(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Leaked e-mails from the Italy-based computer and network surveillance company Hacking Team show that the company developed a piece of rugged hardware intended to attack computers and mobile devices via Wi-Fi. The capability, marketed as part of the company's Remote Control System Galileo, was shown off to defense companies at the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February, and it drew attention from a major defense contractor. But like all such collaborations, it may have gotten caught up in the companies' legal departments.

In an e-mail summarizing a meeting in January, co-founder Marco Valleri outlined the roadmap for a number of Hacking Team's platforms, including its "Tactical Network Injector" or TNI. This piece of hardware was designed to insert malicious code into Wi-Fi network communications, potentially acting as a malicious access point to launch exploits or man-in-the-middle attacks. The bullet points included the creation of a "mini-TNI" tasked to Hacking Team employee Andrea Di Pasquale:

  • Ruggedized
  • Transportable by a drone (!)

The mini-TNI, marketed at IDEX as "Galileo," drew the attention of a representative from Insitu, a subsidiary of Boeing that builds small unmanned aircraft systems including the ScanEagle and RQ-21A "Blackjack" UASs used by the US Navy. In early April, Giuseppe Venneri—an Insitu intern and a graduate student at University of California, Irvine—was tasked with contacting Hacking Team's key account manager Emad Shehata, following up on a meeting at IDEX. "We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System," Venneri wrote.

Read 6 remaining paragraphs | Comments


Security Intelligence (blog)

Online Community and Social Media Manager
Security Intelligence (blog)
That's precisely why we've developed The InfoSecond, a new weekly series dedicated to recapping the week's best stories in brief so you can be best prepared to tackle the myriad of challenges that could impact your enterprise each week. The series will ...


Continuing my diary entries on Sysinternals tools with VirusTotal support, I" />

And enable Check VirusTotal.com" />

With this option, autoruns will only submit hashes to VirusTotal. If a file is not known by VirusTotal, you wont have a score. But if you enable Submit Unknown Images too, then autoruns will submit (upload) files that are not in VirusTotals database, and you will have a score after VirusTotal finishes scanning the file (this takes a couple of minutes).

You have to agree to VirusTotal" />

And soon you" />

Sysinternals: http://technet.microsoft.com/en-us/sysinternals

VirusTotal: https://www.virustotal.com/

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status