
from the tutti-i-tuoi-dati-appartengono-a-noi dept.
In operation since 1992, RCS Labs is a relatively unknown Italian company, and just one node in a web of spyware vendors operating out of Italy with little oversight:
In April 2022, about four months after Kazakhstan's government violently cracked down on nationwide protests, cybersecurity researchers discovered that authorities in the country were deploying spyware on smartphones to eavesdrop on citizens.
[...] The spyware, known as Hermit, is believed to have been used in several other countries including Syria and Italy. Documents published by Wikileaks in 2015 show that RCS had engaged with military and intelligence agencies in Pakistan, Chile, Mongolia, Bangladesh, Myanmar, Vietnam and Turkmenistan, according to a blog post from Lookout, the cloud security company which discovered Hermit.
[...] Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel's NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools. According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.
As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a report from Riccardo Coluccini, a respected Italian journalist who specializes in covering spyware and hacking.
"Spyware is being used more in Italy than in the rest of Europe because it's more accessible," Fabio Pietrosanti, president of Italy's Hermes Center for Transparency and Digital Human Rights and a prominent ethical hacker there told Recorded Future News. "Like any technology or any investigative tool, if it's more accessible, then it will be more used. That's just the natural consequence."
Originally spotted on Schneier on Security.
Previously: Italian Government Spyware Infiltrated Google Play
« Weekends Were a Mistake, Says Infosys Co-Founder Murthy | Tire Particles as a Distinct Source of Environmental Damage »
Related Stories
According to a technical report issued Friday, a new surveillance malware, aimed at Italian users and dubbed 'Exodus' has been infiltrating the Google Play store. It is also being reported that the software is contracted by the Italian Government from a surveillance company called eSurv based in Catanzaro, in Calabria, Italy.
According to Google,
nearly 25 variants of this spyware were uploaded on [the] Google Play Store. Google Play has removed the apps and they stated that "thanks to enhanced detection models, Google Play Protect will now be able to better detect future variants of these applications".
Although the software has built in checks to confirm the target is Italian, it is of limited effectiveness.
Exodus includes a function called CheckValidTarget function that supposedly exists to "validate" the target of a new infection, but the researchers suggest that not much "validation" is going on, given that the malware activated immediately on the burner phone they used, and stayed active throughout their tests.
The malware doesn't just violate your security, it more or less destroys it
binding a shell on all available interfaces will obviously make it accessible to anyone who is sharing at least a local network with an infected device. For example, if an infected device is connected to a public Wi-Fi network any other host will be able to obtain a terminal on the device without any form of authentication or verification by simply connecting to the port.
If the mobile operator doesn't enforce proper client isolation, it is possible that the infected devices are also exposed to the rest of the cellular network.
Obviously, this inevitably leaves the device open not only to further compromise but to data tampering as well.
Google indicated that all downloads of the malware were from Italy.
(Score: 3, Interesting) by looorg on Thursday November 21, @01:13PM (3 children)
If one looks at the image in TheRecord it seems the most interesting thing about the Italian market is the investor to vendor connection. Still, for Italy, it doesn't add up; 10+1+1 =! 11. Did they just pocket one of the revenue streams and forgot about it?
The other interesting thing about the image is Greece. They seem to be pulling money from all over and fly under the radar somehow. What is so sneaky in, and about, Greece? It's not exactly a country I think about when I hear high-tech-sneaky-stuff. But they could be in a good geographical spot. Or they are really really good since we don't hear or think about them.
The overall issue seems to be that they are not very particular about their clients and what the software is used for. Anyone with a $ can apparently be a client. No matter how unsavory they are.
(Score: 3, Funny) by Freeman on Thursday November 21, @02:24PM
10+1+1 = 11 when one part is going to the Mafia.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by Frosty Piss on Thursday November 21, @03:28PM
This pretty much describes most if not all "legit" spyware companies, certainly the famous Israeli people. Those who produce spyware for the "legit" market (government / corporate) pick their clients based on the ability to pay CASHOLA.
(Score: 0) by Anonymous Coward on Thursday November 21, @11:48PM
Greece? Just a bunch of expats working from their new "home"