Fear This Man And His Hacking Empire
Hacking Team is among the few dozen private contractors feeding the world’s law enforcement & intelligence agencies with spyware.
The editor and co-founder of Mamfakinch, a pro-democracy website created in Morocco during the Arab Spring, Almiraat was one of his country’s most outspoken dissidents and someone accustomed to cryptic emails: Moroccan activists faced jail time for their views and risked their jobs, or even their lives, for speaking out against their government.
From Normandy’s capital city, where Almiraat was in medical school, the bespectacled 36-year-old spent his time, in between classes and hospital shifts, mentoring, coaching, and editing more than 40 citizen journalists. The group covered the roiling unrest back in Almiraat’s homeland, where he would soon return after completing his studies.
Almiraat and his colleagues also trained Mamfakinch’s writers to use encryption software, most notably the Onion Router, so that their online activities remained anonymous and shielded. Tor, as it’s widely known, masks a user’s identity and physical location. “People were relying on us to protect their…reputations, their careers, and probably also their freedoms,” Almiraat says. “All of that could be put in jeopardy if that were made public.” It was precisely this forethought that had earned Mamfakinch the Breaking Borders Award, sponsored by Google and the citizen-media group Global Voices, for its efforts “to defend and promote freedom of speech rights on the Internet.”
But on that July morning, just 11 days after receiving the award, Almiraat read the message from Imane and knew “something wasn’t right.” A website link directed him to a document labeled “Scandal,” which, once downloaded, was blank. His associates received the same note.
Suspicious, Almiraat promptly forwarded the email to an activist he knew, who then sent it to Morgan Marquis-Boire, a dreadlocked, tattooed 32-year-old digital activist who’d grown up hacking in New Zealand under the nickname “Mayhem.”
A top security researcher at Google, Marquis-Boire had made waves recently as a volunteer detective for Citizen Lab, a technology research and human rights group at the University of Toronto; he and several colleagues had found evidence that suggested Bahrain was using surveillance software, a product intended for government spying on suspected criminals, against supporters of political reform.
After a month-long analysis of the Scandal file, Marquis-Boire contacted Almiraat with disturbing news: Anyone who had opened the document had been infected with highly sophisticated spyware, which had been sent from an Internet protocol address in Morocco’s capital of Rabat. Further research confirmed that the Supreme Council of National Defense, which ran Morocco’s security agencies, was behind the attack.
Almiraat and his colleagues had essentially handed government spies the keys to their devices, rendering Tor, or any other encryption software, useless. Morocco’s spooks could read the Mamfakinch team’s emails, steal their passwords, log their keystrokes, turn on their webcams and microphones, and spies likely had been doing exactly those things and more since the intrusion in July.
That wasn’t all. Marquis-Boire and other experts found “a trail of bread crumbs from a surveillance company that, you’d think, would have left no bread crumbs, let alone a trail,” he recalls. Tucked in the source code of the Scandal document, a few small lines had been left behind in error. And they were the first fragments that ultimately led to the most powerful and notorious dealer in online Spycraft: the Hacking Team.
The Blackwater of surveillance, the Hacking Team is among the world’s few dozen private contractors feeding a clandestine, multibillion-dollar industry that arms the world’s law enforcement and intelligence agencies with spyware. Comprised of around 40 engineers and salespeople who peddle its goods to more than 40 nations, the Hacking Team epitomizes what Reporters Without Borders, the international anti-censorship group, dubs the “era of digital mercenaries.”
The Italian company’s tools, “the hacking suite for governmental interception,” its website claims, are marketed for fighting criminals and terrorists. But there, on Marquis-Boire’s computer screen, was chilling proof that the Hacking Team’s software was also being used against dissidents. It was just the latest example of what Marquis-Boire saw as a worrying trend: corrupt regimes using surveillance companies’ wares for anti-democratic purposes.
When Citizen Lab published its findings in the October 2012 report “Backdoors are Forever: Hacking Team and the Targeting of Dissent?” the group also documented traces of the company’s spyware in a document sent to Ahmed Mansoor, a pro-democracy activist in the United Arab Emirates. Privacy advocates and human rights organizations were alarmed. “By fueling and legitimizing this global trade, we are creating a Pandora’s box,” Christopher Soghoian, the principal technologist with the American Civil Liberties Union’s Speech, Privacy, and Technology Project, told Bloomberg.
The Hacking Team, however, showed no signs of standing down. “Frankly, the evidence that the Citizen Lab report presents in this case doesn’t suggest anything inappropriately done by us,” company spokesman Eric Rabe told the Canadian Globe and Mail.
As media and activists speculated about which countries the Italian firm served, the founder and CEO of the Hacking Team, David Vincenzetti, from his sleek, white office inside an unsuspecting residential building in Milan, took the bad press in stride. He joked with his colleagues in a private email that he was responsible for the “evilest technology” in the world.
A tall, lean 48-year-old Italian with a taste for expensive steak and designer suits, Vincenzetti has transformed himself over the past decade from an under-ground hacker working out of a windowless basement into a mogul worth millions. He is nothing if not militant about what he defines as justice: Julian Assange, the embattled founder of WikiLeaks, is “a criminal who by all means should be arrested, expatriated to the United States, and judged there”; whistleblower Chelsea Manning is “another lunatic”; Edward Snowden “should go to jail, absolutely.”
“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”
Vincenzetti’s position has come at a high cost. Disturbing incidents have been left in his wake: a spy’s suicide, dissidents’ arrests, and countless human rights abuses. “If I had known how crazy and dangerous he is,” Guido Landi, a former employee, says, “I would never have joined the Hacking Team.”
Foreign Policy: http://atfp.co/1NzYJLV