A collection of documents recently published by Wikileaks casts a light on surveillance vendors who sell intrusive monitoring technology to governments and law enforcement agencies. This growing industry—which serves countries around the world—offers the ability to monitor entire populations and circumvent the privacy and security safeguards built into conventional consumer technology.
In report last week, we highlighted DigiTask, a German company that sells malware for law enforcement investigations. The company's marketing materials says that its software, which is deployed through zero day exploits, can intercept encryption keys to provide law enforcement agents with access to encrypted communications. DigiTask is just one of the many vendors who produce such software. In this article, we will give you a brief look at some of the marketing material that was included in the Wikileaks Spy Files.
Paladion, which describes itself as "the fastest growing information security company" in Asia, sells monitoring and filtering tools to corporations, law enforcement agencies, and governments.
One of the Paladion products is an "SSL Interception and Decryption System" that is designed to snoop on encrypted communications. The company's marketing material explicitly advertises it as a tool for executing covert man-in-the-middle attacks against surveillance targets. The brochure also specifically highlights the system's ability to track encrypted banking transactions and GMail communication.
Paladion also sells a "link analysis" tool that digs through a surveillance target's communications in order to identify friends and associates. It can then extend its monitoring to the associated parties in order to perform analysis of communications across an entire group. It can compute the degree of separation between individuals and identify "anchor" individuals who connect various parties in a group.
According to the Paladion brochure, the link analysis tool is compatible with the company's Internet Monitoring System (IMS), a surveillance framework that can scale up to provide governments with nationwide monitoring. Paladion's IMS offers proactive detection of "new targets" based on analysis of potentially suspicious activity. The brochure touts the system's capacity for "mass scale" real-time analysis and long-term storage for "deep intelligence gathering" via data mining.
HackingTeam is an Italian surveillance company that sells "offensive security" solutions to law enforcement agencies "in all five continents." Unlike some of the more secretive companies whose products were outed by Wikileaks, HackingTeam doesn't hide its marketing material or label it confidential. The HackingTeam promotional video published by Wikileaks can also be found on the company's own website.
One product marketed by HackingTeam is the Remote Control System, malware that infects computers and smartphones in order to enable covert surveillance. The company says that its trojan can intercept encrypted communication, including Skype voice calls. They prominently advertise the fact that the malware can be installed remotely. They say that it can scale up to monitor "hundreds of thousands of targets" and is capable of being deployed to Apple, Android, Symbian, and Blackberry mobile devices.
VUPEN is a well-known security firm based in France that specializes in vulnerability research. They detect security flaws in software in order to provide companies with proactive protection against zero-day exploits. The company is very active in the security community and received international attention earlier this year when it took a swift victory in the pwn2own contest by impressively compromising a 64-bit version of Safari.
One of VUPEN's services is selling new zero-day exploits to intelligence and law enforcement agencies for use in surveillance. They offer the service on a subscription basis, providing governments with continuous access to new undocumented vulnerabilities and sample exploit code that can be used by investigators for "covertly and remotely installing" surveillance malware on computers and smartphones.
According to the company's brochure, the code they provide is crafted with the aim of "defeating modern exploit mitigation technologies." For an idea of what that means, the document quotes the company's CEO addressing the value of empowering law enforcement agencies with the ability to "bypass Antivirus products and modern operating system protections such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR)."
The company is selective about who can sign up to receive exploit code and requires recipients to commit to non-disclosure agreements. They say that they will only provide the service to legitimate government agencies that meet strict criteria. They will not serve countries that are subject to international embargoes.courtesy | Ryan Paul