Government Malware Company 'Grey Heron' Advertises Signal, Telegram Spyware

There's always a new player in the law enforcement hacking industry.

|
Mar 7 2018, 4:05pm

Image: Shutterstock

The government malware market is beyond saturated at this point, with myriad companies looking to sell mobile phone and computer monitoring software to authorities around the world, but still more firms are jumping into the industry.

Enter Grey Heron Technologies, a newly launched malware company that has started marketing itself to law enforcement agencies, and that unusually specifically points to Signal and Telegram as targets of its products.

“Grey Heron’s industry-leading software, like the bird itself, is graceful, swift and silent. Grey Heron’s solution can eliminate the criminal’s advantage,” a copy of a Grey Heron brochure, handed out during the closed-door UK Security & Policing event on Wednesday, and obtained by Motherboard, reads.

Security & Policing is an annual event run by the UK’s Home Office, where military, law enforcement, and surveillance contractors show their wares to potential customers. Media is not allowed to attend the event—Motherboard’s request for entry was denied.

Included with the brochure is a business card for Eric Rabe, marketing and communication for Grey Heron. Rabe has also been the longtime spokesperson for Hacking Team, which sold its products to, among other governments, Sudan, Ethiopia, Saudi Arabia, and Bahrain. As Motherboard recently reported, Hacking Team is still going, in part thanks to an investor linked to the Saudi government.

Rabe did not respond to an emailed request for comment.

Private Eye briefly highlighted Grey Heron in a recent report, mentioning, as well as the Rabe link, that the firm is based in Milan and may be linked to another company of the same name in the UK run by a former British army officer.

Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.

In the brochure, Grey Heron promises to solve the same sort of problem that other malware vendors point to: the proliferation of easy-to-use encryption, especially in consumer devices and services. A common way to circumvent end-to-end encryption is to target the end-point itself—the phone, the computer—to siphon messages before they are sent securely.

“Designed in the name of privacy, today’s communications network also provides a near perfect hiding place for the lawless. Criminals and terrorists can do their work without fear. No one can know who or even where they are,” the brochure reads.

Grey Heron’s malware can be deployed in a number of different ways, according to the brochure, including remotely via exploits, or social engineering attacks, likely by tricking a target into downloading the malicious piece of software. The company provides capabilities for Android and iOS devices, as well as OS X and Windows computers.

The brochure explicitly says Grey Heron can gather data from Signal and Telegram, two well-known apps that can send encrypted messages. The specifics of how it rips messages out from Signal are unclear, but a malware company specifically mentioning Signal in marketing material is uncommon. Grey Heron also says it targets Skype and encrypted email.

“Data can be managed to comply with all laws, regulations and court direction,” the brochure reads. Various countries have introduced legislation to more directly deal with the legality of law enforcement malware, some with restrictions on what can be obtained or what sort of warrant is required for different types of data.

“GreyHeron is coming soon…” the company’s website currently reads.

Update: This piece has been updated to emphasize that Grey Heron mentions Signal and Telegram in its marketing material.