“Grey Heron” in the surveillance industry: Advanced Spyware products can spy on Signal and Telegram

According to securityaffairs and motherboard reports, a mysterious surveillance company named Grey Heron is promoting its spyware, claiming to be able to monitor Signal and Telegram communications. According to a survey conducted by Motherboard, the company and the Italian monitoring company Hacking Team should have some kind of connection, because, behind the Saudi government related investor support, the Hacking Team is still continuing to sell its spyware.

The development and sale of surveillance software is a profitable business. Many government agencies use spyware for different purposes. So in order to more clearly grasp the relationship between Grey Heron and these institutions, Motherboard conducted an in-depth investigation.

Motherboard learned from a Grey Heron brochure that Grey Heron’s mission is to provide law enforcement agencies with powerful tools to balance criminals’ capabilities. This brochure contains an Eric Rabe’s business card, Grey Heron’s marketing and communication methods.

The Force Behind Grey Heron

It is worth noting that Rabe is a longtime spokesman of the Italian monitoring company Hacking Team. Hacking Team is a monitoring company that sells spy products to other countries’ governments (such as Sudan, Ethiopia, Saudi Arabia and Bahrain, etc.). According to Motherboard’s survey, the Hacking Team hacker team is still active, thanks in part to an investor linked to the Saudi government .

Private Eye also revealed in a recent report that Grey Heron is based in Milan and briefly mentioned the relationship between Grey Heron and Rabe. In addition, Private Eye also believes that Grey Heron may have some connections with another British company of the same name (the company is managed by a former British military officer).

Grey Heron Spy Ability

In the brochure, Grey Heron promised to solve the same problems that other malware vendors pointed out, such as the proliferation of easy-to-use encryption technology. So how does Grey Heron deploy spyware to deal with these issues?

In general, Grey Heron is deployed in a number of different ways, including the use of vulnerability remote exploits or social engineering attacks to trick the target object into downloading software. The company provides functionality for Android and iOS devices, as well as OS X and Windows computers.

Grey Heron can collect data from Signal and Telegram. Although it is still unclear how to extract information from Signal, it is not common to mention Signal’s malware companies in marketing materials. In addition, Grey Heron also revealed that they target Skype and encrypted email.

Grey Heron is very interested in the European and North American markets, and Grey Heron has privately confirmed that the Italian government has allowed it to export its products throughout the EU.