FacebookTwitterGoogle+RedditEmail

Hacking the Hacking Team: The Innards of the Surveillance Industry

“Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics time after time.”

– Eric King, Deputy Director Privacy International, Jul 7, 2015

What goes around can come around with inexorable force. An Italian hackers-for-hire company called the Hacking Team, selling software to facilitate surveillance, has been, in turn, hacked. In this self-assuming ecology, such companies will have to expect that what they allow others to do will be used on them in time.

The firm specialises in the sale of malicious software and technologies on a large scale, supplying a range of intelligence agencies and governments. It’s stated aim is clear and mercenary in promise: “We provide effective, easy-to-use offensive technology to the worldwide law enforcement and technology companies.”

On Sunday night, the hackers in question got busy changing the Twitter account of the company from The Hacking Team to The Hacked Team, with its transformed, stated purpose being, “Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.”

For twelve hours, the company’s site was steered, a period which saw the release and distribution of company data, including a range of juicy titbits. “Since we have nothing to hide,” went the message, “we’re publishing all our e-mails, files and source code.” The posted link effectively published a 400 gigabyte trove of internal documents, including customer invoices, executive emails and promised source code.

The surveillance industry is teaming with such technology, because clients keen to monitor their citizens and employees will always find the most readily available, and purchasable route. The business incentive is dressed up in champagne-reception styled promise: we provide the best services money can buy. We go to the shows. We go to the workshops and stump valuable software. All to satisfy the peeping tom impulse of state bureaucracy.

The client list is worth exploring, given that the company’s persistent denial about selling to customers with a patchy record. The University of Toronto’s Citizen Lab’s report last year claimed to find traces of the Hacking Team’s apparently untraceable software in 21 countries. Company spokesman Eric Rabe dismissed the suggestions, citing a diligent internal system policing any abuse.

He also proved steadfast on the issue of not revealing client names, claiming that doing so would “jeopardise the confidentiality necessary for necessary law-enforcement and intelligence operations” (Mashable, Feb 24, 2014).

The human rights dimension was certainly not absent from internal company correspondence. The Hacking Team’s Operations Manager, Daniele Milan, expressed concern in an email (Mar 19) to various members of the company, including Rabe, about the impact of “Citizen Lab/HRW reports.” Of specific concern was Ethiopia, whose agency had been “reckless and clumsy” in using their software against the Ethiopian Satellite Television Service and Ethiopian journalists in the United States. “What’s worst is that we can be sure that if we allow them to continue, more [bad publicity] will come.” The customer, seemingly, is not always right.

As was revealed in the information dump, the list includes such states as Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Oman, Saudi Arabia and Sudan. They also count among them various agencies – the DEA, the US Department of Defence, and the FBI. (Unsurprising to note that one of the firm’s three head offices is based in Annapolis, Maryland, deep in the US intelligence cluster.)

Counted among the invoices is one for $1 million made out to the Information Network Security Agency of Ethiopia, a country not exactly flowering with protections for its journalists. Sudan also features for an invoice at half the price. Both had agencies keen to obtain the spyware tool called the Remote Control System. The RCS is described amongst the Hacking Team’s own materials as “a solution designed to evade encryption by means of an agent directly installed on the device”.

While the event is still raw, the company has been in the sites of investigative journalists and students of the surveillance industry. Cora Currier and Morgan Marquis-Boire published an expose in The Intercept in October last year outlining the uses of RCS software in various manuals. Meant for government technicians and analysts, they cover the activation of cameras, password collection, log typing, and noting Skype calls and emails.

The Hacking Team’s RCS 9 Analyst’s Guide is replete with the functionality of tapping, a step-by-step process on how “targets” are assigned and “operations” conducted.

As Currier and Marquis-Boire explain, these manuals also list means of infecting devices via wifi networks, streaming video, USB sticks, and email attachments. Even the modestly trained technician would be able to operate these without fear of detection.

The surveillance industry has no codes of fidelity or borders of control. It is simply a business over nourished by peeping tom patrons. Caught in this tawdry mix are users of such technologies who simply want that rather frayed liberty of privacy to be protected. Not all who use encryption tools seek to trick the law and its suspicious officials.

FBI Director James Comey may well be concerned about “criminals and terrorists” liking “nothing more” than to have access to encryption defeating devices (Guardian, Oct 17, 2014). His obsession here lies with making sure such companies “build lawful intercept capabilities for law enforcement.” But Comey is being fundamentally naïve. The Hacking Team and those of its ilk have an interest, less in principles of liberty, than bottom lines of profit. In this industry, buyers, not moralists, matter above all else.

More articles by:

Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne. Email: bkampmark@gmail.com

April 23, 2018
Patrick Cockburn
In Middle East Wars It Pays to be Skeptical
Thomas Knapp
Just When You Thought “Russiagate” Couldn’t Get Any Sillier …
Gregory Barrett
The Moral Mask
Robert Hunziker
Chemical Madness!
David Swanson
Senator Tim Kaine’s Brief Run-In With the Law
Dave Lindorff
Starbucks Has a Racism Problem
Uri Avnery
The Great Day
Nyla Ali Khan
Girls Reduced to Being Repositories of Communal and Religious Identities in Kashmir
Ted Rall
Stop Letting Trump Distract You From Your Wants and Needs
Steve Klinger
The Cautionary Tale of Donald J. Trump
Kevin Zeese - Margaret Flowers
Conflict Over the Future of the Planet
Cesar Chelala
Gideon Levy: A Voice of Sanity from Israel
Weekend Edition
April 20, 2018
Friday - Sunday
Paul Street
Ruling Class Operatives Say the Darndest Things: On Devils Known and Not
Conn Hallinan
The Great Game Comes to Syria
Jeffrey St. Clair
Roaming Charges: Mother of War
Andrew Levine
“How Come?” Questions
Doug Noble
A Tale of Two Atrocities: Douma and Gaza
Kenneth Surin
The Blight of Ukania
Howard Lisnoff
How James Comey Became the Strange New Hero of the Liberals
William Blum
Anti-Empire Report: Unseen Persons
Lawrence Davidson
Missiles Over Damascus
Patrick Cockburn
The Plight of the Yazidi of Afrin
Pete Dolack
Fooled Again? Trump Trade Policy Elevates Corporate Power
Stan Cox
For Climate Mobilization, Look to 1960s Vietnam Before Turning to 1940s America
William Hawes
Global Weirding
Dan Glazebrook
World War is Still in the Cards
Nick Pemberton
In Defense of Cardi B: Beyond Bourgeois PC Culture
Ishmael Reed
Hollywood’s Last Days?
Peter Certo
There Was Nothing Humanitarian About Our Strikes on Syria
Dean Baker
China’s “Currency Devaluation Game”
Ann Garrison
Why Don’t We All Vote to Commit International Crimes?
LEJ Rachell
The Baddest Black Power Artist You Never Heard Of
Lawrence Ware
All Hell Broke Out in Oklahoma
Franklin Lamb
Tehran’s Syria: Lebanon Colonization Project is Collapsing
Donny Swanson
Janus v. AFSCME: What’s It All About?
Will Podmore
Brexit and the Windrush Britons
Brian Saady
Boehner’s Marijuana Lobbying is Symptomatic of Special-Interest Problem
Julian Vigo
Google’s Delisting and Censorship of Information
Patrick Walker
Political Dynamite: Poor People’s Campaign and the Movement for a People’s Party
Fred Gardner
Medical Board to MDs: Emphasize Dangers of Marijuana
Rob Seimetz
We Must Stand In Solidarity With Eric Reid
Missy Comley Beattie
Remembering Barbara Bush
Wim Laven
Teaching Peace in a Time of Hate
Thomas Knapp
Freedom is Winning in the Encryption Arms Race
Mir Alikhan
There Won’t be Peace in Afghanistan Until There’s Peace in Kashmir
FacebookTwitterGoogle+RedditEmail