January 22, 2019, 06:52:29 PM

Recent Posts

Pages: 1 [2] 3 4 ... 10
Wikileaks releases searchable database of over 1 million emails from HT.
Can RCS software plant evidence on a targeted computer to frame them?

Source code from the HT leak seems to indicate that the surveillance software used by Governments around the world, has this particular capability. This particular bit of code looks pretty interesting...

Line 14 appears to open a process, for example they use several of the most popular internet browsers:
Code: [Select]
process = hash[:process] || ["Explorer.exe\0", "Firefox.exe\0", "Chrome.exe\0"].sample

On Line 17, it picks a path to the file, the examples are quite telling about what exactly this feature is for:
Code: [Select]
path = hash[:path] || ["C:\\Utenti\\pippo\\pedoporno.mpg", "C:\\Utenti\\pluto\\Documenti\\childporn.avi", "C:\\secrets\\bomb_blueprints.pdf"].sample

Starting from Line 20 to 34, the program appears to generate meta data for a file including a time and date when it was created, and then writes it to the specified path selected above on Line 17:
Code: [Select]
content = StringIO.new
    t = Time.now.getutc
    content.write [t.sec, t.min, t.hour, t.mday, t.mon, t.year, t.wday, t.yday, t.isdst ? 0 : 1].pack('l*')
    content.write process
    content.write [ 0 ].pack('L') # size hi
    content.write [ hash[:size] || 123456789 ].pack('L') # size lo
    content.write [ 0x80000000 ].pack('l') # access mode
    content.write path
    content.write [ ELEM_DELIMITER ].pack('L')

  def generate_content(*args)

So now there should be a freshly planted file on the targets computer named, using HT's own example, bomb_blueprints.pdf, just ready and waiting for the Fed's to find. But its lacking any content, its simply an empty container file.

From line 36 to 61, it looks like content is the streamed in and then pieced together:
Code: [Select]
def decode_content(common_info, chunks)
    stream = StringIO.new chunks.join

    until stream.eof?
      info = Hash[common_info]
      info[:data] = Hash.new
      info[:data][:type] = :open

      tm = stream.read 36
      info[:da] = Time.gm(*tm.unpack('l*'), 0)
      info[:data][:program] = ''
      info[:data][:path] = ''

      process_name = stream.read_ascii_string
      info[:data][:program] = process_name.force_encoding('US-ASCII') unless process_name.nil?

      size_hi = stream.read(4).unpack("L").first
      size_lo = stream.read(4).unpack("L").first
      info[:data][:size] = size_hi << 32 | size_lo
      info[:data][:access] = stream.read(4).unpack("l").first

      file = stream.read_utf16le_string
      info[:data][:path] = file.utf16le_to_utf8 unless file.nil?
      delim = stream.read(4).unpack("L*").first
      raise EvidenceDeserializeError.new("Malformed FILEOPEN (missing delimiter)") unless delim == ELEM_DELIMITER

I'm not a coding expert, but this looks like a real nasty way for users of the software to plant evidence which according to the softwares own samples would be child porn and bomb blueprints, and then frame the target.  and don't forget that the FBI is using this software...
Cybercriminals start using Flash zero-day exploit leaked from Hacking Team

Some of the so-called leaked "cyber weapons" are already being used out in the wild...hmmm.
Probably unrelated, but there is just something too funny about military grade "cyber-weapons" being released onto the internet and then the next day:

Wall Street Journal website goes down mysteriously

New York Stock Exchange unprecedented trading halt, major "glitch" blamed

Computer "GLITCH" halts United Airlines flights for two hours

Whats on HT's calendar?

Mar. 23-27, 2015 - Delivery of Pilot program for Brazil Federal Police
Apr. 13-17, 2015: Training for the FBI (PHOEBE)
Here is Hacking Team's Full price sheet for your governmental surveillance needs
Science & Tech / Re: Italian SpyWare company Hacking Team Hacked
« Last post by BuddhaForce on July 07, 2015, 12:33:59 PM »
HT's U.S. Expansion Plans and Prospective customers

Included: Potential customers NY District Attorneys Office, Office of Naval Intelligence (ONI), Bureau of Alcohol, Tobacco, and Firearms (ATF), Royal Canadian Mounted Police (RCMP), DEA, Naval Criminal Investigative Service (NCIS), Department of Justice (DOJ).
Science & Tech / Re: Italian SpyWare company Hacking Team Hacked
« Last post by BuddhaForce on July 07, 2015, 12:25:48 PM »
Hacking Team hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan
Pages: 1 [2] 3 4 ... 10