Malicious software bought by a London Police Officer can remotely hack users

One of the officers of UK’s Metropolitan Police Service was caught in possession of a malicious software used for infecting computers and smartphones after gaining physical access to them.

It’s unclear as of yet whether this software was bought for official or personal use, but it does raise a question that why would an MPS’s officer need to buy a malware that can do things like intercepting phone calls, turning on microphones and taking pictures remotely via the infected device’s camera. Especially if the use of this malware wasn’t allowed, which would make it illegal.

A visiting lecturer in surveillance law at Queen Mary University of London, Eric King, has said that the Met will need to explain why one of their officers had a FlexiSpy account, which is a rather specific brand of malware and is exactly the one that the officer purchased. King also stated that even the act of purchase of this tool is illegal, and is considered a criminal offense if it’s known that the software will be used for unlawful purposes. This is due to the fact that the use of this kind of malware would breach the Computer Misuse Act 1990, reports MotherBoard.

The company that sold the malware to this officer is called FlexiSpy, and they’ve been known to sell such software to everyday consumers on regular basis. This company was also recently attacked by a hacker that stole customer data, parts of credit card info, as well as company’s personal files. As you might have guessed, one of the customers’ email address and username belongs to the officer in question.

Once the malware that the officer purchased is installed on the device, it allows access to a lot of activity, including accessing Facebook, Skype, WhatsApp, phone calls, emails, GPS location and more. It’s a perfect spying tool, once you manage to install it somewhere.

The user has an online dashboard, and upon logging into it, they’ll have access to all the data that the malware managed to collect.

Since several officers share the same name, it’s not yet clear which one of them bought the software. One of the officers works with the Met’s High Tech Crime Unit, while the other one has a senior position and has worked on the London 2012 Olympics.

Still, the proof that one of the officers did buy the malware at least once is the sole fact that they have a username there since you can’t get one until you make a purchase. Not only that, but it’s confirmed that you need to pay for the malware in order to receive your username and password.

In addition to this, another Met email address that was dated back to 2014 was found among the stolen data, but the name isn’t included in the address and therefore it can’t be determined who does it belong to.

This isn’t the first time that the Met has faced hacking allegations since it was recently reported that UK’s police watchdog investigated the possibility of Met’s secret division that supposedly used Indian hackers to break into emails of activists and journalists. This was back in March, while in September 2013 the Met also shown interest in buying malware. That time, they told Italian surveillance company called Hacking Team that they’re ready to trial a hacking solution. Back then, though, they ended up not buying the software in question.

King also said that the law enforcement forces must come clean about these hacking operations if they wish to regain public acceptance or the situation won’t be different from the Police and public relations in the United States.

DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Related Posts