Researchers at the University of Toronto’s Citizen Lab released a
report
this week that indicates that the Azerbaijani government used a sophisticated computer spyware tool that can monitor
all
computer and mobile phone activity, regardless of encryption security tools being used, without the user knowing that anything was installed. This tool can even use the web camera and microphone as recording devices.
What is this monitoring tool and what can it do?
A Milan-based company called Hacking Team (also known as HT S.r.l.) sells
software
to governments that are
officially
to be used in criminal investigations. This includes a suite called
DaVinci
(or sometimes Crisis), which costs hundreds of thousands of dollars, and a Remote Control System called
Galileo
. These tools allow a government to take control of a user’s computer or mobile phone and monitor all of their activities – even if the user has encryption tools turned on. The sales occur directly between the Hacking Team company and the government itself – it does not use third party vendors to sell the technology, so the company knows exactly which governments use the software. Moreover, there is a board of engineers and lawyers unaffiliated with the company that reviews every sale. The company
says
that it considers “credible government or non-government reports reflecting that a potential customer could use surveillance technologies to facilitate human rights abuses.” (Although it does not emphasize this process in its promotional materials.) And based on the list of countries in the
report
, it seems as if a number of countries known for human rights violations do use the software.
A
security blog
reports that “Galileo can monitor and log: Any action performed on a PC, whether Windows or Mac architecture:
web browsing
,
keystrokes
in any unicode language, printed documents,
chat
,
email
,
instant messaging
, remote audio spy, and
Skype voice conversations
. Any action on a smart phone including iOS, Windows, Blackberry and Symbian: call history,
address book
,
calendar
,
email
and
SMS messages
. Also intercepts call signal/
location info
and
voice calls
, and provides remote audio spy function. Encryption? Not a problem. Galileo sails right by it.”
Or from
The Verge
, “With Da Vinci, the police can
monitor a suspect’s cell phone conversations
,
emails
, and
Skype calls
, and even
spy on the target through his or her webcam and microphone
. It’s as if the investigator were standing behind a suspect using their computer.”
A
promotional video
indicates that this tool can work outside of the borders of the country that is using the tool as well.
The spyware installs itself through a variety of methods – but the easiest method would have someone with physical control of a user’s computer or phone install the software. But as
was the case in the UAE
, a suspicious email with a Word document attachment was opened and installed the software without any human assistance. There is also evidence of tweets with links to malicious software that installs in a user’s system in the same way. Either method exploits bugs in popular software. The Citizen Lab believes that governments purchase additional software to create websites and documents that are the source of the infection that then ties the computer or mobile phone into the Remote Control System. Once on the user’s computer or phone, the malicious software cannot be detected by any spyware or virus scanner.
While the system is designed to help governments monitor criminals, but it was
used against a UAE human rights blogger and activist
and a
Moroccan journalism organization
as well as
Ethiopian journalists while they were in the United States
.
Is it in Azerbaijan?
The University of Toronto Citizen Lab research team explains that the software does not directly link a user’s computer or phone to the government that wishes to monitor. Rather, there is a series of connections, often in different countries, that make the relationship difficult to trace. This system works in the same way that the popular encryption tool Tor does – through multiple “hops”, the data becomes anonymized. The traced these hops to an “endpoint” which they believe represents the local government’s operator of the tool. In Azerbaijan, they found one endpoint (Azertelekom: 109.235.193.83). This endpoint was active between June and November 2013, essentially the pre- and post-election period.
What can be done?
While it is impossible to know if this software is on your computer or mobile phone, some simple things can be done to reduce the effect of an infection: turn your computer or mobile phone off when you’re not using them, so that the web camera and microphone cannot be used without you knowing. Put a piece of dark tape or a Post It Note over the web camera when you’re not using it. Make sure that your computer operating system and all applications are always updated to the most recent version. Fully reformatting one’s hard drive and hard resetting one’s phone
may
remove the software. Do not open email attachments or links from unknown people. However, assume that anything that you do on your computer or mobile phone, even if it is not connected to the Internet, can be monitored.
