The president of Italian spyware manufacturer, Hacking Team, joked about WikiLeaks publishing a leak about the firm’s technology on June 8.
“Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-),” CEO David Vincenzetti wrote in an email. “You would be demonized by our dearest friends the activists, and normal people would point their fingers at you.”
Vincenzetti was referring to an “end user,” who wanted the firm’s training to be recorded. He rejected the request fearing video would become “freely available on the Internet.”
“Leaks happen, happen to everyone including the NSA,” Vincenzetti declared. “It happened to me once when I was working as sales man for our technology. I was in Asia. One of the attendees pulled out a camera and started video recording my presentation. I immediately stopped and said: no way. He put the camera in his pocket again.”
Now, for the past few days, over 400 gigabytes of emails from Hacking Team dumped on the internet by hackers have been available. More than a million emails are in a searchable database at WikiLeaks for activists, “normal people,” and journalists to browse and uncover details related to business relationships Hacking Team had with law enforcement agencies in countries with repressive regimes.
WikiLeaks previously published a few documents from Hacking Team when it released “The Spy Files,” which exposed aspects of the global surveillance industry. A presentation, video, and brochure about “remote control systems” or RCS, which Hacking Team sells to law enforcement and intelligence agencies to use against users, were posted on the media organization’s website.
According to Privacy International’s briefing to the Italian government [PDF], RCS is an invasive surveillance technology that can “covertly collect, modify, and/or extract data from a device through the installation of malicious software on the device. The malware is inserted on the computer as a trojan, or a malicious code disguised in inconspicuous files or attachments, and is executed on the device.”
Hacking Team’s technology makes it possible to bypass encryption in “common communications services software” and to log Skype calls, emails, instant messages, web browsing data, deleted files and even shots that are taken with a computer’s webcam.
In September 2013, WikiLeaks published data that showed where Hacking Team surveillance salesman had traveled. It was part of a counterintelligence effort put together by WikiLeaks.
“This is BLATANT privacy violation! HOW did they collect such information?” Vincenzetti reacted in an email on September 5, 2013.
Alberto Ornaghi of Hacking Team replied, “If you are a TELCO operator with access to SS7 signaling it’s easy to know where a phone is,” and, “We could provide our key traveller [sic] a different phone number (when they are abroad) and see a call-forwarding from the old number (always in italy).”
One employee thought the information on Hacking Team operations was from a whistleblower in a telecom provider the firm used. The employee suggested switching to a new provider.
When documents were posted to WikiLeaks in December 2011 that called attention to Hacking Team, Marco Bettini, who would later have his travel on behalf of the firm exposed by WikiLeaks, worried about someone leaking information obtained at the Intelligence Support Systems (ISS) conference in Kuala Lumpur. Bettini believed posted documents came from an ISS event and exhibitors, which were in attendance. (more…)