also allows police to…”

That’s nothing but Mob rule. Haven’t we quite firmly established on this forum that anything we “allow” “police” to do to our computers, we are also (and probably more likely in actual practice) allowing the Mob to do? By “Mob” I mean groups such as La Cosa Nostra, vory v zakone, North and South American drug cartels, the gangs of L.A., Crips and Bloods from Portland, Oregon, various skinheads, KKK and affiliates from Detroit, triads from Hong Kong and other such groups.

It’s called the “silver and lead” system — silver (money under the table) if you cooperate, lead (bullet to the head) if you don’t. Very effective.

I’m sorry if I disturb your dear readers, Mr. Schneier, but this is the Internet, life’s rough, and I assure you the aforementioned criminal groups are definitely online and not a figment of anyone’s paranoid imagination.

Anon • September 11, 2016 12:55 AM

Cyberweapon? As has been mentioned before, it elevates it to a status it doesn’t deserve. “State-sponsored malware” is much clearer, IMHO.

@hawk: I don’t see where that is necessary in this attack scenario?

JG4 • September 11, 2016 1:46 PM

I think that the expression “plata o plomo” originated south of the border.

Daniel • September 11, 2016 4:34 PM

@Jacob

Thanks for posting that link. That fact has not gotten enough press. While there may be three zero days that were uncovered, we now know there is at least one zero day still in the wild, and it is perhaps the most powerful zero day of them all. Everyone with that model of iPhone should be restless.

TRX • September 21, 2016 7:32 AM

unidentified man

…until someone locates his picture on Facebook.

Leaked Product Demo from RCS Labs

Comments

Leave a comment Cancel reply