Boeing & Italian hackers create spy drones able to crack computers via WiFi

© Jim Young
A Boeing subsidiary and the Italian firm, Hacking Team, are working on a drone that will be capable of remotely delivering spyware to computers and smartphones via WiFi, email conversations published by Wikileaks reveal.

The emails from the Italian surveillance technology firm Hacking Team, recently revealed by Wikileaks, contained a roadmap including the list of all the company's on-going projects. One of these projects constitutes developing a device that could infect computers from a safe distance via WiFi, while being mounted on a drone.

The leaked emails set a number of goals for the project, including creating a miniaturized remote traffic interception device, which would be "ruggedized" and "transportable by drone."

The Hacking Team emails also reveal the spyware project was launched at the request of the American Insitu company, which specializes in production and operation of “unmanned aircraft systems (UAS),” i.e. drones. It’s behind spy drones such as the ScanEagle used by the military and government of the US and other countries.

Additionally, Insitu is a Boeing subsidiary enjoying full backing of the parent company.

READ MORE: Hacking Team leak: Dealings with UK police agencies, demo for Bangladeshi 'death squad'

"We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System. Additionally, if you have any more marketing material you are willing to share with us prior to meeting, please let us know," said an Insitu engineer in a leaked email addressed to the Hacking Team.

Another email reveals the Hacking Team plans to create such a device using a tactical network injector or TNI, which is a portable, often laptop based device used to plug into the targeted network and intercept the traffic each time an ordinary network user watches a video or downloads a file or a program. The device then injects malware and installs Hacking Team spyware.

READ MORE: Hackers hacked: Malware firm's data leaked, ties with regimes exposed

If Insitu and the Hacking Team succeed in developing such a spying software drone, their creation will be able to attack WiFi networks from above or at a long range and access files, record calls, chats, emails and any other information connected to the network users with the spying system operator being far away from the target.

"In many surveillance operations, physical access to target systems cannot be achieved and covert installation of a remote monitoring solution is required to be able to monitor a target. Network injectors provide a countrywide solution to this problem that can be integrated into a core network to install the remote monitoring solution on selected target systems,” states research by the University of Toronto Citizen Lab, as quoted by the Daily News and Research.

In other words, every ordinary user surfing the net while sitting in a café may end up being caught up in the tails of the spying system.

READ MORE: FBI, DEA, US Army bought spyware from hacked Italian company

However, the negotiations between the two companies were still at an early stage with the sides disputing non-disclosure agreements, so the bug planting drones probably won’t be hitting the surveillance market in the near future.

The Hacking Team, an Italian firm that gained infamy for selling hacking software to governments with controversial human rights records, was recently targeted by a hacking attack itself. This resulted in a 400-gigabyte leak of the company’s internal documents, including emails subsequently published by Wikileaks. These contained information about hacking drone technology.

Among other leaked files, a security company Trend Micro demonstrated spyware disguised as an Android app called “BeNews.” It can bypass Google Play’s app restrictions, thus being able to get into the Google Play store without alerting Google and then spy on smartphone users.