Archives de 29 avril 2015

Written by Lorenzo Franceschi-Bicchierai April 15, 2015 // 02:00 PM EST

The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.

The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal.

The contract, which has not been previously revealed, shows that the FBI is not the only US government agency engaged in hacking tactics, but that the DEA has also been purchasing off-the-shelf malware that could be used to spy on suspected criminals.

This revelation comes just a week after USA Today uncovered a secret program with which the DEA collected the phone records of millions of Americans for more than 20 years, a program that pre-dated and inspired the NSA’s own bulk telephone collection program, suggesting that the drug agency is sort of a pioneer in the use of surveillance.

Surveillance tech experts say the DEA’s relation with Hacking Team is further proof that methods and tools once only reserved for the military, intelligence agencies and even cybercriminals—such as drones and StingRays—are becoming commonplace in law enforcement as well.

“Hacking software is yet another example of a technology created for the intelligence community that has secretly trickled down to law enforcement.”

“Hacking software is yet another example of a technology created for the intelligence community that has secretly trickled down to law enforcement,” Christopher Soghoian, the principal technologist at the American Civil Liberties Union and an expert of surveillance technology, told Motherboard.

And given the how powerful this spyware can be, Soghoian added, “we need a public debate over this invasive surveillance technology.”​


The contract, according to public records, was signed on August 20, 2012 for a total value of $2.4 million between the DEA’s Office of Investigative Technology and a government contractor named Cicom USA.

The records were uncovered by Motherboard and Pri​vacy International, a London-based digital rights group, in independent investigations.

The contract, which records show is slated to be completed in August of 2015, is identified only as “Remote Controlled Host Based Interception System.”

That system, according to sources, is none other than Hacking Team’s Remote Control System, also known as Galileo, which the company markets as “the hacking suite for governmental interception.”

“You cannot stop your targets from moving. How can you keep chasing them? What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain. Remote Control System does exactly that,” a company brochure boasts.

Cicom USA, Motherboard has learned, was simply a reseller for Hacking Team, a spyware-maker that’s been accused of selling its products to some governments with questionable human rights records. Some of those governments, such as Ethiopia, the United Arab Emirates, or Morocco, used Hacking Team’s software to target dissidents and journalists.

In light of those incidents, which were uncovered by researchers at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, the company was included in a blacklist of corporate “Enemies of the Internet” by Reporters Without Borders.

Despite speculation based on the fact that Hacking Team has an office in the US, there’s never been any evidence that the company had sold its products on American soil, even though CEO David Vincenzetti boasted of having clients in more than 40 countries, including the US, in a 2011 interview with Italian newsmagazine L’Espresso.

The connection between Cicom USA and Hacking Team was confirmed to Motherboard by multiple sources with knowledge of the deal, who spoke on condition of anonymity because they were not authorized to discuss the content of the contract.

Eric Rabe, a spokesperson for Hacking Team, did not confirm nor deny the existence of the contract with the DEA.

“We don’t identify our clients. I’m certainly not going to comment whether the DEA or anyone else has purchased Hacking Team software.”

“We don’t identify our clients. I’m certainly not going to comment whether the DEA or anyone else has purchased Hacking Team software,” he told Motherboard in a phone interview. And for the same reason, he added, he declined to clarify what was the relationship between Hacking Team and Cicom USA.

Alex Velasco, Cicom USA’s general manager, did not answer Motherboard’s request for comment.

But the connection between the two companies is clear. Cicom USA is based in Annapolis, MD, at the same exact address where Hacking Team’s US office is located, according to the company’s website. The phone number for Cicom USA listed in the contract with the DEA, moreover, is exactly the same one that was displayed on Hacking Team’s website until February of this year.

When asked whether this was just a coincidence, Rabe laughed.

“I don’t know about why that would be a coincidence,” he said, but declined to elaborate.

It’s unclear what the DEA has been doing with Hacking Team’s malware. But the relationship between the agency and Cicom USA—and thus, Hacking Team—appears to be ongoing. The most recent public record shows a payment from the DEA to Cicom USA made in September of 2014.

A spokesperson for the DEA did not respond to a series of specific questions on the contract and how the DEA is using this technology. Thomas L. Walden, the section chief of the DEA Office of Investigative Technology, also did not respond to a message requesting comment.

Hacking Team’s RCS software can be surreptitiously installed on a target’s computer or cellphone and monitor all activity, allowing police officers to spy on data that might otherwise be encrypted and out of their reach.

Software like this isn’t sold only by Hacking Team. The Italian company is just one of an ever-growing group of surveillance tech companies that market their products exclusively to governments, police departments, and spy agencies, such as the French VUPEN, or the German FinFisher and its parent company Gamma International.

This is exactly the kind of software that the DEA was looking for, according to an official call for tender or “request for Information” published by the agency in March, 2012.

“The DEA is seeking information from potential sources with a fully functional and operational product proven to be capable of providing a Remote Control Host Based Interception System for device or target specific collection pursuant to authorized law enforcement use,” the document reads.

Roughly a month later, on May 4, 2012. The DEA had what it was looking for. In another document, the agency announced that it was going to “solicit and negotiate” a contract with Cicom USA for the duration of at least four years.

Cicom USA, according to the DEA, emerged as the only company capable of providing the service required, based on market research conducted internally by the agency. The DEA did not respond to questions regarding this research.

It’s possible the DEA picked Cicom USA because the US Army had done the same a year prior. According to public records, the Army made a purchase order for a Remote Control System on March 2011. The order shows that the Army was supposed to pay $350,000 for the software, and further confirms Cicom USA’s connection with Hacking Team, given that Italy is listed as the country of origin of the product. (The Army did not respond to Motherboard’s questions regarding the contract.)


For surveillance experts, the big question is whether the DEA actually has legal authority to use spyware such as Hacking Team’s—and how, exactly, it is used. A DEA spokesperson said that the agency “always abides by the laws of the jurisdictions within which it operates.”

And added that “however, in this case, this is off-the-shelf technology, legally available for purchase by all and used throughout the world by many organizations.”

But experts are not convinced.

“The legal framework governing the use of such tools in the US is extremely unclear, meaning that the use of Hacking Team’s spyware is potentially unlawful,” Edin Omanovic, a researcher at Privacy International, told Motherboard.

“The use of Hacking Team’s spyware is potentially unlawful.”

The FBI is the only other US law enforcement agency that has been reported to use malware. The bureau has been using it since at least 2001 when FBI’s spyware Magic Lantern was revealed. But the precise legal authority, as well as the process that FBI agents use to get authorization, is still unclear, and very few cases where the bureau used malware have actually come to light.

In 2011, internal emails obtained by the Electronic Frontier Foundation revealed that in some past instances, FBI agents considered using malware known as « Computer and Internet Protocol Address Verifier » (CIPAV) without getting a warrant, or in other cases, hid key details on what the technology actually entailed in order to increase the chances the judge would approve it.

In any case, the bureau, after consulting with the Office of General Counsel and the National Security Law Branch finally appeared to settle on a “two-step request” legal process: get a search warrant to authorize the deployment of the software on a target’s computer, and then a subsequent order (known as pen register or trap and trace) to authorize the actual surveillance.

In 2013, a Texas judge stopped the FBI from using malware, rejecting the bureau’s warrant application because it was too vague and didn’t specify how the agents would actually install the software.

Soghoian, the ACLU surveillance tech expert, said that given the nature of this technology, and the fact that “Congress and the courts have been kept in the dark” about it, Americans should have more information on when and how the feds are using spyware.

“If law enforcement agencies can hack into your computer, turn on your webcam, turn on your microphone and steal documents from your computer, that’s the kind of thing that should get the attention of Congress. »

“Courts are not being told how agencies will get malware onto the computers of targets,” Soghoian said. “Similarly, law enforcement agencies have not discussed the use of this technique in any public Congressional hearings.”

“The American people deserve some answers and I think Congress needs to investigate this,” Soghoian told Motherboard.

Omanovic, from Privacy International, added that the US needs update the legal framework regarding hacking and the use of spyware by law enforcement agencies and establish “effective oversight mechanisms.”

Privacy International also released a ​dos​sier on Hacking Team on Wednesday, asking Italian authorities to look into the company and its practices in light of European export controls of surveillance technology. (Rabe said that the company « is in compliance with all export laws. »)

Some legal experts, however, argue that there’s nothing illegal about the use of spyware. Although there is no specific law that specifically covers hacking, Jonathan Mayer, a computer scientist and lawyer at Stanford University, said that law enforcement agencies are “broadly authorized” to conduct searches in the US, including using hacking techniques.

“They don’t need some special legislative grant of extra authority before they can hack,” Mayer told Motherboard, adding that a search warrant supported by probable cause and particularly describing what the agents seek is all they need.

But for critics, such as Soghoian or Privacy International, there still should be more transparency and a public debate.

“If law enforcement agencies can hack into your computer, turn on your webcam, turn on your microphone and steal documents from your computer,” Soghoian said, “that’s the kind of thing that should get the attention of Congress, particularly before this trickles down to local law enforcement agencies.”

This story has been updated to include a comment from Hacking Team’s Eric Rabe on his company’s compliance with export controls. And to clarify that FBI agents considered using malware without a warrant, according to documents obtained by the EFF. 


Aulnaycap !

CannabisUn peu plus de 6 kg de résine de cannabis ont été saisis mardi dans la ville d’Aulnay-sous-Bois. La saisie a eu lieu dans un immeuble situé au 9, rue Ambourget (quartier de Mitry). Le suspect avait caché la marchandise dans sa cave, elle y était dissimulée.

Voir l’article original

Photomontage: Benoît Gougeon
Quatre-vingt-dix millions de dollars au bas mot. Voilà le montant des ventes de drogue estimé pour une année sur Silk Road, le premier cryptomarché à abriter des activités illicites en ligne. Depuis, les ventes de cocaïne, d’héroïne et d’ecstasy auraient explosé sur le Web avec la venue d’autres sites semblables.

« La demande est très forte et les trafiquants sont habiles à camoufler et sceller leurs colis afin qu’ils ne soient pas interceptés par Postes Canada ou par les agents des services frontaliers », rapporte David Décary-Hétu, professeur à l’École de criminologie de l’Université de Montréal et chercheur au Centre international de criminologie comparée de l’UdeM. Avec Judith Aldridge, de l’Université de Manchester, en Angleterre, il a étudié les réseaux criminels virtuels afin de déterminer la taille des marchés de drogue sur Internet et de tracer le profil des consommateurs.

En septembre 2013, les chercheurs ont réussi à copier l’historique des transactions faites sur Silk Road 1. « C’était à peine deux semaines avant la fermeture du site par le FBI », signale le criminologue. Sur ce cryptomarché, on vendait des vêtements, des livres, mais surtout des stupéfiants livrables à domicile par la poste partout dans le monde ! À l’époque, il s’agissait du seul réseau en ligne garantissant l’anonymat qui permettait de se procurer des substances psychoactives.

En analysant plus de 12 000 annonces et commentaires de clients, David Décary-Hétu et sa collègue ont pu calculer les revenus générés en multipliant le nombre de messages des acheteurs par le prix des produits. Ils ont ainsi démontré que les ventes de stupéfiants sur le site avaient grimpé en flèche en l’espace d’un an, passant de 17 à 90 millions de dollars, une augmentation de 600 %.

Autre constat : une grande part des achats aurait été effectuée par des vendeurs qui s’approvisionnaient sur le cryptomarché pour ensuite revendre la drogue dans la rue ou sur le Web. Le professeur Décary-Hétu a établi un an plus tard l’identité de quelque 250 vendeurs canadiens actifs sur les cryptomarchés. Ils expédiaient leur marchandise comme une lettre à la poste !

Il aura fallu deux ans et demi au FBI pour mettre la main au collet de l’administrateur de Silk Road 1, Russel Ulbricht, un physicien de 30 ans habitant San Francisco. Celui-ci aurait même été traqué par hasard, raconte-t-on. Depuis son arrestation, une quinzaine de cryptomarchés voués à la vente de drogue ont vu le jour, dont Agora, Nucleus, Middle Earth et Silk Road 2 (fermé lui aussi par le FBI). « Les cryptomarchés représentent une telle innovation criminelle qu’ils pourraient transformer le marché de la drogue et faire reculer les efforts de régulation de plusieurs décennies », estime David Décary-Hétu. Ses travaux ont permis la mise au point d’un outil de surveillance des marchés de vente de drogue en ligne.

David Décary-Hétu a lui-même plongé dans le dark Net et procédé à des achats de drogue.


Le Web invisible

Mais comment de telles activités passibles de prison sont-elles possibles sur Internet? En fait, il s’agit de la face obscure du Web, le dark Net, comme la nomment les spécialistes, ou Web invisible. On accède à ce monde parallèle grâce à Tor Browser, un fureteur configuré pour y naviguer. « Cela permet aux individus de se connecter aux cryptomarchés sans que le site Web connaisse leur identité et leur adresse IP », précise David Décary-Hétu. Pas moyen de connaître précisément la source des produits.

« Il existe maintenant un grand nombre de cryptomarchés qui permettent de commander des drogues en ligne, ajoute le professeur. Ces marchés criminels sont calqués sur des sites marchands comme Amazon et eBay. Ils en diffèrent cependant par le fait que les paiements sont faits en bitcoins, une monnaie virtuelle anonyme, et l’argent des acheteurs est gardé en fidéicommis jusqu’à ce qu’ils reçoivent leur commande. Toutes les connexions des utilisateurs sont anonymisées. »

Selon le chercheur, les cryptomarchés sont un petit canal de distribution non approprié pour les cartels de la drogue. En revanche, ils sont efficaces pour approvisionner les vendeurs intermédiaires à la recherche de stupéfiants potentiellement de meilleure qualité et moins chers. Et, compte tenu de leur aspect sécuritaire, le nombre de transactions virtuelles illicites n’a pas fini de croître, juge le professeur.

Les criminels en ligne, des nationalistes ?

Depuis son doctorat en criminologie à l’UdeM sous la direction des professeurs Carlo Morselli et Stéphane Leman-Langlois, de 2009 à 2012, David Décary-Hétu étudie l’influence d’Internet sur la criminalité et l’adaptation des criminels à cet environnement virtuel pour tenter d’approfondir la compréhension du phénomène de la déviance en ligne.

Ce spécialiste des cryptomarchés, l’un des rares au Québec, a même plongé dans l’univers du dark Net et procédé à des achats de drogue alors qu’il accomplissait un travail de maître d’enseignement et de recherche à l’École des sciences criminelles de l’Université de Lausanne, en Suisse. L’objectif ? Comparer le profilage chimique des produits achetés en ligne avec ceux qu’on trouve dans la rue. « On peut ainsi avoir une bonne idée d’où vient la drogue, affirme David Décary-Hétu. Par exemple, si la cocaïne est pure à 85 %, elle provient sans doute directement des fournisseurs d’Amérique du Sud, car la pureté des drogues locales oscille généralement entre 25 et 35 %. »

Pour l’heure, il est prématuré de généraliser les données obtenues par le professeur. Mais les résultats préliminaires révèlent des différences entre les deux canaux de distribution et ce ne sont pas nécessairement les mêmes individus qui vendent sur les cryptomarchés et en dehors du Web. « Au Canada, on n’analyse pas la pureté de la drogue saisie, souligne le chercheur. On ne peut donc pas établir le même parallèle entre les produits. » Mais les données accumulées au fil des ans tendent à confirmer une tendance : plus la réputation des trafiquants est grande et plus ceux-ci expédient leurs marchandises principalement dans leur pays d’origine. Les clients semblent aussi préférer acheter à des vendeurs issus du même pays afin d’éviter les inspections aux frontières. « Les cryptomarchés sont des plateformes mondiales, mais on croit qu’elles sont d’abord utilisées de manière nationale. C’est du moins ce qu’on tente actuellement de montrer. »