Human rights advocates across the Arab world are combing through the troves of data uncovered in last Sunday's massive hack of the controversial Italian security and surveillance technology firm Hacking Team.
Hacking Team's notorious “Remote Control System” has been used by oppressive regimes in Saudi Arabia, Bahrain, Sudan, UAE, Oman, Morocco and Egypt to surveil and intimidate political opponents, human rights advocates, journalists, and digital activists. The Remote Control System is a pernicious form of surveillance technology that enables the attacker, usually a government entity, to infiltrate and control the device of the target. It can copy files from a computer’s hard disk, record Skype calls, e-mails, instant messages, passwords typed into a web browser, and even turn on and eavesdrop via a computer's webcam.
Hacking Team technologies have become so prevalent in this realm that the company was named an “Internet Enemy” by Reporters Without Borders in 2012. Working with activists who have been targeted by governments using Hacking Team products, the University of Toronto's Citizen Lab has undertaken large scale technical research to better understand the systems used by Hacking Team and other major surveillance technology providers. Their research can be found here.
The company's official Twitter account, that was also hacked, pointed to the torrent file of more than 400 gigabytes of internal data: Emails, bills, client lists, source code, contracts and even personal WhatsApp backups. The documents are also available on Transparency Toolkit and the emails are available on Wikileaks [updated July 15, 2015].
It remains unclear who hacked Hacking Team. An individual known as “Phineas Fisher”, who claimed to have hacked into the systems of Gamma, a UK and Germany-based major surveillance technology company, has claimed responsibility for the attack, but this is difficult to verify.
Shortly after information from the hack became public, several security experts and journalists started posting Hacking Team's lengthy client list, internal communications records, and some invoices. Among the international clients, several Arab states have apparently used the services of Hacking Team.
Cairo-based digital rights activist Ramy Raoof tweeted to his 111K followers documents revealing that GNSE Egypt, a prominent e-business firm in the region, appears to have negotiated the purchase of Hacking Team software:
— Ramy Raoof (@RamyRaoof) July 6, 2015
Raoof pointed out that the hack proved what the activists in the region knew all along:
— Ramy Raoof (@RamyRaoof) July 7, 2015
Advocates in Morocco have had similar reactions. In 2012, citizen media group and Global Voices partner Mamfakinch was the target of an attack using Hacking Team's Remote Control System. When they received an email that appeared to contain a story tip, unsuspecting members of the group opened a document attached to the email and their computers were instantly taken over by the system. Sunday's revelations confirm that they had learned some years prior, after investigating the incident with the help of digital security experts.
Human rights defender and digital security consultant Mohammed Al-Maskati tweeted to his 89K followers that Bahrain bought several spy software products from Hacking Team.
Bahrain purchased several spywares from @Hackingteam and as per the leaked documents, the last maintenance happened not so back ago.
— Mohammed Al-Maskati (@MohdMaskati) July 6, 2015
2- The @hackingteam spyware can breach encrypted files and emails, Skype and other Voice over IP or chat communication, copy local files and turn on the device camera.
The spyware can also log every keystroke, which will include sensitive information and passwords.
One invoice from the files shows the purchase of a “Remote Control System” for a total of €210K by an entity called “Midworld Pro” located in Dubai, UAE. A file name associated with the invoice reads “Midworld Pro – Bahrain”. Separate documentation indicates that the government of Bahrain purchased €210K worth of services and products from Hacking Team, suggesting that this purchase was likely routed to Bahrain through the UAE.
Along with Egypt and Bahrain, documents also revealed that the Lebanese Army purchased Hacking Team's Remote Control System, along with other equipment. It appears that the government spent over one million Euros on their products.
Lebanese journalist Mahmoud Ghazayel tweeted that he was blocked by the official Lebanese Army account on Twitter after inquiring about the Hacking Team leaked files.
The leaked documents also revealed that Hacking Team sold to Sudan. EFF's Eva Galperin tweeted:
In the leaked ClientList_Renewal.xls, Hacking Team noted that Sudan is “not officially supported”. Russia was also listed as such. The documents also reveal several communications between the company and the United Nations Security Council Committee regarding the use of a Remote Control System within Sudan. Hacking Team's Remote Control System appears to have stood in violation of a 2005 resolution (1591) that placed an arms embargo on the country.