Hacking Team child porn code

Rayzer Rayzer at riseup.net
Tue Feb 23 09:35:48 PST 2016


Travis Biehn wrote:
> It's pretty clear that these files just contain dummy values for
> debugging / test / placeholder purposes. There's no indication that
> these ever end up being pushed to devices.
>
> -Travis
>

Just for giggles I did a search on those file names.

pedoporno.mpg turns up articles on top about the Hacking Team

childporn.avi turns up hits about the BAT_ETIMOLOD.A virus followed by
Hacking Team hits farther down the page. At least one of these files is
not always a dummy.

-- 
RR
"Through counter-intelligence it should be possible to pinpoint potential trouble-makers ... And neutralize them, neutralize them, neutralize them"


> On Mon, Feb 22, 2016 at 11:26 PM, Rayzer <Rayzer at riseup.net
> <mailto:Rayzer at riseup.net>> wrote:
>
>     Cari Machet wrote:
>     >
>     >
>     > On Feb 21, 2016 10:45 AM, "Douglas Lucas" <dal at riseup.net
>     <mailto:dal at riseup.net>
>     > <mailto:dal at riseup.net <mailto:dal at riseup.net>>> wrote:
>     > >
>     > > @OpDeathEatersUS on Twitter says -
>     > > https://twitter.com/OpDeathEatersUS/status/619267423749828608
>     - that
>     > > Hacking Team sells child porn evidence fabrication tools, and
>     cites this
>     > > code -
>     > >
>     >
>     https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/file.rb#L17
>     > > - in support of the claim.
>     > >
>     > > Can someone more programming-proficient than I look at the
>     code and tell
>     > > me 1) what it does overall, and 2) what the highlighted line -
>     which
>     > > mentions "childporn.avi" and "pedoporno.mpg" - does in particular?
>     >
>     >
>     > From the code analyst:
>     >
>     > Embedded in Galileo code 'pedoporn' 'childporn avi'
>     >
>     > One idea - considering hacking team w/FBI and DEA, you can embed
>     that
>     > code to give the appearance that the flagged target is under
>     > surveillance for child porn but since there is already an FBI
>     flag for
>     > that, it's a lie. It's a mask to hide that your surveilling someone
>     > but you have no legitimate legal reason to do it.
>     >
>     > a 'childporn.avi' - is a profile pic like an 'avatar' that flags the
>     > person as in a child porn ring but hacking team doesn't do 'rings' -
>     > they do targeted (activists, dissidents etc) surveillance. So that's
>     > off and since it's embedded "placed over the source code" - the
>     LEA is
>     > using it to mask the real reason they are spying on this person
>     >
>     > LEA likes to use child porn as a 'plant' - it's like an old
>     school cop
>     > 'planting' cocaine on someone they've violated.
>     >
>     > END
>     >
>
>     "childporn.avi" and "pedoporno.mpg"
>
>     Those vids... Are they being planted on the site under attack by the
>     hacking team or it's software or is it linked offsite?
>
>
>
>     > >
>     > > Here's some background:
>     > >
>     > >
>     >
>     http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/
>     > >
>     > >
>     >
>     http://www.wired.com/2015/07/fbi-spent-775k-hacking-teams-spy-tools-since-2011/
>     > >
>     > > From the Ars Technica article:
>     > >
>     > > ===
>     > > According to one spreadsheet first reported by Wired, the FBI paid
>     > > Hacking Team more than $773,226.64 since 2011 for services
>     related to
>     > > the Hacking Team product known as "Remote Control Service,"
>     which is
>     > > also marketed under the name "Galileo." One spreadsheet column
>     listed
>     > > simply as "Exploit" is marked "yes" for a sale in 2012, an
>     indication
>     > > Hacking Group may have bundled some sort of attack code that
>     remotely
>     > > hijacked targets' computers or phones. Previously, the FBI has
>     been
>     > > known to have wielded a Firefox exploit to decloak child
>     pornography
>     > > suspects using Tor.
>     > >
>     > > Security researchers have also scoured leaked Hacking Team
>     source code
>     > > for suspicious behavior. Among the findings, the embedding of
>     references
>     > > to child porn in code related to the Galileo.
>     > > ===
>     > >
>     > > Thanks,
>     > >
>     > > Douglas
>     >
>
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160223/88bb5b45/attachment-0002.sig>


More information about the cypherpunks mailing list