Cyber spying

Cyber spying is performed on so many levels that we won’t be able to cover this topic as thoroughly as we would like. In this chapter we will laser focus on two known types of cyber spying: malicious software-enabled cyber spying and industrial cyber espionage.

Malicious software-enabled cyber spying

 If you have a smartphone, chances are it has a microphone, two cameras and GPS and, for instance, GLONASS (if you are in Russia). These technologies allow to bug premises around its perimeter, watch the phone’s owner through cameras and track his movement. This is to say nothing of accessing your calls, correspondence, emails.

Do you think these threats are mere speculations? Have you ever used smartphones from Xiaomi, Huawei or Lenovo? Do you know that some time ago these companies were caught supplying these devices with pre-installed spy software? Although this may sound like a far-fetched rumor, it happened in reality. Spy software can track the phones’ owners, listen to their calls and send data to perpetrators.

We can’t declare with certainty that it is the manufacturers themselves who are responsible for the malware installation. It is very likely that the spyware could be installed by middlemen, via any channels leading to end customer.

Do you suppose iOS users are any safer? Well, Ahmed Mansoor, a prominent human rights defender based in UAE, could share a different story. He was cautious enough to pass the link he got on his iPhone to the computer security experts who discovered malicious software Pegasus that uses three zero-day exploits in iOS at once.

Clicking this link would’ve led to Mansoor’s device getting infected and turned his iPhone into a perfect cyber spying tool. His timely vigilance exposed the potent malware thus rendering iOS devices a much safer experience for all its users.

But what if you use a less common version of mobile operating system or the so-called cryptophone like BlackBerry or Blackphone? Forget about unbreakable devices, the beginning of 2018 was marked by the discovery of Meltdown, a nine-year-old CPU security flaw that affects almost all modern devices. The flaw became one of the most dangerous vulnerability plagues in history hitting the IT world with one of the largest scope it has ever witnessed. Therefore, less common systems and cryptophones will not rescue you, especially keeping mind that Blackphone was notoriously rooted at the BlackHat security conference in less than 5 minutes…

Meltdown affects all operating systems including Windows, macOS, iOS, all Linux-based systems. Without updates, you won’t be able to evade it even if you have a Debian with no software packages selected prior, Linux Mint, Tails, or Whonix.

Perhaps you think this kind of tools is available only to special services? Indeed, special services have a much wider range of software and exploits than common users. Edward Snowden’s leaks and WikiLeaks' document dump on the CIA’s hacking capability in the spring of 2017 demonstrate how easily they can access any computer in the world.

But the main problem is the availability of spying software for common users. Getting an unware victim infected is no rocket science for a hacker: it just takes social engineering, some time and money (at least if he deals with Android or Windows).

 All it will take a common user is to visit a specialized forum like exploit on the Russian web or hackforums if you know English. Then you choose suitable RAT software. We won’t describe the next steps for ethical reasons, but one should bear in mind that any attempt to infect another person except oneself can get you behind the bars. For instance, a Rome citizen Antony S. got arrested at the start of 2017 for installing a surveillance application to his girlfriend’s phone. He was spying on her for several months before he was caught by the Italian police. And Anthony is not the only one who has been caught in the act out there.  

The difference between Antony and a professional hacker is that a common user doesn’t hide where the program is hiding data. Professionals acquire bulletproof servers in offshore datacenters paying for them using dummies and thoroughly hiding their whereabouts. A common user will either obtain a controlling server from a popular hosting service, providing his personal data and using his own bank card - of course, the hosting service will turn him in, or worse, an unprepared user may use the servers of a parent control application whose developers eagerly respond to requests from law enforcement to avoid accusations of malware development.

Don’t be deluded by the false simplicity and availability of cyber spying tools: it can end in a prison sentence. Using them is highly not recommended.

 By the way, software for cyber spying is often developed by law enforcement bodies as bait for catching perpetrators or by hackers for luring victims. For instance, Cobian RAT actively touted across underground forums as the perfect malware tool turned out to have a backdoor. A user would download the program to infect his victims and, unbeknownst to him, got himself infected. And if you come to think of it, this was in a way justice being served.

But we are getting sidetracked... Many people believe they are reliably protected by antiviruses responding to lavish advertising in the line of “reliable protection for your devices” or “a whole new level of security”… If antiviruses were really capable of protecting you from spying tools, it just wouldn’t exist, and the chapter would’ve come down to one simple phrase “just download an antivirus and put an end to all your cyber spying concerns”.

Unfortunately, antiviruses check for cyber spying malware if they know about its existence, but if it’s encrypted, it’s unrecognizable. You will learn more about it in the chapter focusing on malware.

Sometimes antiviruses themselves become a cyber spying tool. I suppose you’ve already heard about the NSA breach linked to a major Russian antivirus company Kaspersky Lab. But have you heard about the DU Antivirus Security scandal? Well, the researchers at the Check Point security firm discovered that a popular antivirus application for Android - DU Antivirus Security, which had been reportedly downloaded by 50 million users by the time, was secretly collecting user data.

DU Antivirus Security was created by DU Group, part of the Baidu conglomerate. The application collected the unique identifiers, contacts, call log and other information from a device and then send them all to the servers registered to a Baidu employee. This story clearly shows that spying can be conducted even by those who are supposed to protect you from it.

Now let’s move on to the methods of cyber spying and the tools that can protect you against it. It is much harder to detect and remove spying tools and some users are naïve to believe that the problem can be solved by a replacement of the computer or system reinstall…

Computer replacement or operating system reinstall is a drastic and effective measure, but if you deal with professional cyber spying executed with the help of professional software, it rarely works out.

If you were a perpetrator with the intention of spying on somebody, would you think of a device replacement or reinstall scenario? Most likely, you would if we are talking about targeted cyber spying that strikes at two different levels: implementation and entrenchment. How does such malware get entrenched? There are at least three options available for the perpetrator: write malware to external media, write it into the firmware of the device or “join” critical data.

The most fascinating technique used is rewriting the hard drive’s firmware. This option is often exercised by U.S. NSA’s malware or by the groups related to the agency. According to the Kaspersky Lab’s Global Research and Analysis Team (GReAT) research, a powerful hacker team Equation Group employs such cyber spying method. The hard drive models of such high-profile companies as Seagate, Western Digital, Toshiba, Maxtor, IBM and others were found vulnerable to the threat.

When malware gets into the hardware firmware, system reinstall with disk formatting is rendered absolutely useless, and antiviruses are incapable of reaching it there too. The only effective method to deal with this problem is to replace the infected component: pull the hard drive, get it out in the field, pour petrol over it and burn. But that may not work out as well…

To prevent the replacement of an infected component and therefore the loss of control over his victim, the perpetrator would usually resort to writing malware to external media. These media may include not only memory sticks but also a phone, a potential target as a storage device, which can become a self-sufficient cyber spying tool. To get infected, you don’t even have to connect your phone to a computer.

As a rule, the victim’s Wi-Fi router is infected to control the Internet traffic. This is no rocket science if the perpetrator has full remote access to the computer. Once the Wi-Fi router is infected, he can infect all the devices that connect to it, including other computers and phones.

The latest Vault 7 CIA document dump exposed CherryBlossom, a framework used for hijacking home wireless networking devices which was allegedly designed with the help of Stanford Research Institute. The CIA’s hacking tool breaks into devices from a wide range of vendors such as Apple, D-Link, Linksys, Cisco, Belkin and others.

Let’s get back to the device of the victim that is being spied on. Of course, a user can destroy his computer, external media, phone and router, but he is very unlikely to part with his sensitive data. However, that’s the target the perpetrator pursues. You buy a new device, in a different country you connect to a different Wi-Fi device, launch your Word document and you are a victim of spying again.

Is there a way out? Of course, there is, and you are going to find out about it as you progress through this course. Edward Snowden, for instance, kept his phone switched off…reportedly even in a safe. I don’t know if unmodified disconnected phones could be used as bugs. However, special agencies are capable of detecting the coordinates of a disconnected smartphone if it has a battery.

On the other hand, if your iPhone has a software implant DROPOUTJEEP developed by NSA, chances are you are being spied on even if your phone is switched off (the name of the implant is old, it has probably been changed). Still, there is no way you will know that the implant got into your cell phone. Therefore, you have only one piece of advice left: if you are a person of interest to special agencies, don’t order devices with delivery put to your personal data or the data of your family’s members. Go to a store and buy a random device.

Why am I telling you only about professional cyber spying? There is also cyber spying for smaller reasons or just for fun. Don’t get surprised, you can be spied on out of boredom, bitterness or to sell your webcam records for profit. Young girls should be especially aware of this kind of threat. Some time ago such videos could be easily found on YouTube, today they get usually removed.

 It is quite common for malicious intruders to do the following just for fun: a son shows something to his mother on the screen and just at this moment some hardcore adult movie content gets displayed instead. Less frequently the hijacked intimate details of your life can be used in a blackmail scam. A perpetrator records or steals your personal video and, having access to your computer, puts together the list of your friends, relatives and colleagues on social networks to make you an offer: either you pay him money, for instance, 2000$ or your video with intimate details will be sent to every one of the people on this list.

Industrial cyber espionage

Let me get you started on industrial cyber espionage with a story about the hacking of the Hacking Team.

Industrial cyber espionage is a form of cyber espionage conducted against companies, as a rule, to obtain valuable information. Hacking Team is an Italian spyware and malware provider to governments and law enforcement agencies all around the world. In other words, it designs tools to spy on you. So, in my view, the hacking of the Hacking Team is the payload they totally deserved.

As a result of leaked data, some 400 gigabytes of internal data, including client files, contracts, emails, source code, research documents became publicly available. Though, as a rule, in case of industrial espionage, perpetrators either use the illegally obtained information for their own needs or sell it to someone.

The data leaked over the Internet indicates that Hacking Team dealt with oppressive nations such as Libya and Sudan. Very often cyber spying is practiced to obtain incriminating information with the intention to use it against the victim at the right moment.

You have probably heard about the Hillary Clinton email controversy that unfolded against the backdrop of the 2016 presidential election campaign. Hilary was an overwhelming favorite during the presidential race until WikiLeaks published nearly 2,100 emails sent from her family's private email server.

Her mailbox must have been hacked long before this data was leaked, when Hilary didn’t need the scandals, allegations and investigation initiated by the FBI. Such security oversight cost Clinton the Oval Office chair that was eventually overtaken by Donald Trump.

You will learn how to clear your mailbox and set up its comprehensive security in this course.

As corporate security is not covered by this course, we will give you a cursory glance at some general information about these solutions. An organization’s security is inseparable from its employees’ personal security and that’s what you are going to find about as you move through the course.