Drones for deploying spyware envisioned by Hacking Team and Boeing Subsidiary

Government spies can attack your computer in many number of ways. However, a U.S. drone company is planning to offer them one more way. Insitu, a Boeing subsidiary was developing technology to be able to deliver spyware via drone.

The plan is illustrated in internal emails from the Italian company Hacking Team, which makes off-the-shelf software that can affect a suspect’s computer or smartphone from a distance, access files and record calls, emails, chats, and more. Earlier this month, a hacker attacked the Milan-based firm and released hundreds of gigabytes of company information online.

A summary of a meeting held in June of this year were among the emails that gives a “roadmap” of projects that Hacking Team’s engineers have started and are in progress.

On the list: Develop a way to infect computers via drone. One engineer is assigned the task of developing a “mini” infection device which could be “ruggedized” and “transportable by drone (!)” the write-up notes enthusiastically in Italian.

The request seems to have initiated with a question from the Washington-based Insitu that makes a range of unmanned systems, which includes the small ScanEagle surveillance drone that has been utilized by the militaries of the U.S. and other countries for a very long time. Insitu also promotes its drones for law enforcement.

This April, an Insitu engineer wrote to Hacking Team: “We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.” (Galileo is the name of the most recent version of Hacking Team’s spyware, known as Remote Control System.)

A Hacking Team account manager in an internal email recommends that they could do so using a “TNI,” or “tactical network injector.” A TNI is an easy to carry, mostly laptop-based, physical device, which an operator would use to plug into a network such as a coffee shop or an open wifi network in a hotel that their target may be using. When the targeted person uses the internet for some ordinary activity, like downloading an app or watching a video, the device interrupts that traffic (so long as it is not converted into a code) and administers the malicious code that installs Hacking Team’s spyware in a secret way.

Apparently, joining a small network injector to a drone would give the ability to attack wifi networks from a greater distance or from above. The target need not have to be physically near the system operator.

In recent years, the Hacking Team has gained bad reputation as digital security advocates and human rights found evidence of its spyware on the computers of political activists and journalists from Morocco, Ethiopia, and elsewhere. According to the Intercept reports last week, the leaked files affirms that Hacking Team sold the doubtful human rights records to many countries as well as to agencies in the U.S., where the use of such spyware is still the matter of legal debate.

Source: The Intercept