Have you ever wondered how does a government-sanctioned hacking actually work? Well, unless you are employed in a police department, or are a middleman who sells spyware software, or if you’ve worked in one of these companies, it is unlikely that you may have seen a live demo of how a spyware works.
However, a new 10-minute-video obtained by Motherboard, shows an Italian surveillance contractor called RCS Lab demo the hacking tool intended for use by police forces and government agencies. It also shows that the cops need very little technical knowledge to remove a scary level of information from a target’s computer.
The video shows off a software product from Italian firm RCS Labs called Mito3, which allows the RCS employee to set up these kinds of attacks with ease by just applying a rule in the software settings. RCS’s website explains this product as a “monitoring center” that “retrieves, decodes, processes and stores contents coming from virtually any kind of communication network.”
The RCS employee can select whatever site he or she wants to use as a vector, click on a dropdown menu and select “inject HTML” into an innocent-looking website. This then creates a malicious popup that prods the victim to download a Flash update. From there, the computer is hacked, even though a fake update appears to happen on screen to appease the user. Once the user downloads the fake update, he or she is infected with the spyware.
“All this installation process is, in reality, is completely a fake. It’s sort of a movie,” the RCS Lab employee says in the video. “Because in reality, at this point, he’s already infected.”
Mito3 allows the user easily hack a victim’s computer and gain access to the screen, intercept text messages, voice calls, video calls, social media activities, chats, microphone, webcam, and even GPS location. It even provides automatic transcription of the recordings, according to a confidential brochure obtained by Motherboard.
While the demo in the video doesn’t display any surprising hacking capabilities, it is the simple user interface and the speed at which it is done, which is shocking. Also, the video gives us an insight of how surveillance vendors try to sell their malware to governments around the world.