About Government Malware

this scripts is long, confused and full of notes, links and questions, if you have the coffee on, it is better to stop it. This work was hard and we hope you like it.

We are talking about malware, offensive security and the attempt to legalize this institutional malware.

Shall we to start?

As we like to touch with our hands the stuff about what we talk about, we got one of this "malware" and we start do create a documentation about the setup of this. For everybody who wants to get hands dirty with us.

Then we get infected voluntarily using a device with his malware in order to study it closer, understanding how it works and which bugs may have.

Last, as many and many people are trying to create some rule and law about this very dangerous stuff we need strong guarantees in order to not accused of some false data gathered from our devices1, we have tried to generate some fake proof in order to understand how reliable are this gov-malware.

The conclusion we got is that there is no way to be sure technically that the evidence are real

We documented all the steps in a detail post, here instead, we want to analyze the ongoing proposal to legalize this malwares.

They're into my pc

the concrete threat about the abuse of this very powerful tool move us to bring some lights on this foggy situation.

We are not law maker, but seems the malware in italy are already regulated. The crime is well now for hacker like us, 615-ter C.P. aka "Abusive Access into a System device" which shows also a specific part if the crime is done by an official.

But, the fact this tools are daily used from the police as investigation tool and nobody is showing any problem about that, is the demonstration about how a law is a perfect repressive tools, but is not working very well as justice and social tool. Which Police station will investigate about their own investigation tools ?

What we are trying to do for the future is to try to avoid that our (and yours) devices will spy us. Then, We would like spread some good security pratice in order to avoid to get infected from this and other trojans: we will surely need help because we know that won't be not exactly easy.

Regulating armed tanks: ddl malware

how do you explain the use of a tank ? We just need to talk about terrorism, about pedoporn? We just need to talk shit about some politician? Or maybe act against some big national operation ? We feel absolutely NOT protected from the italian law to regulate malware written and showed by "Civici Innovatori" (law:Quintarelli) which show a lot of issues; we just stopped a second reading tecnical operative law proposal2 how to rule and limit this and we discover they are trying to create similitudes with the malware functionality and the some regulated police pratice, like: tag after someone, intercept location data or real confiscation of the data into a device.

Trying to create similitudes between classic pratice and malware features it's absurd from every point of view and for every kind of justice act you may consider:


during our experiment we notice that the input of this 'objects' are considered trusted (not modified by the user), which is clearly erroneous. What may happen if a skype username is AAAA' DROP ALL TABLES--? and if it's length is 10million chars? And what if instead of an image we put something different and the malware breaks ? (yes it broke very badly). How the law will consider this social behaviour? self-defense? evidence occultation?

What we want

For us this 'objects' can't be regulated. For us there's a danger hidden into the secret action of the government over the citizen and this danger is way more unsafe than any other threats, fullstop.

We want to know all, not just the stats about how many malware are sold or exported (as recently requested by Hermes to the italian government), but we want to know specifically how exactly are used these new surveillance technique, like IMSI-Catcher or Government Malware and how many of them are used

If someone want to tell us, fell free to write us an email:

Underscore _TO* Hacklab // underscore chiocciola autistici.org
Key fingerprint = 5DAC 477D 5441 B7A1 5ACB F680 BBEB 4DD3 9AC6 CCA9
gpg2 --recv-keys 0x9AC6CCA9

Related Post