Citizen Lab exposes malware network used by police worldwide


At the University of Toronto you can find Citizen Lab who, in collaboration with computer security firm Kaspersky, has exposed a massive network of mobile malware targeting all phone types. It is sold by an Italian firm for use in police forces around the world.

‘Remote Control System’ (RCS) can infiltrate Android, iOS, Windows Mobile, Symbian, and even BlackBerry devices. Most mobile malware targets Android, due to its market-share, but many industry experts warn other platforms are just as vulnerable which this revelation leads credence to.

The study found 320 command-and-control (C&C) servers for RCS running in over 40 countries, presumably by law enforcement agencies. Kaspersky identified the IP addresses of RCS command servers and found the biggest host is in the United States, with 64 found. Next on the list was Kazakhstan with 49, Ecuador with 35, and the UK with 32 control systems.

“The presence of these servers in a given country doesn’t mean to say they are used by that particular country’s law enforcement agencies,” said Sergey Golovanov, principal security researcher at Kaspersky Lab. “However, it makes sense for the users of RCS to deploy C&Cs in locations they control – where there are minimal risks of cross-border legal issues or server seizures.”

On the Italian-firm’s website who develops the malware, they boast: “Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.”

In documents released by CitizenLab, they detail the system works by tricking targets with a “spearphishing” attack or by exploiting OS vulnerabilities. The Hacking Team focuses most of its time on Android, but it is also suggested they have successfully cracked Apple’s iOS as long as it’s jailbroken. If an iPhone isn’t, then when hooked up to an infected computer a remote-operated jailbreak can be carried out and the malware installed easily.

Once on a target’s mobile, the RCS software can intercept and record all phone calls, SMS messages, chat conversations from apps such as Viber, WhatsApp and Skype, grab any files or pictures on the handset, spy on the calendar, look up the user’s location, and take screenshots whenever the operator specifies, as well as harvest data from third-party applications like Facebook.

The code runs from behind an anonymising firewall to ensure little or no evidence that surveillance is taking place is found by the target – even down to bypassing mobile data usage statistics. Citizen Lab says that beyond criminal targets, it has found samples of code aimed at political targets in Saudi Arabia, Malaysia, Morocco and Ethiopia.

How do you feel about the exposed global malware network? Let us know in the comments.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *