The FBI, Drug Enforcement Agency, U.S. Army and other U.S. government agencies bought or had plans of buying spying/hacking tools from the Hacking Team. The information comes as Hacking Team, an Italian firm that specializes on hacking and spying, was hacked over the weekend. Leaked documents and emails from the company are now circulating the Internet, including supposedly classified emails that details Hacking Team and the U.S. government’s close working relations.
In Brief: The Hacking Team got a dose of its own medicine
Hacking Team, an Italian firm that profits by selling spying and hacking tools to different government agencies across the globe, was hacked over the weekend. The hackers were able to access more than 400 gigabytes of data, making it available to the public.
The leaked documents exposed some embarrassing security details about the company that is trusted by big governments. One information is how a company said to specialize at hacking journalists and political enemies has a top engineer who uses “password” as his password for supposedly classified files. Christian Pozzi, security engineer at Hacking Team, has also stored his credentials within a folder named “login.txt.” Pozzi has also used a name of an X-men character as password.
The FBI, the Department of Defense and the Drug Enforcement Agency positioned themselves unwittingly with tyrannical governments of Sudan, Kazakhstan, Bahrain and Hungary when the agencies decided to purchase some of Hacking Team’s services and products.
According to leaked documents first seen by Forbes, the list of Hacking team’s clientele include intelligence agencies from Australia. Azerbaijan, Chile, Columbia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, Honduras, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Spain, South Korea, Thailand, Tunisia, Turkey, the UAE and Uzbekistan.
Another document seen by researcher John Adams revealed Hacking Team has had a $1.1 million deal with Sudan.
Among the many leaked documents are email correspondences from Hacking Team’s communication chief, Eric Rabe. The documents revealed that the FBI purchased the team’s premiere spy product, the Remote Control Service or RCS which is more popularly known as the Galileo.
RCS can infect a victim’s computer and thereby siphoning off data, listen on communications even before they are encrypted as explained by WIRED. RCS can also record Skype calls, emails, instant messages and passwords typed in any web browser. RCS can also switch the victim’s web camera on, as well as the microphone.
The high-maintenance love affair with the US government
According to one of Rabe’s email, the FBI is not so much of a serious customer. “The FBI unit that is using our system seems like a pretty small operation and they have purchased RCS as a sort of back up to some other system they use,” Rabe said in an email obtained by Forbes.
The ‘not so serious customer’ had spent $700,000 on one contract with the Hacking Team. And while the contract expires in June, the FBI is signing another contract if the hack on Hacking Team did not happen, Forbes said. FBI had particularly shown interest to the Galileo because it is a “nice-to-have” tool for “low-level” investigations.
A correspondence with Daniele Milan, Hacking Team’s operations manager, revealed that the FBI had also shown interest in products that target Tor which is widely used by criminals and activists to hide their identities.
“They [the FBI] continue to be interested in new features all the more related to TOR, VPN [virtual private networks] and less-click infections. In the past their targets were 20 per cent on TOR, now they are 60 per cent on TOR. They want to be able to catch the IP of their targets using TOR,” Milan wrote.
The DEA had spent $567,000 on a 2012 contract that remains valid until December 2015. The DEA had also negotiated about starting a Hacking Team USA, with employees to be trained in Bogota, Columbia. According to an email from Rabe, “one or two Washington officials plan to be in Bogota in late June to review operations there.”
Another email from Milan said the team had a meeting with the Metropolitan Bureau of Investigation of Orlando, Florida. “We briefly met the Director of the MBI, who ackwnoledged [sic] the need for a solution like ours. [NAME REDACTED] agreed and was positive in finding budget, along the lines of the new price list. They are interested in 10 conc. targets to being with, while infection vectors are still to be evaluated,” Milan wrote in an email as reported by Forbes.
The U.S. Army had signed a deal with the Hacking Team in 2011. However, due to budget cuts the contract was never pursued. The FBI, DEA and MBI have yet to issue comments regarding the issue.
You might be interested: Princess Charlotte Christening: Jolie-Pitt May Be Godparents