{"id":9341,"date":"2017-09-18T08:59:32","date_gmt":"2017-09-18T16:59:32","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/18\/news-3114\/"},"modified":"2017-09-18T08:59:32","modified_gmt":"2017-09-18T16:59:32","slug":"news-3114","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/18\/news-3114\/","title":{"rendered":"Spyware Company That Said It Would Leave Spyware World Shows Up At Arms Fair"},"content":{"rendered":"<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Mon, 18 Sep 2017 13:00:00 +0000<\/strong><\/p>\n<p> In the unregulated, digital weapons gold rush, it looks like old habits die hard. <\/p>\n<p> Last year, Motherboard <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/d7ywvx\/leaked-catalog-weaponized-information-twitter-aglaya\">published some pages of a leaked catalog<\/a> offering governments sketchy services such as &#8220;weaponized information&#8221; to infiltrate, &#8220;ruse,&#8221; and &#8220;sting,&#8221; with the goal to discredit a target or a company\u2014basically astroturfing, disinformation campaigns. The catalog, prepared by the little-known Indian-based vendor Aglaya, also offered distributed denial-of-service or DDoS as a service, and a wide range of other more commonplace products such as computer and smartphone spyware, or <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/xyg5az\/list-of-unknown-software-bugs-a-hacking-contractor-aglaya-claimed-to-have\">alleged industrial control systems exploits<\/a>. <\/p>\n<p> <b> Read more: <\/b><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/jpgnnk\/the-forgotten-prisoner-of-a-spyware-deal-gone-wrong-5886b75d02fa7c45515d04e2\"><b> The Forgotten Prisoner of a Spyware Deal Gone Wrong<\/b><\/a><\/p>\n<p> When we exposed the catalog and inquired about it, Aglaya&#8217;s founder and CEO Ankur Srivastava had a puzzling response. These offerings, he said, don&#8217;t &#8220;represent the vision of our product portfolio.&#8221; Srivastava said the products were only a &#8220;custom proposal for one customer,&#8221; and not something that was advertised on the company&#8217;s site or actually sold to any customer. And, moreover, they were outdated information anyway, since &#8220;we are not a part of this market and unintentionally underwent a marketing event at the wrong trade-show,&#8221; Srivastava told me over email.<\/p>\n<p> And yet, one year later, Aglaya is advertising some of the same products at the arms fair <a href=\"https:\/\/www.dsei.co.uk\/#\/\" target=\"_blank\">Defence and Security Equipment International (DSEI)<\/a>, which closes on Friday in London. <\/p>\n<p> Independent investigative journalist Matt Kennard spotted Aglaya as he was walking the show&#8217;s aisles, peddling its wares with a big &#8220;CYBER WARFARE&#8221; sign in front of its booth with a camping chair and a few signs. <\/p>\n<div style=\"max-width: 550px;\" data-iframely-id=\"kDAdZm6\" class=\"article__embed article__embed--iframely\">\n<div style=\"left: 0; width: 100%; height: 0; position: relative; padding-bottom: 56.25%;\" data-iframely-smart-iframe=\"true\"><iframe  src= width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/div>\n<\/div>\n<p> Funnily, Aglaya was advertising a tool to detect cellphone tracking devices called &#8220;rouge [sic] base station catcher,&#8221; misspelling rogue. Last year, in my email correspondence with Srivastava, he also misspelled rogue the same exact way. <\/p>\n<p> In case you think this might be a different Aglaya, the address it advertised in the DSEI brochure (pictured below), is the same one that was included in another catalog <a href=\"https:\/\/www.scribd.com\/archive\/plans?doc=303849362&#038;escape=false&#038;metadata=%7B%22context%22%3A%22archive_view_restricted%22%2C%22page%22%3A%22read%22%2C%22action%22%3Afalse%2C%22logged_in%22%3Afalse%2C%22platform%22%3A%22web%22%7D\" target=\"_blank\">published online<\/a>. (DSEI did not respond to my request for comment via email on Aglaya&#8217;s presence at the fair.)<\/p>\n<div class=\"article__media--image\"><picture class=\"article__image\"><source media=\"(max-width: 25em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=400:*, https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=600:* 2x\"><source media=\"(max-width: 40.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=650:*, https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=975:* 2x\"><source media=\"(max-width: 53.125em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=850:*, https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=1275:* 2x\"><source media=\"(min-width: 53.125em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg?resize=941:*\"><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505958297-YtlXnj6e.jpeg\" alt=\"\"><\/picture><\/div>\n<p><\/p>\n<div class=\"article__media\">\n<div class=\"article__image-caption\">[A photo of the DSEI brochure. (Image: Matt Kennard)<\/div>\n<\/div>\n<div class=\"article__media--image\"><picture class=\"article__image\"><source media=\"(max-width: 25em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505982803-Screen-Shot-2017-09-15-at-111444-AM.png?resize=400:*, https:\/\/video-images.vice.com\/_uncategorized\/1505505982803-Screen-Shot-2017-09-15-at-111444-AM.png?resize=600:* 2x\"><source media=\"(max-width: 40.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505982803-Screen-Shot-2017-09-15-at-111444-AM.png?resize=650:*, https:\/\/video-images.vice.com\/_uncategorized\/1505505982803-Screen-Shot-2017-09-15-at-111444-AM.png?resize=975:* 2x\"><source media=\"(min-width: 40.625em)\" srcset=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505982803-Screen-Shot-2017-09-15-at-111444-AM.png?resize=696:*\"><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/_uncategorized\/1505505982803-Screen-Shot-2017-09-15-at-111444-AM.png\" alt=\"\"><\/picture><\/div>\n<div class=\"article__media\">\n<div class=\"article__image-caption\">A screenshot of an Aglaya brochure published online.<\/div>\n<\/div>\n<p> At this point, it&#8217;s unclear how successful Aglaya is in the crowded market of surveillance tech for governments, where well-known and long-established players like <a href=\"https:\/\/motherboard.vice.com\/en_us\/topic\/hacking-team\">Hacking Team<\/a>, <a href=\"https:\/\/motherboard.vice.com\/en_us\/topic\/FinFisher\">FinFisher<\/a>, and <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/nso-group-new-big-player-in-government-spyware\">NSO Group<\/a> compete with upstarts such as Aglaya, <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/kbyg7a\/government-spyware-maker-doxes-itself-by-linking-to-its-site-in-malware-code\">GR Sistemi<\/a>, <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/jpgnnk\/the-forgotten-prisoner-of-a-spyware-deal-gone-wrong-5886b75d02fa7c45515d04e2\">Wolf Intelligence<\/a>, or <a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/kb7njx\/rcs-lab-government-spyware-infects-a-computer-in-this-leaked-demo-video\">RCS Lab<\/a>. <\/p>\n<p> There is some evidence that Aglaya has some real products. <i> Forbes<\/i>&#8216; reporter Thomas Fox-Brewster and security researcher Morgan Marquis-Boire <a href=\"https:\/\/www.forbes.com\/sites\/thomasbrewster\/2017\/02\/16\/government-iphone-android-spyware-is-the-same-as-seedy-spouseware\/#708831f1455c\" target=\"_blank\">obtained<\/a> last year <a href=\"https:\/\/medium.com\/@headhntr\/cowboys-of-creepware-an-appendix-9ea2b3e877a\" target=\"_blank\">some samples<\/a> of Aglaya&#8217;s Android and BlackBerry malware. Moreover, the company has <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=aglaya.e96ssmshdplus&#038;hl=en\" target=\"_blank\">two<\/a> <a href=\"https:\/\/play.google.com\/store\/apps\/details?id=aglaya.e96securesmstrial\" target=\"_blank\">apps<\/a> that claim to offer secure encrypted chat on the Google Play store. <\/p>\n<p> No one knows, however, who its customers are. I tried to contact Srivastava but my email to him bounced back. <\/p>\n<p> <b> <i> Get six of our favorite Motherboard stories every day <\/i><\/b><a href=\"http:\/\/motherboard.club\/\" target=\"_blank\"><b> <i> by signing up for our newsletter.<\/i><\/b><\/a><\/p>\n<p><a href=\"https:\/\/motherboard.vice.com\/en_us\/article\/yw3ddx\/spyware-company-that-said-it-would-leave-spyware-world-shows-up-at-arms-fair\" target=\"bwo\" >https:\/\/motherboard.vice.com\/en_us\/rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/articles\/59bbf6eb5f493054030bd1f4\/lede\/1505506066715-DJhjMPxXgAAf8lM.jpeg\"\/><\/p>\n<p><strong>Credit to Author: Lorenzo Franceschi-Bicchierai| Date: Mon, 18 Sep 2017 13:00:00 +0000<\/strong><\/p>\n<p>Aglaya said it wasn&#8217;t interested in selling sketchy products to governments. Now, it&#8217;s advertising the same products at arms shows.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,13328,10378],"tags":[14850,4500,3919,10573,13560,5897,10443,4053],"class_list":["post-9341","post","type-post","status-publish","format-standard","hentry","category-independent","category-motherboard","category-security","tag-aglaya","tag-cybersecurity","tag-hacking","tag-infosec","tag-internet-insecurity","tag-privacy","tag-spyware","tag-surveillance"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9341","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9341"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9341\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9341"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}