Catarina Pinto
It’s as ironic as it could get: a surveillance software provider gets a taste of its own medicine when it is hacked, and soon finds millions of its emails disclosed and archived by WikiLeaks.
Hacking Team, an Italian tech company well known for developing and selling cyber surveillance software to governments across the globe, was recently revealed to have exchanged emails with Macau’s anti-graft agency for a surveillance software demonstration.
The Commission Against Corruption (CCAC) had expressed interest in acquiring the company’s Remote Control System – described as a “spyware-based system for attacking, infecting and monitoring computers, and smartphones.”
The CCAC was keen on monitoring smart- phones, one of the emails read.
The idea that, for the sake of national security, police forces and government agencies could make use of surveillance software – during particularly sensitive investigations, for instance – isn’t exactly new.
But the massive hack into Hacking Team’s data brings to light the extent of this surveillance, and makes one wonder who and what exactly government and police forces have been hacking into.
As cyber culture journalist and researcher Joshua Kopstein points out in an article published by Al Jazeera America, “The problem is that law enforcement wants both backdoors and hacking powers – and we still haven’t had a debate about the latter. What kind of suspects should law enforcement be allowed to hack?”
“What will stop authorities from planting evidence on someone’s computer? Given the well-
known problem of attribution in online crime investigations, how will they ensure they’re hacking the right person and that no innocents will get caught up in the process?”
The problem is, I’d say, that we the citizens have no assurances that governments or police forces will only use hacking when no other option is available. Nor do we know that they won’t hack into the mobile phone or computer of the wrong person. Even more so, we have no assurances that their hacking intentions are noble – if most acts of hacking are truly well-intentioned, anyway.
However, history has proved that hacking has sometimes been used in the name of the so-called public interest, shedding light on questionable government secrecy and actions.
But again the problem with hacking is that – as with so many other tools – it may fall into the wrong hands.
The massive amount of leaked data shows that the company had sold surveillance soft-
ware to repressive regimes across the globe. Questionable customers included Ethiopia, Sudan, Saudi Arabia, Uzbekistan, Bahrain or Tunisia.
However, what amazed me the most was their compelling advertising efforts. A video on the company’s webpage advertises the capabilities of the RCS software: “Is passive monitoring enough? You need more.” It goes on: “You need to look through your target’s eyes” – when I read this I can’t help but wonder if someone somewhere is really watching.
“You have to hack your target while your target is browsing the web; exchanging documents; receiving SMSes; crossing borders (…) being stealthy and untraceable; immune to protection systems, hidden collection infrastructure. Deployed all over your country, up to hundreds of thousands of targets, all managed from a single place. Exactly what we do. Remote Control System Galileo. The Hacking Suite for Governmental Interception.” Disturbing, to say the least.
No Comments