[LINK] Hacking company's software released - ASIO/AFP use/used

Jan Whitaker jwhit at janwhitaker.com
Fri Jul 10 09:30:49 AEST 2015 

[When you got something like this, inevitably it's going to get out. You can't say 'we're only supporting the "good guys" '.]

Hacking Team: Australian Government agencies negotiating with notorious surveillance company, leaked emails show
AM
By Benjamin Sveen and Will Ockenden
http://www.abc.net.au/news/2015-07-10/leaked-emails-expose-australian-government-agencies-hacking-team/6609276

Australian law enforcement and intelligence services are more closely linked to notorious, Italian-based surveillance company Hacking Team than previously thought.

Leaked emails published by WikiLeaks show company representatives identifying spy agency ASIO, the Australian Federal Police (AFP) and Victoria's anti-corruption watchdog IBAC in secret negotiations for their powerful electronic spying and surveillance software.

The leak emerged after the Milan-based cyber security company had itself fallen victim to a cyber attack earlier this week with nearly 440 gigabytes of their internal data uploaded to the internet.

For years, Hacking Team has been criticised by security researchers and international NGOs for supplying its intrusion and surveillance software to oppressive dictatorships like Sudan, which is subject to United Nations sanctions.

Hacking Team's flagship product is called Remote Control System (RCS), and works by installing malicious software on a target's phone or computer which can remotely activate microphones and cameras and send the data back for analysis.


Hacking Team's own website promoted the software as "totally invisible to the target", with the ability to "defeat encryption", record Skype conversations, and obtain data like emails and text messages stored on a computer or phone.


Government agencies' negotiations exposed

Victoria's Independent Broad-based Anti-corruption Commission (IBAC) was considering signing a $500,000 contract for secret monitoring software from Hacking Team as recently as two weeks ago.

IBAC was given a live demonstration of Hacking Team's flagship product in May.

The emails show IBAC's Electronic Collections Unit and representatives from Hacking Team's Singaporean office engaged in late-stage negotiations over a licence to access their digital intrusion and surveillance tools in late June.

Another leaked email chain shows a Canberra company called Criterion Solutions signing a non-disclosure agreement for access to confidential information about the RCS program in November 2014.

The Hacking Team's Singaporean representatives later said Criterion Solutions was acting as a representative of ASIO.

The ABC has made several attempts to contact ASIO but have not yet received a response.


AFP declines to comment on or confirm transactions

The company accounts indicate the Australian Federal Police were also a client of Hacking Team with invoices from November 2009 and February 2010 for offensive spyware products, amounting to 245,000 euros.

When approached by the ABC, an AFP spokesperson declined to comment on or confirm the transactions.

"The AFP does not confirm or deny what may or may not form part of its operational or technical methodologies," she said.

The emails show the AFP was a client of Hacking Team until 2011, when it cancelled the contract.

"The AFP no longer has a need for the capability you provide, hence our decision to withdraw from maintaining it," an AFP officer wrote in an email to Hacking Team. "We wish to thank you for your support and wish you all the best."

Other compromised documents detail Hacking Team's participation in the 2014 National Security Conference in Sydney, where the group showcased its offensive technologies to Australian Government officials.

IBAC declined to comment on anything related to Hacking Team.

A spokesperson for IBAC said it "is not a client of Hacking Team and has never purchased any of its services".

The leaked email chain also indicated a point of contention was the insistence of IBAC's legal department to locate the servers hosting the spyware in Australia, against the views of Hacking Team employees.


Hacking Team 'horrified by criminal attack'

The 440 gigabytes of leaked data includes email correspondence with clients, codes for infecting phones and computers with malware, and contracts with governments for access to their offensive interception technologies.

Eric Rabe, the chief marketing and communications officer for Hacking Team, told AM the attack was "reckless and dangerous".

"I am horrified by the criminal attack on our company that has resulted in the ability to have those documents online", he said.

"It shows that the criminals who did this have no regard for public safety.

"Police and investigators need to be able to do their work to keep the rest of us safe and the tool that Hacking Team provides is a step in that direction."


UN investigating Hacking Team's complicity in possible abuses

For years Hacking Team has been criticised by security researchers and international NGOs for allegedly supplying oppressive dictatorships with its software.

The hacked database showed that a United Nations Security Council (UNSC) investigation was underway into whether Hacking Team serviced the government of Sudan, who are subject to UN sanctions from a long and documented history of human rights abuses.

When the ABC asked Mr Rabe about the UN's investigation into the sale of surveillance tools to Sudan against UN sanctions, he broadly defended his company's conduct.

"Our view of whether Sudan was a reasonable place or not I think has changed, as has the United Nations and others over the last number of years, so we've adjusted to that," he said.

The database also included correspondence showing that over the past year, Hacking Team's CEO David Vincenzetti has stonewalled attempts by an UNSC Expert Panel to uncover the nature of its commercial relationship with Sudan, by initially denying it was a client, and then accusing the UNSC of "damaging" the company's reputation in an "unjustified" manner.

Earlier this year, UK-based organisation Privacy International wrote a briefing to the Italian government, outlining their concerns about Hacking Team's operations.

Matthew Rice from Privacy International said his organisation was blown away by what the hack revealed.

"There were 46 countries altogether that have purchased Hacking Team's products," he said.

"That goes to Egypt, Bahrain, Tunisia ­ which we had never known about before ­ Azerbaijan and Sudan."


Hack exposes the failure of self-regulation: Privacy International

Privacy International has called upon the United Nations monitoring group to intensify its investigation into Hacking Team.

"The first thing that needs to happen is that what is left of Hacking Team, they need to answer the questions from the UN monitoring group truthfully," Mr Rice said.

"What needs to come out of this kind of hack is a proper investigation into whether or not there was complicity in human rights abuses."

Mr Rice said the Hacking Team leak exposed the failure of digital surveillance companies to self-regulate and that governments must do more to ensure the integrity of their contractors.

"I'm sure [Western governments] did not have a full picture at the time of who [Hacking Team] were selling to, but we hope that by looking at this information, they are seeing this is an industry that is not going to make massive distinctions between Western governments and governments from other parts of the world, or governments with strong human rights records and governments with awful human rights records," he said.

"The question is whether we, as governments and democratic states, begin to make those distinctions ourselves about the kinds of companies we should be working with in procuring communications surveillance equipment." 


From other news sites:

    * <http://www.dailymail.co.uk/wires/ap/article-3155238/WikiLeaks-posts-library-leaked-Italian-hackers-emails.html>Daily Mail: <http://www.dailymail.co.uk/wires/ap/article-3155238/WikiLeaks-posts-library-leaked-Italian-hackers-emails.html>WikiLeaks posts library of leaked Italian hackers' emails  
    * <http://www.forbes.com/sites/thomasbrewster/2015/07/09/wikileaks-release-indicates-hacking-team-sold-to-fsb-russias-secret-police/>Forbes: <http://www.forbes.com/sites/thomasbrewster/2015/07/09/wikileaks-release-indicates-hacking-team-sold-to-fsb-russias-secret-police/>Wikileaks Release Indicates Hacking Team Sold To FSB, Russia's Secret Police  


I write books. http://janwhitaker.com/?page_id=8

Melbourne, Victoria, Australia
jwhit at janwhitaker.com
Twitter: <https://twitter.com/JL_Whitaker>JL_Whitaker
Blog: www.janwhitaker.com 

Sooner or later, I hate to break it to you, you're gonna die, so how do you fill in the space between here and there? It's yours. Seize your space. 
~Margaret Atwood, writer 

_ __________________ _

More information about the Link mailing list