Nicaragua strategic falldown

Nicaragua on the Brink, Once Again By Jon Lee Anderson


Situation in Nicaragua is getting hot.
Violence escalate very quickly and internationally nobody is talking about.
Happen all suddenly, strategically, like the Honduras experiment 1 year ago*

All started with the fire, A fire(1) and a tweet(2)

The fire starts in the forest North of Managua, the capital. Government just ignored the green burning zone and the problem exploded affecting the province and the locals ‘capesinos’ who organize themselves in autonomy to stop the fire and fight back the lack of responsibility promoting a protest in the center of Managua

During the same period of time, April 2018, a tweet account (@SOSINSS) is created with this first tweet

The tweet account was against the reform of INSS is the social insurance in Nicaragua, the government in April approved the law to cut the public social insurance and cut off the pension. Protest in all the country started, violence escalated quickly and someone use this as an advantage from it.

1. the twitter account is anonymous
2. the number of followers increased quickly to ~2000 users
3. tweet directly accused the government bringing real-life-case of people died because of Social Insurance injustice

So, what happen next? After 1 Month of increasing protest and violence Ortega revoked the Social Insurance law, but the protest continues. Now violence seems is stopping, just peaceful protests,occupied university, but it’s still not clear who is behind that explosion of violence and if the some groups are organizing against the Nicaragua government. Ortega is ill (cancer) and have no interest to bring the power with him, but has interest in keeping this power, CIA is working expand American colonization, Nica people is fighting to get democracy (whatever this mean)

So who is taking advantage from this situation ?


From my point of view, is quite clear there is some interest from USA to get Nicaragua back to their side, for commercial, economical and strategic reason Nicaragua is getting important like Panama to let pass or not *a lot* of resources. But Nicaragua is not cooperating instead is closing the border and requiring a Visa to anyone who want to cross the country.

In Honduras happened the same, one year ago there was an natural disaster USA sent some helps and strategically took to protection Honduras creating a direct dependency which now let Honduras in huge need now that USA recently cut off the economical helps what do you think may happen to these state with political instability when some big powerful state offer his protection?


for more info about the situation in Nicaragua you can read this article from Crimethinc: Different Currents in the Nicaraguan Insurrection

About Government Trojan

This scripts is long, full of notes, links and open questions, you may consider to stop the kettle, having your coffee and  get ready before to start to read this.

Have a deep breath and consider what you are about to read is not easy. This work was hard debugging a malware is not easy and we hope you like it.

We are talking about Malware, offensive security and the attempt to legalize it in Italy or everywhere you are free to read this and to forward it to Government and Institutions.


Malware codename: Galileo from HackedTeam


Shall we begin?

As we like to touch with our hands the stuff about what we talk about, we got one of this “malware” and we start do create a documentation about the setup of this. For everybody who wants to get hands dirty with us.

Then we get infected voluntarily using a device with his malware in order to study it closer, understanding how it works and which bugs may have.

Last, as many and many people are trying to create some rule and law about this very dangerous stuff we need strong guarantees in order to not accused of some false data gathered from our devices, we have tried to generate some fake proof in order to understand how reliable are this gov-malware.

The conclusion we got is that there is no way to be sure technically that the evidence are real!

We documented all the steps in a detail post, but here we want to analyze the ongoing proposal to legalize this malware.

They’re into my pc!

The concrete threat about the abuse of this very powerful tool move us to bring some lights on this foggy situation.

We are not law maker, but seems the malware in Italy are already regulated. This kind of crime is very well now for hacker like us, codename: 615-ter C.P. aka “Abusive Access into a System device” which show also a specific part if the crime is done by an official, yes a policeman.

But the fact this tools are daily used from the police as investigation tool and nobody is showing any problem about that demonstrate how this law is a perfect repressive tools, but is not working very well as justice and social tool.. Which Police station will investigate about their own investigation tools ? Who watch the watchmen?

What we are trying to do for the future is to try to avoid that our (and yours) devices will spy us. Then, We would like spread some good security practice in order to avoid to get infected from this and other Trojans: we will surely need help because we know that won’t be not exactly easy and technology changes everyday.

Regulating armed tanks: Law Proposal Legalizing Malware

How do you explain to some politicians how to use a tank ? How you force them to legalize it ? Nneed to talk about terrorism, about pedoporn? Need to talk shit about some other politician? Or maybe act against some big national operation ? We feel absolutely NOT protected from the Italian law to regulate malware written and showed by “Cicvics and Innovators – Quintarelli Law” (Civici Innovatori – legge Quintarelli) which show a lot of issues; we just stopped a second reading this technical operative law proposal how to rule and limit this and we discover they are trying to create similitude with the malware functionality and the some regulated police practice, like: tag after someone, intercept location data or real confiscation of the data into a device.

Trying to create similitude between classic practice and malware features it’s absurd from every point of view and for every kind of of justice act you may consider:

  • compare a confiscation to a remote file acquisition of a device is ridiculous. During a confiscation there’s the presence of the person investigated which can verify what is happening, can request the presence of a lawyer and at the end should receive a list of the confiscated material. We can’t imagine how this can be possible during a remote confiscation using a malware.
  • A real confiscation aim to cut off the availability of a specific tool, like a gun.
    The malware doesn’t cut off any availability, because is not made for this.
  • Compare the GPS tracking of a real tagging is ridiculous. Get the digital data and easy to be analyzed from invasive algorithm is not comparable to a real shadowing, the quality of the data is completely another level.
  • But most of all there’s a quantitative question about costs: do a shadowing from the police desk to 1000 people doesn’t have the same cost to do it for real, it’s clear that if yesterday doing a shadowing was a matter of time and money, but now, with a malware all you need is just to focus click and press a button. The consequences of this is quite obvious. Just trying to imagine that this two operations are the same is quite ridiculous.
  • Then we start from the idea that a device is owned by the person investigated, but this is not always true. For example all the “public” device, the internet point, the libraries, the university. Reading the email from an internet point tapped where a person under surveillance used the pc before of us, bring us a risk because the pc is bugged (so is an infected pc) our email will go to the police. Even if we with a used device, our email will be delivered to the police.
  • Then there is a temporal problem. With a classical mobile interception, the SMS are grabbed starting from a specific day and the interception has a time limit for legal reason. The Trojan is another story, it can read the data with no time limit, sending all the conversation on the device from the beginning of it’s history, because is all saved there.
  • During a shadowing there’s the guaranties (except to hire a double) that the position is the effective location of the investigated person. But the device may not travel with the person, it can be stolen or forgotten in a taxy. So basically the device owned by the person is not the person.
  • To believe as we read in the document, that the installation of a malware doesn’t lower the security level where is installed is ridiculous, the base idea of the malware is exactly to let open some vulnerability in order to use it and doing so keep insecure the device of everybody in order to infect them.
  • To certify the not possibility to modify the evidence seems impossible to obtain and later we prove it in two different way. But there’s more. How is possible to certify the producer is not compromised? How is possible to verify that behind the massive architecture there’s not a backdoor for someone else being able to use it? No, there’s no way to verify it.
  • Lastly, seems a paradox for us that the government want to use digital weapons bought from a shadow market and very less transparent as the zero-day market
  • Certify the immutability of the evidence seems impossible to obtain for us and we demonstrate it in 2 different ways.
    1) How is possible to certify that the malware company hasn’t been hacked (see: #hackedteam)
    2) How is possible to certify that in the very big architecture of this malware there are not backdoors?
    Both points can’t be verified.
  • Last but not least, it’s a paradox to consider that Government use digital weapon (zerodays) found on the black market in a very non-transparent way like every zero-day in the dark market nowadays.


During our experiment we notice that the input of this ‘objects’ are considered trusted (not changed by the user), which is clearly erroneous.

  • What may happen if a Skype username is AAAA’ DROP ALL TABLES–?
  • And if it’s length is 10million chars?
  • And what if instead of an image we put something fuzzy script and the malware breaks ? and yes it brokes very bad, ahaha..

How the law will consider this social behavior? self-defense? evidence occultation?



What we want

For us this ‘objects’ CANNOT be regulated.
Can police realize is using weapons without full control of it ?

For us there’s a danger hidden into the secret action of the government over the citizen and this danger is way more unsafe than any other threats, Fullstop.

We want to know all, not just the stats about how many malware are sold or exported (as recently requested by Hermes to the Italian government), but we want to no specifically how exactly are used these new surveillance technique, like IMSI Catcher or Government Malware and how many of them are used

If someone want to tell us, fell free to write us an email:

Underscore _TO* Hacklab // underscore <at>
Key fingerprint = 5DAC 477D 5441 B7A1 5ACB F680 BBEB 4DD3 9AC6 CCA9

Debian ifname with systemd

systemd is bad and is good

yea, we have no many option to live with that and configure the machine who we like, but I have several problem to deal with the new Interface Name, they call it PredictableInterfaceName

I don’t see nothing predictable from a name like ‘eno1’ or ‘ens3f0’

So they change from ‘eth0’ or ‘wlan0’ for security reason, some attacker can plug something and use eth0 to sniff and also other kind of attack.

Then I did some research and I discover to solve this strange names with systemd and then I found a solution which works and I like to use in Debian to have a usable interface name.

1. Go in /etc/systemd/network

2. Create a new file called
and put some code inside like this:


(*) note: you need to change the mac address


3. add as many file you like for every ifname you want to change

4. update the file /etc/network/interfaces using the new ifname

5. restart your system