Skype monitoring, Gmail hacks, and fake iTunes updates: How 'spy agencies' track you

The private intelligence sector makes millions, if not billions year on year by selling its spy tracking software, secretive hardware, and phone tapping and computer hacking wares to state intelligence services.

Often sold to the highest bidder without consequences, these companies can support civil rights breaking governments, and be used by state agencies to spy on its own citizens.

One of these companies, the Gamma Group, which alleged links to the repressive Egyptian regime that was dismantled by the recent Arab Spring revolution, is one of many companies that offers states and governments this capability.

This gallery will show you exactly how the Gamma Group can infiltrate your hard drives, mobile phones and even your applications.

--
To read more about the private intelligence sector, and the recent video releases in the Wikileaks' 'Spy Files', click here.

Related:

• New Wikileaks files expose widespread mobile phone, email hacking capability
• U.S. judge upholds Twitter subpoena of Wikileaks’ followers
• Wikileaks suspends publication of secrets amid 'financial blockade'
• Wikileaks releases full unredacted cache of U.S. diplomatic cables

The Gamma Group has a variety of videos that demonstrate how it can monitor targets through a range of products.

The FinIntrusion Kit can, using public Wi-Fi, access usernames and passwords of targets checking email, logging into websites, social networks and forums.

It is not clear how this works, but one suspects it involves software-based deep-packet inspection, that can then be used to access the private data.

The software gives its headquarters access to all of the captured accounts.

FinSpy demonstrates how the 'target' can be having a Skype conversation, but allows its headquarters full access to the target's system. This includes the video camera if one is available, any chat messages that are sent and received.

Truecrypt, the popular open-source encryption software, is also used in this video. 

The software has keylogger capabilities. This allows the 'agent' to see the password that is being entered to encrypt the files, and file access gives the 'agent' access to the encrypted volume.

This then gives the headquarters access to any encrypted files the 'target' has.

FinSpy gives headquarters unlimited access to a mobile device. The 'target' receives a fake update message to his device. Should the user download the update, the software will be installed on the device.

Once the device is infected with the tracking software, the headquarters will be given full access to the smartphone, including messages and encrypted content.

While the 'target' in this video shows a BlackBerry being remotely accessed, other smartphones are affected, according to leaked documentation.

FinUSB Suite allows 'agents' to access computers through a USB drive ladened with the software. Provided the office or 'target' computer is vacated, the software can access the computer's files immediately after the USB drive is plugged in.

The employee "must wait until all data is transferred", before removing the device that contains a "silent copy of files".

Chat logs, browsing history and the contents of Windows' Recycle Bin are all copied over to the USB device. 

Headquarters can then "generate reports" based on the imported data, using specialist software.

FinFireWire allows the 'agent' to covertly unlock a password-protected computer. From here, the previously mentioned FinSpy can be installed on the target computer, giving headquarters full access to the infected machine.

FinFly USB allows broad snooping on a range of machines. The 'agent' can visit multiple Internet café's, and insert a USB drive on all machines.

If the 'target' uses one of the infected machines, all of their activity will be recorded, including Skype conversations. This is functionality that even the U.S. National Security Agency has reportedly had difficult with; intercepting the peer-to-peer infrastructure that Microsoft recently acquired.

FinFly LAN can inject downloads with spying software. If the 'target' is downloading files from the web, the 'agent' can run the software to discover the 'target' machine.

Because all the systems are connected via the same network, the 'agent' can inject FinSpy software in the download itself. This then gives the headquarters full access to the machine.

FinFly Web works by targeting Wi-Fi networks within the near vicinity. This requires use of a surveillance van or similar mobile equipment.

Headquarters can then exploit the 'target' by "infecting visited websites" with the tracking software.

Should the 'target' accept a popup, for example, this can lead to the silent installing of the FinSpy tracking software, giving headquarters full access to the infected computer.

Perhaps most ominous of all these tracking products, FinFly ISP would involve an 'agent' deploying the server into the core network.

This server can then be used to analyse traffic for "easy 'target' identification". It is thought that combined hardware and software efforts offer similar (or exact) functionality to deep packet inspection.

If the 'target' connects to the Internet through his infected ISP, the software can send a fake iTunes update to the target system. If the user accepts, then full access to the machine is given to the headquarters.