The existence of "Galileo" service for government that infects smartphones with malware and monitors personal behavior clearly

By infecting smartphones with malware, you can use GPS to locate where you are, remotely control microphones and cameras to grasp the surroundings, check calendar apps and Facebook content, steal e-mails Violent service to thoroughly monitor a specific individual "Galileo(Galileo) "is offered for government agencies in various countries. Furthermore, Galileo says that "I can not detect malware sent to smartphones with antivirus software".

The Solution
http://www.hackingteam.com/index.php/remote-control-system


HackingTeam 2.0: The Story Goes Mobile - Securelist
http://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile

Hacking Team's Tradecraft and Android Implant
https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/

Security software companyKaspersky LabAnd University of Toronto InstituteCitizen LabAnnounced a detailed report on the existence of the personal monitoring tool "Galileo" and how it is hacking smartphones.

Galileo is a company headquartered in Milan, ItalyHacking TeamIt is a service offered to governments of various countries as a smartphone monitoring tool using malware called Remote Control System (RCS). Malware used in RCS can see contents of mail / SNS of smartphone, surreptitious movie / eavesdropping by camera · microphone, these information are transmitted to Galileo server existing all over the world I will.

This is an error message returned from the server for Galileo of Hacking Team acquired by Kaspersky Lab. The character "Collector" after RCS means that Galileo means gathering information.


This is a map showing how many areas of Hacking Team's server for Galileo exist. You can see that it is scattered throughout the world, mainly in the USA · Europe.


A concrete breakdown is in this table, and the top number of servers for Galileo was confirmed at 64 units in the United States. Below, we will continue with Kazakhstan, Ecuador, UK, Canada, China.


Unfortunately it turned out that there was also one in Japan. In addition, some of these servers included WHOIS information and those whose owner was recognized as "government (government agency)".


As for the fact that Hacking Team's products are loaded with malware for smartphones, in 2014 Trojan horse type malware module was found in iOS · Android · Windows mobile · BrackBerry platforms. "It is easy to see that these malware modules all have the same config format, so it is easy to find out," Kaspersky Lab says.


The hacking that the malware module can execute on the iOS terminal released by Kaspersky Lab is as follows.
· Control of Wi-Fi · GPS · GPRS
· Voice recording
· Shot with camera
· Eavesdropping by microphone
· Recording keystrokes in the application

In addition, the information that can be peeped is as follows.
· Mail · SMS · MMS
· Cookie
· URL history
· Web page cache data
·Address book
· Call history
·Notepad
·calendar
· Clip board
· Application list
· Change SIM

Note that iOS terminals infected with malwareJailbreakAs limited to what was done, Galileo infects PCs and Macs in advance, it is possible to activate a jailbreak tool at the time the iOS terminal is connected, jailbreak and send malware .

And Android Malware ModuleDexGuardIt has been decrypted by disassembly and it was difficult to disassemble it, but we also know that you are accessing SNS information such as Facebook · Skype · Whatsup · Viber · Tencent · LINE.


When Citizen Lab published a report on Hacking Team in February 2014, the material of "RCS setup manual" was received anonymously. According to this, the system administrator is trained from the Hacking Team on Galileo's server management and network, and specialist analysts are supposed to analyze the data.


Since Hacking Team developed a spy tool that can be controlled remotely in 2001, Hacking Team has consistently claimed that it will not sell products to countries that are designated anti-government organizations or NATO blacklists, According to Citizen Lab, Morocco's citizen journalist group Mamfakinch by Galileo and TurkeyGohren movementIt was revealed that an American woman, who was critical of him, was targeted.