The Hacking Suite For Governmental Interception

Which are todays challenges? Encryption Cloud Mobility

The pain: the impact of encryption on Law Enforcement and National Security FBI - Statement Before the House Oversight The evolution of technology is creating new challenges for law enforcement and our ability to access communications. We call it “Going Dark,” and it means that those charged with protecting the American people aren’t always able to access the information necessary to prosecute criminals and prevent terrorism even though we have lawful authority to do so. To be clear, we obtain the proper legal authority to intercept and access communications and information, but we increasingly lack the technical ability to do so. This problem is broader and more extensive than just encryption. But, for purposes of my testimony today, I will focus on the challenges we face based on the evolving use of encryption Amy Hess, FBI, April 29, 2015 Federal Bureau of Investigation

Obama: Police and spies should not be locked out of encrypted smartphones and messaging apps.... Jan 16, 2015 Cameron: We should try to avoid the safe havens that could otherwise be created for terrorists to talk to each other.

“We have to focus on the Internet and social networks, which are more than ever used to recruit, organize and disseminate technical knowhow to commit terrorist acts.... We must go further.” PM Manuel Valls, Address to French Parliament, Jan. 13, 2014

The pendulum has “swung too far” against the government. FBI Director James Comey, Oct. 16, 2014

“We shouldn't give in to scare-mongering or to people who fundamentally don’t understand the details...” CEO Tim Cook, Nov. 3, 2014

“None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn't give it up. The Telegraph, Feb. 28, 2015 “I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.” Letter to Customers

...protected by end-to-end encryption across all your devices...

“We continue our ongoing efforts to encrypt all Google products and services.” The Intercept

Encryption. Noise. Mobility. Make Law Enforcement and Security Agency blind.

How can we solve this? From the device.

RCS infrastructure

You work on the device. Bypass encryption See what the suspect sees Follow your suspect

Which data can you collect?

Microphone Messaging Documents Passwords Calls Location Camera snapshots Keystrokes Visited websites Screenshots And more …

Where can you run it?

How can you deploy it?

When the target opens a document While the target browses the web Exploit Delivery Service Secure and always up to date

Inject into downloaded applications Inject into video streaming websites Bob’s laptop Web site Internet Network Injector

Send your target a SMS QR Code Web link

Different vectors for different scenarios

Don’t forget social engineering

You get more than just plain evidence.

Target-centric solution (Evidences collection)

Target-centric Intelligence

Intelligence (Correlations between targets)

Skype and Voice Recording Evidences

Chats and Messages App Evidences

Social Media Evidences

Bitcoins Evidences

Webcam and Camera Evidences

Screenshots Evidences

Mouse Clicks Evidences

Easy configuration of Agents

Event / Action configuration

Master-Slave (Master Nodes, Collectors, Anonimyzers)