Hacking Team child porn code
Travis Biehn
tbiehn at gmail.com
Tue Feb 23 10:11:31 PST 2016
Well,
The strings for debug code can certainly show up, even these files
themselves. Which you can see some samples of under /content (the video
stuff is missing, fueling the conspiracy fire?) There's screenshots,
wallet.dats and fake files. Even a picture of, presumably, one of the
developers:
https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/content/camera/001.jpg
Ref'd:
https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/camera.rb
In fact, if you look at all the modules in /evidence/ they all contain
obvious dummy / test data.
https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/exec.rb
https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/clibpoard.rb
So on.
Are they implanting pictures of themselves on hacked machines? Screenshots
of their own code?
It's obvious to anyone who can take a cursory read of these chunks of code
in context that this is dummy test data.
-Travis
On Tue, Feb 23, 2016 at 12:35 PM, Rayzer <Rayzer at riseup.net> wrote:
> Travis Biehn wrote:
> > It's pretty clear that these files just contain dummy values for
> > debugging / test / placeholder purposes. There's no indication that
> > these ever end up being pushed to devices.
> >
> > -Travis
> >
>
> Just for giggles I did a search on those file names.
>
> pedoporno.mpg turns up articles on top about the Hacking Team
>
> childporn.avi turns up hits about the BAT_ETIMOLOD.A virus followed by
> Hacking Team hits farther down the page. At least one of these files is
> not always a dummy.
>
> --
> RR
> "Through counter-intelligence it should be possible to pinpoint potential
> trouble-makers ... And neutralize them, neutralize them, neutralize them"
>
>
> > On Mon, Feb 22, 2016 at 11:26 PM, Rayzer <Rayzer at riseup.net
> > <mailto:Rayzer at riseup.net>> wrote:
> >
> > Cari Machet wrote:
> > >
> > >
> > > On Feb 21, 2016 10:45 AM, "Douglas Lucas" <dal at riseup.net
> > <mailto:dal at riseup.net>
> > > <mailto:dal at riseup.net <mailto:dal at riseup.net>>> wrote:
> > > >
> > > > @OpDeathEatersUS on Twitter says -
> > > > https://twitter.com/OpDeathEatersUS/status/619267423749828608
> > - that
> > > > Hacking Team sells child porn evidence fabrication tools, and
> > cites this
> > > > code -
> > > >
> > >
> >
> https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/file.rb#L17
> > > > - in support of the claim.
> > > >
> > > > Can someone more programming-proficient than I look at the
> > code and tell
> > > > me 1) what it does overall, and 2) what the highlighted line -
> > which
> > > > mentions "childporn.avi" and "pedoporno.mpg" - does in
> particular?
> > >
> > >
> > > From the code analyst:
> > >
> > > Embedded in Galileo code 'pedoporn' 'childporn avi'
> > >
> > > One idea - considering hacking team w/FBI and DEA, you can embed
> > that
> > > code to give the appearance that the flagged target is under
> > > surveillance for child porn but since there is already an FBI
> > flag for
> > > that, it's a lie. It's a mask to hide that your surveilling someone
> > > but you have no legitimate legal reason to do it.
> > >
> > > a 'childporn.avi' - is a profile pic like an 'avatar' that flags
> the
> > > person as in a child porn ring but hacking team doesn't do 'rings'
> -
> > > they do targeted (activists, dissidents etc) surveillance. So
> that's
> > > off and since it's embedded "placed over the source code" - the
> > LEA is
> > > using it to mask the real reason they are spying on this person
> > >
> > > LEA likes to use child porn as a 'plant' - it's like an old
> > school cop
> > > 'planting' cocaine on someone they've violated.
> > >
> > > END
> > >
> >
> > "childporn.avi" and "pedoporno.mpg"
> >
> > Those vids... Are they being planted on the site under attack by the
> > hacking team or it's software or is it linked offsite?
> >
> >
> >
> > > >
> > > > Here's some background:
> > > >
> > > >
> > >
> >
> http://arstechnica.com/security/2015/07/massive-leak-reveals-hacking-teams-most-private-moments-in-messy-detail/
> > > >
> > > >
> > >
> >
> http://www.wired.com/2015/07/fbi-spent-775k-hacking-teams-spy-tools-since-2011/
> > > >
> > > > From the Ars Technica article:
> > > >
> > > > ===
> > > > According to one spreadsheet first reported by Wired, the FBI
> paid
> > > > Hacking Team more than $773,226.64 since 2011 for services
> > related to
> > > > the Hacking Team product known as "Remote Control Service,"
> > which is
> > > > also marketed under the name "Galileo." One spreadsheet column
> > listed
> > > > simply as "Exploit" is marked "yes" for a sale in 2012, an
> > indication
> > > > Hacking Group may have bundled some sort of attack code that
> > remotely
> > > > hijacked targets' computers or phones. Previously, the FBI has
> > been
> > > > known to have wielded a Firefox exploit to decloak child
> > pornography
> > > > suspects using Tor.
> > > >
> > > > Security researchers have also scoured leaked Hacking Team
> > source code
> > > > for suspicious behavior. Among the findings, the embedding of
> > references
> > > > to child porn in code related to the Galileo.
> > > > ===
> > > >
> > > > Thanks,
> > > >
> > > > Douglas
> > >
> >
> >
>
>
>
--
Twitter <https://twitter.com/tbiehn> | LinkedIn
<http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn>
| TravisBiehn.com <http://www.travisbiehn.com> | Google Plus
<https://plus.google.com/+TravisBiehn>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 9416 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20160223/942b3db8/attachment-0002.txt>
More information about the cypherpunks
mailing list