remote control system v5.1

!"#$%"&'$(%!$)&*+*%"#&V5.1

,&*-./0-12&*345/6.78/9.:&*49-.;&<=6&,--/>?@AB2&CA<.>-@AB&

/A:&#=A@-=6@AB&'=;3D-.69&/A:&*;/6-31=A.9E&FD00&

@[email protected]>.&=A&-/6B.-&D9.69&.G.A&<=6&.A>643-.:&

>=;;DA@>/-@=A9 H*?43. IJI 9.>D6. 5.K ;/@0 .-> L>=;;DA@>/-@=A9&H*?43.2&IJI2&9.>D6.&5.K&;/@02&.->EL

M N@A>.AO.--@ N 8.:.9>1@

P

ME&N@A>.AO.--@2&NE&8.:.9>1@

555E1/>?@AB-./;E@-

Offensive security technology

RCS - Remote Control System -RCS - Remote Control System -

tool for Law Enforcement Agencies

David Vincenzetti

HT Srl - Italy

Q

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:T

UR&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:

VR&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:

WR&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:

Introduction

X

S ?@ %S/>?@AB&%./;

! S% *60 @9 / PYYZ C-/0@/A >=;3/A4 <=DA:.: @A QYYTK4 N/0.6@/A= 8.:.9>1@ /A: M/G@: N@A>[email protected]. K/>?.: @A QYYX K4 -5= C-/0@/A N' <DA:9N.A-D6.7K/>?.: @A QYYX K4 -5= C-/0@/A N' <DA:9

! %1. >=;3/A4 @9 /A />-@G. 30/4.6 @A -1. C% 9.>D6@-4;/6?.- /A: @- =<<.69 "-1@>/0 S/>?@AB H3.A-.9-L;/6?.- /A: @- =<<.69 "-1@>/0 S/>?@AB H3.A-.9-L9.6G@>.92 9.>D6@-4 -==09 /A: @[email protected]>. @A9-6D;.A-9<=6 B=G.6A;.A-/0 @A9-@-D-@=A9B

! S% 1/9 :.G.0=3.: / 1@B104 @AA=G/-@G. =<<.A9@G. C%9.>D6@-4 949-.; 51@>12 @A 93.>@<@> >@6>D;9-/A>.924 4 2 3 2/00=59 )/5 "A<=6>.;.A- ,B.A>@.9 -= /--/>? /A:>=A-6=0 -/6B.- I'9 from a remote location

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:[

\1 - - 00 1\1/-&/>-D/004&1/33.A9

! C% =<<.A9@G. 9.>D6@-4 6.36.9.A-9 / A.5 /A: 1@B104

@AA=G/-@G. -.>1A=0=B4

! C-]9 B6=5@AB G.64 </9- K.>/D9. =< 31.A=;.A/ 9D>1

/9 -.66=6@9;2 @A:D9-6@/0 .93@=A/B. /A: @A9@:.6 -6/:@AB

! ,:G/A>.: D9. =< -1. CA-.6A.- K4 -.66=6@9-9 ;/?.9

)",9 @A>6./9@AB04 A.6G=D9

" 0 -1 -@ 0 -1 < - : N CI! "^/;30._ -1. .^3=A.A-@/0 B6=5-1 =< .A>643-.: N=CI

>=;;DA@>/-@=A9 HSkype >0/@;9 TYY` ;@00@=A9 =<

D9.69L K4 6.9@:.A-@/0 /A: [email protected] D9.69 is aD9.69L K4 6.9@:.A-@/0 /A: [email protected] D9.692 is a

nightmare for LEAs

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:a

\1 - - 00 1\1/-&/>-D/004&1/33.A9

! C<b

! *?43. .A>643-9 =A0@A. >=AG.69/-@=A9 K4 :.</D0-

*? @ bi it H 1 K 0 -@! *?43. @9 ubiquitous H9/;. 31=A. AD;K.62 0=>/-@=A

@A:.3.A:.A-L

! *?43. @9 0@?.04 -= K. =A. =< -1. </G=D6@-. 5/49 =<43 4 4

>=;;DA@>/-@=A K4 -.>179/GG4 >6@;@A/09

! %1.AEEE

! Governments should use spyware-based wiretapping

technologies (that is, offensive technologies) to foil

tech-savvy criminals’ communicationsy

! H*=;. >[email protected] 9-@00 0/>? / 0/5 -1/- 5=D0: /00=5 -1.

/D-1=6@[email protected] -= 934 =A 9D93.>-.: >6@;@A/09 K4 9.>6.-04

@A9.6-@AB cremote forensic softwared @A-= -1.@6 >=;3D-.69L

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PY

@A9.6-@AB remote forensic software @A-= -1.@6 >=;3D-.69L

I/99@G.&;=A@-=6@AB&@9&

D9.0.99&/B/@A9-&;=9-&

.A>643-.:&>=;;DA@>/-@=A&

949-.;9&H9D>1&/9&*?43.L

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PPPPPP

4 H 43 L

$<<.A9@G.&9.>D6@-4&

;=A@-=6@AB&@9&1@B104&

.<<.>-@G.&=A&;=9-&

>=;;DA@>/-@=A&949-.;9

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PQPQ

4

$<<.A9@G.&9.>D6@-4&

;=A@-=6@AB&@9&1@B104&

.<<.>-@G.&=A&;=9-&

>=;;DA@>/-@=A&949-.;9

NYXEYaEQV&R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PTNYXEYaEQV&R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PTPT

4

\1 C% << @ @-\14&C%&=<<.A9@G.&9.>D6@-4

! '4K.6 93/>. @9 / G.64 /--6/>-@G. 30/>. <=6 >6@;@A/09_

C-]9 >1./32 eD@>? /A: ./94 -= />>.9932 e 4

! C% =<<.A9@G. 9.>D6@-4 949-.;9 >/A K.C% =<<.A9@G. 9.>D6@-4 949-.;9 >/A K.

>=;30.;.A-/64 -= ;=6. -6/:@-@=A/0 3/99@G. C%

;=A@-=6@AB 9=0D-@=A9

! J=G.6A;.A-9 A..: -= 1/G. K=-1 defensive /A:

offensive (IT) capabilities

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PU

C% << @ @-C%&=<<.A9@G.&9.>D6@-4

! $3.6/-@=A/0 9>.A/6@=9_

! c*-/A:/6:d >6@;@A/0 @AG.9-@B/-@=A H.G@:.A>.! *-/A:/6: >6@;@A/0 @AG.9-@B/-@=A H.G@:.A>.B/-1.6@ABL 3.6<=6;.: K4 J=G.6A;.A-/0$6B/A@O/-@=A9 9D>1 /9 I=0@>. /A: %/^ I=0@>.E

! [email protected]>. B/-1.6@AB />-@G@[email protected] 3.6<=6;.: K4*.>D6@-4 ,B.A>@.9 51.A >6/>?@AB :=5A*.>D6@-4 ,B.A>@.9 51.A >6/>?@AB7:=5A-.66=6@9; /A: 9.6@=D9 =6B/A@O.: >6@;.9E

! H'=63=6/-. 9>.A/6@=_ 51.A <@B1-@AB 51@-. >=00/6>6@;.92 CEIE -1.<-2 @A9@:.6 -6/:@ABL

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PV

! - ' - 0 * -!.;=-.&'=A-6=0&*49-.;

! Remote Control System is an IT stealth

investigative tool for LEAs (It is offensive securityinvestigative tool for LEAs. (It is offensive security

technology. It is spyware. It is a trojan horse. It is a

bug. It is a monitoring tool. It is an attack tool. It is a

tool for taking control of the endpoints, that is, the

PCs)

! C- 3.6;@-9 3/99@G. ;=A@-=6@AB /A: active >=A-6=0 =<

/00 :/-/ /A: 36=>.99.9 =A 9.0.>-.: -/6B.-

>=;3D-.69>=;3D-.69E

! *D>1 >=;3D-.69 ;@B1- =6 ;@B1- A=- K. >=AA.>-.: -=

-1. CA-.6A.-

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:PW

-1. CA-.6A.-E

Functionalities

PX

# @- @ : ) @#=A@-=6@AB&/A:&)=BB@AB&

Remote Control System >/A ;=A@-=6 /A: 0=B /A4/>-@=A 3.6<=6;.: K4 ;./A9 =< / personal computer

" \.K K6=59@AB" \.K K6=59@AB

" $3.A.:f'0=9.:fM.0.-.: <@0.9

" g.49-6=?.9 H/A4 h(C'$M" 0/ABD/B.L4 H 4 B B L

" I6@A-.: :=>D;.A-9

" '1/-2 .;/@02 @A9-/A- ;.99/B@AB

" !.;=-. ,D:@= *34

" '/;.6/ 9A/391=-9

" Skype HN=CIL >=AG.69/-@=A9" Skype HN=CIL >=AG.69/-@=A9

" b

R&S/>?@AB %./;

,00&!@B1-9&!.9.6G.:P[

I' 1@- -I'&/6>1@-.>-D6.9

! \@A:=59&iI

! \@A:=59&QYYT

! \@A:=59&N@9-/

jPYa #,' $*! jPYa_&#,'&$*

! jUYa_&)@AD^

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:Pa

# @- @ : ) @

Remote Control System >/A ;=A@-=6 /A: 0=B /A4

#=A@-=6@AB&/A:&)=BB@AB&

Remote Control System >/A ;=A@-=6 /A: 0=B /A4/>-@=A 3.6<=6;.: K4 ;./A9 =< / smartphone

" '/00 1@9-=644

" ,::6.99 K==?

" '/0.A:/6

" ";/@0 ;.99/B.9

" '1/-fC# ;.99/B.9

" *#*f##* @A-.6>.3-@=A" *#*f##* @A-.6>.3-@=A

" )=>/0@O/-@=A H>.00 9@BA/0 @A<=2 JI* @A<=L

" !.;=-. ,D:@= *3434

" '/;.6/ 9A/391=-9

" N=@>. >/009 @A-.6>.3-@=A

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QYR&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QY

" b

* - 1 1@- -*;/6-31=A.9&/6>1@-.>-D6.9

! \@A:=59&#=K@0.&V

! \@A:=59&#=K@0.&W

! jPYa_&@I1=A.

jUYa !C#f80 ?8! jUYa_&!C#f80/>?8.664

! jUYa_&*4;K@/A4

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QP

C @ @K@0@-CAG@9@K@0@-4

! ,00=59 ;=A@-=6@AB H/00L I' D9.6]9 />-@G@[email protected]

! ,<-.6 -1. @A9-/00/-@=A2 !.;=-. '=A-6=0 *49-.; >/AA=-K : - - : K K : -K. :.-.>-.: K4 /A4 KDBB.: >=;3D-.6 D9.6

" "^@9-@AB <@0.9 /6. A=- ;=:@<@.:

" (= A.5 <@0.9 /33./6 =A -1. >=;3D-.6]9 1/6: :@9?" (= A.5 <@0.9 /33./6 =A -1. >=;3D-.6 9 1/6: :@9?

" (= A.5 36=>.99.9 /6. .^.>D-.:

" (= A.5 A.-5=6? >=AA.>-@=A9 /6. .9-/K0@91.:

" Antivirus, antispyware, anti-key-loggers cannotdetect our bug! E g Gartner Endpoint Security Magic Quadrant! E.g., Gartner Endpoint Security Magic Quadrant

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QQ

F0 @K@0@-F0.^@K@0@-4

" J=.9 K.4=A: 0=BB@AB /A: ;=A@-=6@AB

" ,00=59 3.6<=6;@AB />-@=A9 =A / KDBB.:

>=;3D-.6

!*./6>1 /A: [email protected] :/-/ =A -1. 1/6: :@9?

!"^.>D-. >=;;/A:9 6.;=-.04

!I=99@K04 ;=:@<4 1/6: :@9? >=A-.A-9

!Trigger actions in response to events

k *-/6- 9.A:@AB :/-/ =A04 51.A -1. 9>6..A9/G.6

@9 />-@ . 6.;= . @-9.0< =A / 36.>=A<@B 6.:@9 />[email protected] 6.;=G. @-9.0< =A / 36.>=A<@BD6.:

:/-.2 .->E

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QT

,-- ?fC < -@ -,--/>?fCA<.>-@=A&G.>-=69

! !.;=-.&'=A-6=0&*49-.;&@9&9=<-5/6.2&A=-&/&

3149@>/0&:.G@>.

" \1@>1&>/A&K.&@A9-/00.:&remotely

!'=;3D-.6&>/A&K.&KDBB.:&K4&;./A9&=<&9.G.6/0&3 BB 4

@A<.>-@=A&G.>-=69

[email protected]>.&@A<=6;/-@=A&/K=D-&6.;=-.&-/6B.-&

;/A:/-=64

"b&KD- local @A9-/00/-@=A 6.;/@A9&/&&=3-@=A

!h9D/004&G.64&.<<.>-@G.

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QU

! - @ - 00 -@!.;=-.&@A9-/00/-@=A

! !.;=-.&@A<.>-@=A&G.>-=69

" "^.>D-/K0.&;.0-@AB&-==0

" S%%I&CAl.>-@=A&I6=^4

" S%&m.6=7:/4&"^30=@-9&0@K6/64&H0@K6/64&@9&

c@A:@6.>-04d />>.99.: K4 >D9-=;.6L@A:@6.>-04 &/>>.99.:&K4&>D9-=;.6L

" S%&>=A9D0-/A>4_&/A=A4;=D9&/--/>?&

9>.A/6@= /A/049@9 /--/>? >==?K==?9>.A/6@=&/A/049@92&/--/>?&>==?K==?

!"EBE2&#=G@AB&-/6B.-&D9@AB&*?43.

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QV

) 0 H 1 @ 0L @ - 00 -@)=>/0&H3149@>/0L&@A9-/00/-@=A

! )=>/0&@A<.>-@=A&G.>-=69

" H8==-/K0.L 'M7!$#" H8==-/K0.L&'M7!$#

" H8==-/K0.f,D-=6DAL&h*8&3.A&:6@G.

M@ - 1 : :@ ? @ < -@ K <" M@6.>-&1/6:&:@9?&@A<.>-@=A&K4&;./A9&=<&

-/;3.6@AB&5@-1&>=;3D-.6&>/9.

" [email protected]/6.&I=6-fI'#'C,&/--/>?9

" S%&>=A9D0-/A>4_&/A=A4;=D9&/--/>?&4 4

9>.A/6@=&/A/049@92&/--/>?&>==?K==?

!"EBE2&CA-.6A.-&'/<n&D9@AB&M..3F6..O.! B 2 -. .- '/ n D9 B ..3 .. .

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QW

' @-@ 0 @'6@-@>/0&@99D.9

!.;=-.&'=A-6=0&*49-.;&>=D0:&A=-&5=6?&

5@-1=D-&-1.&<=00=5@AB&<./-D6.9

1. Invisibility2&/-&949-.;&/A:&A.-5=6?&0.G.0

2 Flexibility Hevent-based logicL2. Flexibility Hevent-based logicL

TE CA<.>-@=A&>/3/K@0@[email protected]&Hattack vectorsL

! K - o * 0 K@0@- HK @ : KUE !=KD9-A.99&o&*>/0/K@0@-4&HK.@AB&D9.:&K4&

;/A4&>[email protected]&@A&6./0&9.>D6@-4&9>.A/6@=9L

5. Centralized management of unlimited

HETEROGENEUS targets

R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:QX

www.hackingteam.itg

Q[R&S/>?@AB&%./;

,00&!@B1-9&!.9.6G.:

remote control system v5.1

Documents