It's pretty clear that these files just contain dummy values for debugging / test / placeholder purposes. There's no indication that these ever end up being pushed to devices.

-Travis

On Mon, Feb 22, 2016 at 11:26 PM, Rayzer <Rayzer@riseup.net> wrote:
Cari Machet wrote:
>
>
> On Feb 21, 2016 10:45 AM, "Douglas Lucas" <dal@riseup.net
> <mailto:dal@riseup.net>> wrote:
> >
> > @OpDeathEatersUS on Twitter says -
> > https://twitter.com/OpDeathEatersUS/status/619267423749828608 - that
> > Hacking Team sells child porn evidence fabrication tools, and cites this
> > code -
> >
> https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/file.rb#L17
> > - in support of the claim.
> >
> > Can someone more programming-proficient than I look at the code and tell
> > me 1) what it does overall, and 2) what the highlighted line - which
> > mentions "childporn.avi" and "pedoporno.mpg" - does in particular?
>
>
> From the code analyst:
>
> Embedded in Galileo code 'pedoporn' 'childporn avi'
>
> One idea - considering hacking team w/FBI and DEA, you can embed that
> code to give the appearance that the flagged target is under
> surveillance for child porn but since there is already an FBI flag for
> that, it's a lie. It's a mask to hide that your surveilling someone
> but you have no legitimate legal reason to do it.
>
> a 'childporn.avi' - is a profile pic like an 'avatar' that flags the
> person as in a child porn ring but hacking team doesn't do 'rings' -
> they do targeted (activists, dissidents etc) surveillance. So that's
> off and since it's embedded "placed over the source code" - the LEA is
> using it to mask the real reason they are spying on this person
>
> LEA likes to use child porn as a 'plant' - it's like an old school cop
> 'planting' cocaine on someone they've violated.
>
> END
>

"childporn.avi" and "pedoporno.mpg"

Those vids... Are they being planted on the site under attack by the
hacking team or it's software or is it linked offsite?

--
RR
"Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them"



> >
> > Here's some background:
> >
> >
> http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/
> >
> >
> http://www.wired.com/2015/07/fbi-spent-775k-hacking-teams-spy-tools-since-2011/
> >
> > From the Ars Technica article:
> >
> > ===
> > According to one spreadsheet first reported by Wired, the FBI paid
> > Hacking Team more than $773,226.64 since 2011 for services related to
> > the Hacking Team product known as "Remote Control Service," which is
> > also marketed under the name "Galileo." One spreadsheet column listed
> > simply as "Exploit" is marked "yes" for a sale in 2012, an indication
> > Hacking Group may have bundled some sort of attack code that remotely
> > hijacked targets' computers or phones. Previously, the FBI has been
> > known to have wielded a Firefox exploit to decloak child pornography
> > suspects using Tor.
> >
> > Security researchers have also scoured leaked Hacking Team source code
> > for suspicious behavior. Among the findings, the embedding of references
> > to child porn in code related to the Galileo.
> > ===
> >
> > Thanks,
> >
> > Douglas
>






--
Twitter | LinkedIn | GitHub | TravisBiehn.com | Google Plus