Fear This Man And His Hacking Empire

Hacking Team is among the few dozen private contractors feeding the world’s law enforcement & intelligence agencies with spyware. 

The editor and co-founder of Mamfakinch, a pro-democracy website created in Morocco during the Arab Spring, Almiraat was one of his country’s most outspoken dissidents and someone accustomed to cryptic emails: Moroccan activists faced jail time for their views and risked their jobs, or even their lives, for speaking out against their government. 

From Normandy’s capital city, where Almiraat was in medical school, the bespectacled 36-year-old spent his time, in between classes and hospital shifts, mentoring, coaching, and editing more than 40 citizen journalists. The group covered the roiling unrest back in Almiraat’s homeland, where he would soon return after completing his studies. 

Almiraat and his colleagues also trained Mamfakinch’s writers to use encryption software, most notably the Onion Router, so that their online activities remained anonymous and shielded. Tor, as it’s widely known, masks a user’s identity and physical location. “People were relying on us to protect their…reputations, their careers, and probably also their freedoms,” Almiraat says. “All of that could be put in jeopardy if that were made public.” It was precisely this forethought that had earned Mamfakinch the Breaking Borders Award, sponsored by Google and the citizen-media group Global Voices, for its efforts “to defend and promote freedom of speech rights on the Internet.”

But on that July morning, just 11 days after receiving the award, Almiraat read the message from Imane and knew “something wasn’t right.” A website link directed him to a document labeled “Scandal,” which, once downloaded, was blank. His associates received the same note.

Suspicious, Almiraat promptly forwarded the email to an activist he knew, who then sent it to Morgan Marquis-Boire, a dreadlocked, tattooed 32-year-old digital activist who’d grown up hacking in New Zealand under the nickname “Mayhem.” 

A top security researcher at Google, Marquis-Boire had made waves recently as a volunteer detective for Citizen Lab, a technology research and human rights group at the University of Toronto; he and several colleagues had found evidence that suggested Bahrain was using surveillance software, a product intended for government spying on suspected criminals, against supporters of political reform.

After a month-long analysis of the Scandal file, Marquis-Boire contacted Almiraat with disturbing news: Anyone who had opened the document had been infected with highly sophisticated spyware, which had been sent from an Internet protocol address in Morocco’s capital of Rabat. Further research confirmed that the Supreme Council of National Defense, which ran Morocco’s security agencies, was behind the attack. 

Almiraat and his colleagues had essentially handed government spies the keys to their devices, rendering Tor, or any other encryption software, useless. Morocco’s spooks could read the Mamfakinch team’s emails, steal their passwords, log their keystrokes, turn on their webcams and microphones, and spies likely had been doing exactly those things and more since the intrusion in July.

That wasn’t all. Marquis-Boire and other experts found “a trail of bread crumbs from a surveillance company that, you’d think, would have left no bread crumbs, let alone a trail,” he recalls. Tucked in the source code of the Scandal document, a few small lines had been left behind in error. And they were the first fragments that ultimately led to the most powerful and notorious dealer in online Spycraft: the Hacking Team.

The Blackwater of surveillance, the Hacking Team is among the world’s few dozen private contractors feeding a clandestine, multibillion-dollar industry that arms the world’s law enforcement and intelligence agencies with spyware. Comprised of around 40 engineers and salespeople who peddle its goods to more than 40 nations, the Hacking Team epitomizes what Reporters Without Borders, the international anti-censorship group, dubs the “era of digital mercenaries.”

The Italian company’s tools, “the hacking suite for governmental interception,” its website claims, are marketed for fighting criminals and terrorists. But there, on Marquis-Boire’s computer screen, was chilling proof that the Hacking Team’s software was also being used against dissidents. It was just the latest example of what Marquis-Boire saw as a worrying trend: corrupt regimes using surveillance companies’ wares for anti-democratic purposes.

When Citizen Lab published its findings in the October 2012 report “Backdoors are Forever: Hacking Team and the Targeting of Dissent?” the group also documented traces of the company’s spyware in a document sent to Ahmed Mansoor, a pro-democracy activist in the United Arab Emirates. Privacy advocates and human rights organizations were alarmed. “By fueling and legitimizing this global trade, we are creating a Pandora’s box,” Christopher Soghoian, the principal technologist with the American Civil Liberties Union’s Speech, Privacy, and Technology Project, told Bloomberg.

The Hacking Team, however, showed no signs of standing down. “Frankly, the evidence that the Citizen Lab report presents in this case doesn’t suggest anything inappropriately done by us,” company spokesman Eric Rabe told the Canadian Globe and Mail.

As media and activists speculated about which countries the Italian firm served, the founder and CEO of the Hacking Team, David Vincenzetti, from his sleek, white office inside an unsuspecting residential building in Milan, took the bad press in stride. He joked with his colleagues in a private email that he was responsible for the “evilest technology” in the world.

A tall, lean 48-year-old Italian with a taste for expensive steak and designer suits, Vincenzetti has transformed himself over the past decade from an under-ground hacker working out of a windowless basement into a mogul worth millions. He is nothing if not militant about what he defines as justice: Julian Assange, the embattled founder of WikiLeaks, is “a criminal who by all means should be arrested, expatriated to the United States, and judged there”; whistleblower Chelsea Manning is “another lunatic”; Edward Snowden “should go to jail, absolutely.”

“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”

Vincenzetti’s position has come at a high cost. Disturbing incidents have been left in his wake: a spy’s suicide, dissidents’ arrests, and countless human rights abuses. “If I had known how crazy and dangerous he is,” Guido Landi, a former employee, says, “I would never have joined the Hacking Team.”
Foreign Policy: http://atfp.co/1NzYJLV

 

« South Korea Is No.1 Top Source Of DDoS Attacks
US Army's $12bn Mobile Internet Is Vulnerable »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Secure Identity Alliance (SIA)

Secure Identity Alliance (SIA)

The Secure Identity Alliance is dedicated to supporting sustainable worldwide economic growth and prosperity through the development of trusted digital identities and the adoption of secure eServices.

Qualitèsoft Technology

Qualitèsoft Technology

Qualitèsoft Technology is a leading Software Development and Quality Assurance organization. We specialize in Custom Development, Mobile Application, Software Testing and Quality Assurance.

Qubitekk

Qubitekk

Qubitekk has developed quantum cryptography solutions for the machine-to-machine (M2M) communications market.

CLDigital

CLDigital

CLDigital's no-code risk and resilience platform, CL360, provides leaders with risk and resilience data to make strategic and tactical continuity decisions.

ANSI National Accreditation Board (ANAB)

ANSI National Accreditation Board (ANAB)

ANAB is the largest accreditation body in North America. The directory of members provides details of organisations offering certification services for cybersecurity related standards.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute - Northern Michigan University

Upper Peninsula Cybersecurity Institute at Northern Michigan University offers non-degree and industry credentials relevant to emerging careers in cybersecurity.

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS)

Ukrainian Special Systems (USS) is a state-owned commercial enterprise providing confidential communication, trust services and services in the field of information protection.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

Transmit Security

Transmit Security

The Transmit Security Platform provides a solution for managing identity across applications while maintaining security and usability.

SEMNet

SEMNet

SEMNet is an IT solutions provider and an infrastructure and security consulting firm.

Logit.io

Logit.io

Logit.io is a log analysis & management platform that provides a scalable solution for hosting the open-source tools Elasticsearch, Logstash, and Kibana.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Panoplia Digital Protection

Panoplia Digital Protection

Panoplia Digital Protection is a cutting-edge cybersecurity company that leverages the power of AI and ML to help businesses and consumers protect themselves against cyber threats.