
Spying tools website taken down after UK raids - LinuxBender
https://www.bbc.com/news/technology-50601905
======
Rotten194
For people who believe the marketing: why would a legitimate sysadmin tool
include a cryptocurrency miner and a feature to turn off the webcam indicator
light?

This was used to exploit people, plain and simple. While I don't think blanket
arresting people who downloaded it is reasonable (someone may have fallen for
the marketing and used it for legit reasons), shutting down the C&C servers to
disable it from working and _aiding in exploitation & blackmail_ is a net
good.

~~~
scoot
> a feature to turn off the webcam indicator light

I naively always assumed that a webcam indicator light was hard wired to turn
on when the camera was in use. If it isn't, why on earth not?

~~~
__jal
Older Macs had the indicator light hardwired. I don't know if they still do.

> If it isn't, why on earth not?

The same reason for nearly every other design defect in retail-grade hardware:
cost vs. margins.

~~~
autoexec
I guess it depends on your idea of what an "older" mac is:

[https://arstechnica.com/information-
technology/2013/12/perv-...](https://arstechnica.com/information-
technology/2013/12/perv-utopia-light-on-macbook-webcams-can-be-bypassed/)

------
nested_callback
For the people that think this is legitimate software, this is not legitimate
software. It is sold and encouraged as malware, used to blackmail girls
(barely women) - that's what "cam capture" is for - keylogger, general
malware, backconnect proxy, auto-start and persistence.

See [https://unit42.paloaltonetworks.com/imminent-monitor-a-
rat-d...](https://unit42.paloaltonetworks.com/imminent-monitor-a-rat-down-
under/) for more details and screenshots/quotes of posts by the creator of the
tool.

This is _not_ for server administration.

This is _not_ like PuTTY or Remote Desktop. This is like Blackshades or Orcus.
It is malicious, only sold for malicious usage.

~~~
jascii
I don't think anyone seriously doubts the intended, arguable unethical, use of
IM-RAT. The question is whether authoring and or selling these tools is or
should be illegal. I'd argue that would set a dangerous precedent allowing
governments to go after any security researchers whenever they feel it
convenient to do so.

~~~
nested_callback
I mean, there's probably more than enough intent here for prosecution. There's
a fairly significant difference in selling a RAT that does remote
administration, and selling a RAT that includes bulletpoint features to evade
antivirus detection, persist through removals, and other features explicitly
against the wishes of the device owner while the author actively and
exclusively only advertises on script-kiddie forums and provides advice and
encouragement of malicious infections.

I don't think I've ever seen people gone after for the former, even when it's
been abused by miscreants.

At least in the US, people already "go after" security researchers all the
time (at least the companies not smart enough to realise just how much a well
meaning email can save them).

~~~
dang
Your comments in this thread are fine and welcome, but trollish usernames are
not ok. They troll every thread the account posts to:
[https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...](https://hn.algolia.com/?dateRange=all&page=0&prefix=true&query=by%3Adang%20trollish%20username&sort=byDate&type=comment).

Do you mind picking a non-trollish username and letting us rename it for you?

~~~
nested_callback
Sure. My apologies, didn't mean to offend - came from reddit. I'll take
'nested_callback' if it's available.

~~~
dang
Ok, you are no longer EAT_ASS. You are now
[https://news.ycombinator.com/user?id=nested_callback](https://news.ycombinator.com/user?id=nested_callback).

------
pbhjpbhj
>By seizing control of the website, police will have been able to "take a good
look at what the site has been up to, including who has bought the illegal
items", said Prof Alan Woodward, a cyber-security expert from the University
of Surrey. //

When did the law pass making owning software illegal, as opposed to using it
for nefarious means? (Last time I looked CMA required use.)

Anyone have details of the exact charge?

~~~
moksly
It’s not a U.K. thing it’s an Europol thing:

[https://www.europol.europa.eu/newsroom/news/international-
cr...](https://www.europol.europa.eu/newsroom/news/international-crackdown-
rat-spyware-which-takes-total-control-of-victims’-pcs)

No idea what law it breaks, but apparently the developer of a similar Trojan
got 30 months in prison in a similar case:
[https://thehackernews.com/2018/10/hacking-tool-
luminositylin...](https://thehackernews.com/2018/10/hacking-tool-
luminositylink.html?m=1)

I’m sure glad that wasn’t a thing when I was a teenager and cult of the dead
cow was cool.

~~~
omginternets
>It’s not a U.K. thing it’s an Europol thing

I really don't mean to flame-bait, but I've noticed HN has a mild pro-EU/anti-
Brexit bias, so I would be remiss if I didn't draw attention to the fact that
this is part of what Brexiteers are against.

Here we (apparently) have a case in which the law of the land is at odds with
EU regulation. I leave it as an exercise to the reader to research how EU
regulations are drafted and ratified.

Disclaimer: I'm a remoaner, but I'm also trying to understand just WTF is
going on.

~~~
dfawcus
I'm not aware of any EU regulations relating to computer "misuse".

Also AFAIK Europol is a co-operation facility, not a front line policing
organisation. It is a means by which the member states co-operate and share
intelligence, but not (yet) a source of rules and regulations.

Also the UK relations to Europol is a a bit freestanding, and we opted out of
the Justice and Home Affairs stuff, then asked to opt back in to making use of
Europol.

------
jascii
An article with a bit more details:
[https://www.bleepingcomputer.com/news/security/law-
enforceme...](https://www.bleepingcomputer.com/news/security/law-enforcement-
shuts-down-imminent-monitor-malware-makes-arrests/)

From what I gleaned from that article, IM-RAT was publicly marketed as a
remote management tool.

The article further states: "With the amount of reports of this tool being
used for malware and the discussion on illegal forums, it would be very hard
for the developer to argue that he did not know how the software was being
used."

This seems pretty thin. Would the authors of say nmap be liable because people
can/do use it for illegal purposes?

Assuming judges signed of on the raids and domain seizure, I sure hope there
was evidence of actual criminal activity beyond what is mentioned in the
media.

~~~
rhizome
> _Would the authors of say nmap be liable because people can /do use it for
> illegal purposes?_

Don't give them any ideas.

------
atypeoferror
What's amusing about all this is companies that offer the exact same services
to state or corporate clients are allowed to operate with impunity.

e.g.

\- Zerodium - [https://zerodium.com](https://zerodium.com)

\- Exodus Intelligence -
[https://www.exodusintel.com](https://www.exodusintel.com)

\- Hacking Team -
[https://en.wikipedia.org/wiki/Hacking_Team](https://en.wikipedia.org/wiki/Hacking_Team)
(now dead due to the actions of a very skilled gray hat)

------
rahuldottech
A snapshot of the website from October:
[https://web.archive.org/web/20191012003358/https://imminentm...](https://web.archive.org/web/20191012003358/https://imminentmethods.net/)

What it looks like now:
[https://imminentmethods.net/](https://imminentmethods.net/)

Their YouTube channel is still up:
[https://www.youtube.com/channel/UCRgeFHip2Iz97P25_qGkPfw/fee...](https://www.youtube.com/channel/UCRgeFHip2Iz97P25_qGkPfw/feed)

As is their Twitter account:
[https://twitter.com/imminentmethods](https://twitter.com/imminentmethods)

From what I can tell, this is just server administration software, but I
haven't taken a close look.

Edit: Yeah, apparently it was just disguised as that.

~~~
michaelt
People have been calling trojan horses "administration software" since at
least Back Orifice in 1998 - probably before.

This is "administration software" in the same way the cannabis-leaf-engraved
glass smoking pipes sold in your local weed shop are "for tobacco use only"

------
mirimir
Why the bloody hell would a firm selling this stuff commercially be so easy to
track down and take down?

I can't imagine how people are so clueless.

I mean, is it like "Sure, we're doing iffy stuff, but it's all in good fun, so
why would anyone ever bother _us_?"

------
MercuryRising13
Wow,about time they started taking down those sites. No only if other places
would as well.

------
blowski
What was the software really used for? Did it have a valid use case?

~~~
dylz
This looks like bog standard RAT software. I don't imagine any legitimate or
valid use cases. Nothing special or unique as far as I can tell?

~~~
jascii
Remote Access Tools have lots of legitimate use cases: I'm ssh'd into 3
servers as type this..

~~~
nested_callback
Your ssh client supports binary re-packing to evade antiviruses, hidden monero
mining, and webcam and microphone capture to hidden file with "methods to
disable the camera LED"?

~~~
jascii
Lol, yes, I could do any of those things if I chose to do so.. Should ssh be
illegal? Or shall we stick with the principal that "commiting crimes" is
illegal, not "producing tools that _can_ be used to commit a crime"?

For what it's worth: "methods to disable the camera LED" was not a feature,
that functionality was provided by an external plugin.

~~~
Quarrelsome
what if pretty much ALL your customers are criminals? That near enough the
line for you yet? The moment you add that requested feature to disable the
recording light on the camera of the targeted laptop. is that over the line
yet?

How about if your customers request a function that encrypts the root C:\ and
puts up a message with a linked bitcoin address? We still on plausible
deniability?

~~~
jascii
Please stop the "what if's". They are speculation and have no relevance to the
available information about this case.

For me personally, the line of what constitutes ethical behaviour has been
long passed by the authors of this tool. That is however completely
irrelevant, the question is whether they acted illegally. I have a hard time
seeing that based on the information available in the media.

------
stebann
Good job UK

------
dk3
Are they going to shut down Github next?

~~~
Quarrelsome
I'm assuming these people were offering product and service as opposed to
code.

Here's the old scrap of the site:
[https://web.archive.org/web/20191012003358/https://imminentm...](https://web.archive.org/web/20191012003358/https://imminentmethods.net/)

Bung some code whereever but make profit and market it and you've crossed a
line.

------
sschueller
So is the UK going to go after gun sellers and makers as well?

~~~
pjc50
Bad analogy in the UK where handguns are entirely illegal and all other
firearms are subject to licensing.

~~~
2038AD
>where handguns are entirely illegal

Handguns aren't _entirely_ illegal in the UK. If I'm not mistaken then,
roughly speaking, what the law prohibits is rifles below a certain size. In
the UK it is possible, for example, to legally own long-barrelled pistols and
old flintlock pistols. Another caveat is that the ban doesn't apply in
Northern Ireland.

I don't think this really detracts from your point at all.

~~~
matthewheath
The full criteria on what makes a weapon illegal to possess can be found at
[http://www.legislation.gov.uk/ukpga/1968/27/section/5](http://www.legislation.gov.uk/ukpga/1968/27/section/5).

The law mostly concerns itself with the length of the barrel, the firing
mechanism, and the ammo cartridge size, as well as the ability to discharge
noxious substances.

~~~
2038AD
thanks!

