Hack at surveillance firm exposes ties to FBI, DEA

A controversial Italian company that reportedly sells surveillance tools to U.S. authorities has been hacked, revealing long-standing ties to the U.S. government and potentially incriminating deals with repressive regimes.

The firm, Hacking Team, has always denied selling directly to governments in countries such as Sudan, which is currently under a United Nations arms embargo. The company’s connection to U.S. agencies has also never been confirmed.


But emails and documents dumped Monday by a hacker are challenging those denials and expose a multi-year relationship with the FBI and Drug Enforcement Agency (DEA). They also show efforts to market surveillance products to the CIA, the Pentagon and numerous local law enforcement agencies around the U.S.

“The more I read, the more I think the term 'merchants of death' accurately applies to @HackingTeam,” tweeted Christopher Soghoian, principal technologist for the American Civil Liberties Union (ACLU).

Hacking Team has long been criticized by human rights groups and digital researchers. The firm was placed on Reporters Without Borders’s “Enemies of the Internet” list in 2012 because of alleged shady business relationships with governments using its technology to monitor and suppress journalists and political dissidents.

On Monday, the company’s Twitter account was hijacked and started sending out links to more than 400 gigabytes of the company’s internal documents and correspondence, including full lists of current and former clients.

“Since we have nothing to hide, we’re publishing all our emails, files and source code,” said one tweet, later deleted, Reuters reported.

The company has not responded to requests seeking to confirm the information’s validity.

If legitimate, the documents reveal a relationship with the FBI spanning back to 2011.

Many have questioned the bureau’s use of remote spying software over concerns about exactly how the agency places so-called “spyware” on suspect’s computers.

“It is unclear from public reporting which spyware programs the FBI currently uses and what their capabilities are,” wrote Senate Judiciary Committee Chairman Chuck GrassleyChuck GrassleyBiden's program for migrant children doesn't go far enough The Hill's Morning Report - Presented by Facebook - Biden support, gas tax questions remain on infrastructure 64 percent of Iowans say 'time for someone else' to hold Grassley's Senate seat: poll MORE (R-Iowa) in a June letter to the FBI. “The procedures used by the FBI to obtain approval to deploy spyware ... raise important issues.”

Monday’s information dump provides one of the most exact indicators of the type of software the FBI supposedly uses for these remote electronic searches.

According to Hacking Team’s website, its surveillance software, known as Remote Control System (RCS), “is a solution designed to evade encryption by means of an agent directly installed on the device to monitor.”

“Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable,” it adds.

The revelation is likely add fuel to the fire of the ongoing fight between the FBI and technologists. The bureau claims it supports strong encryption, but is pushing for some sort of legal guarantee.

The bureau’s relationship with Hacking Team has never been officially acknowledged.

But the FBI has been caught using similar technology. The agency admitted last fall to faking an Associated Press story to lure a suspect into clicking on the link and infecting the person’s computer with spying software.

According to an analysis of the documents by The Intercept, the documents also show a relationship with the DEA starting in 2012. While the agency decided the firm’s surveillance tools were “too controversial” for use in the U.S., it did purchase the software to use in collaboration with Colombian law enforcement.

The published list of Hacking Team’s clients also includes a series of governments with poor human rights records.

Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Russia and Saudi Arabia all show up as “active clients,” in addition to Sudan.

The link to the Sudanese government was initially unveiled in a 2014 report from The Citizen Lab, a digital rights research group based at the University of Toronto. Those same investigators investigators later uncovered efforts by the Ethiopian government to hack U.S.-based journalists.

Motherboard reported that the firm on Monday told its customers to shut down use of its surveillance tools as it grapples with the hack.