Turning the Tables on the Trackers: Wikileaks Sniffs out Spy Salesmen

  • by Pratap Chatterjee (berkeley, california)
  • Inter Press Service

Wikileaks suspects that Hacking Team technology is used to snoop on activists and dissidents.

Julian Assange, the editor in chief of WikiLeaks, says that the information came from a special counter-intelligence unit that his organisation created "to protect WikiLeaks' assets, staff and sources from hostile intelligence operations and to reveal the nature of intelligence threats against journalists and sources more broadly."

According to research conducted by the Kaspersky Lab, an anti-virus company, Hacking Team sells technology that can be used to create emails to target suspects by inviting them to click on a link or attachment that then installs a spy tool called Remote Control System (RCS) on the target's computer.

RCS (also known as DaVinci) can then copy the Web browsing history of its targets, turn on their computer microphone and webcam to eavesdrop on them, as well record their conversations on computer applications like Skype.

Wikileaks documented the travels of two Hacking Team salesmen to countries with a poor record of human rights.

The first was Maanna, whose LinkedIn profile confirms that he works for Hacking Team in Milan. He came to work for the company in January 2011 after completing high school in Tyre, Lebanon, and an undergraduate and graduate degree in telecommunications engineering from Politecnico di Torino in Turin, Italy.

In addition to three trips to Saudi Arabia, Maanna's travel profile places him in Egypt three times in 2013. He also made two trips each to Malaysia and Morocco in the last three years, among other countries, including United Arab Emirates (UAE) and Turkey, according to the documents released by WikiLeaks.

The second individual is Marco Bettini, a sales manager for almost 10 years at HackingTeam whose LinkedIn profile says he studied at the Instituto Radiotecnico Beltrami. Bettini is also identified as traveling to Morocco and UAE in February 2013.

Three of these countries - Morocco, Turkey and the UAE - are nations in which Hacking Team has come under fire from groups like Privacy International and Reporters Without Borders for the alleged use of its software.

For example, Mamfakinch, a Moroccan citizen journalist group that was created during the 2011 Arab Spring, believes that it was targeted with a "backdoor" attack by software that is identical to Hacking Team's RCS system, according to an analysis by Dr. Web, an anti-virus company.

Slate Magazine described how the Mamfakinch's computers were infected by spy software after members opened an email titled "Dénonciation" (denunciation) that contained a link to what appeared to be a Microsoft Word document labeled "scandale (2).doc" alongside a single line of text in French, which translates as: "Please do not mention my name or anything else, I don't want any problems."

Wired magazine recently published details of an attack on a U.S. activist who was sent an email about Turkey that appeared to come from a trusted colleague at Harvard that "referenced a subject that was a hot-button issue for the recipient, including a link to a website where she could obtain more information about it." Although she did not click on the email, Arsenal Consulting, a digital forensics company, analysed the link and discovered that it, too, contained RCS attack software.

And Citizen Lab, a computer security research group in Canada, identified emails sent to Ahmed Mansoor, a UAE human rights activist, which were also allegedly designed with Hacking Team software. Mansoor was a member of a group of activists who were imprisoned from April to November 2011 on charges of insulting an Emirati royal family. He told Bloomberg that he was identified and then beaten after he clicked on an email that contained a Microsoft attachment that infected him with the spy software.

Company response

A spokesperson for Hacking Team says the company strictly follows applicable export laws and other regulations and only sells its products to governments or government agencies.

"The point that is generally missed in discussions like this is that the world is a dangerous place, with plenty of criminals and terrorists using modern Internet and mobil technologies to do their business, and that threatens us all," Eric Rabe, the general counsel of Hacking Team, told IPS via email.

"We firmly believe that the technology we make available to government and law enforcement makes it harder for those criminals and terrorists to operate."

Rabe says that Hacking Team understands the potential for abuse of its products, so it reviews customers before a sale to determine whether or not there is "objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations."

He noted that his company's products have an auditing feature that cannot be turned off so that government agencies can check how and when surveillance occurs.

"Of course, HT cannot monitor the use of our software directly since clients must have the ability to conduct confidential investigations," Rabe added. "Should we suspect that abuse has occurred, we investigate. If we find our contracts have been violated or other abuse has occurred, we have the option to suspend support for the software. Without support, the software is quickly rendered ineffective."

Rabe says that Hacking Team did investigate "the Morocco and UAE assertions" but he was not able to comment since the company "does not share the results of such investigations nor do we publish whatever actions we may subsequently take."

But activists still say that they are very concerned about details in the travel logs released by Wikileaks.

"The evidence and timeline does give credence to the idea that the discovery of Hacking Team software in Morocco and UAE corroborates with their sales team visit to those countries," Kenneth Page, a policy officer at Privacy International, told Corpwatch.

"This is clearly not an ad-hoc process within a small industry, but a calculated and considered business deal in a global trade with profits made off the suffering of individuals," says Page. "As the Wikileaks release today has shown, the business procedure behind the sale of surveillance technology is as well laid out as any other international trade - including proposals and presentations, site and country visits, contracts, and costing packages."

Page said that the companies that develop and sell surveillance technology to such regimes should not be allowed to abdicate responsibility for freely selling this technology to just any government regardless of their human rights record.

"Companies know full well how their products work and, after tailoring to their specific clients' need, know how they will be used," added Page.

*A longer version of this story originally appeared on Corpwatch.org.

© Inter Press Service (2013) — All Rights ReservedOriginal source: Inter Press Service