WikiLeaks opened yet another can of worms, this time at Hacking Team’s expense. While 1 million email addresses may seem harmless to leak into society, it’s who contacted Hacking Team for surveillance software and miscellaneous services that has Wikileaks standing tall – again.
The Italy-based spyware firm, known for nefariously swiping communications data from mobile and desktop owners thought to be engaging in human rights abuse, contends they never directly sold surveillance software or spyware services to governments. Wikileaks obtained 415GB of data from Hacking Team, which outlines emails and – more surprisingly – price lists for their mobile applications. One price list was prepared for general audiences, the other specifically for the NY Count District Attorney. One such program, the highly coveted Galileo tool, is being offered in Google Play and Apple Store for $175,000; a similar suite was offered to the attorney’s office for $60,000.
Economic Times outlines several emails of note from Mumbai to points through India, yet it’s Russian involvement that’s piquing interest of many as they’re actions could break European Union rules. Galileo Remote Control System (RCS) was sold to Russian military research facility KVANT, according to Wikileaks, with other nations such as Azerbaijan, Ethiopia, Egypt – nations with documented histories of human rights violations – showing interest in Galileo. Hacking Team denies selling to or engaging in conversation with blacklisted countries.
One component of Galileo RCS includes a variety of “infection vectors,” one of the major ones based on Trojan email attachments. You may receive an e-mail inviting you to click on a PDF attachment to view an “organizational announcement,” which would include legitimate signatures. Once the PDF has been opened in Adobe Acrobat, you’ve been infected without knowing. Using Trojan email infections isn’t the most sophisticated technique to accomplish the infection task, yet it still has a reasonable success rate for some operations, according to one Wikileaks email correspondence between two Hacking Team employees.
Florida’s Metropolitan Bureau of Investigations met with Hacking Team employee Daniele Milan in Orlando to discuss surveillance products, too. According to Wikileaks invoice data, services from Hacking Team can amass $400,000, although many invoices fell between $50,000 and $200,000. Florida law enforcement fell under ACLU scrutiny in February by using StingRay, a cell tower “spoof” which sends user location data for tracking purposes to law enforcement. The use of StingRay doesn’t require probable cause to activate.
Wikileaks managed to create a searchable database of these emails on their website, with information ranging from Hacking Team’s digital mercenary work with Sudan and Bangladesh to the FBI’s $800,000 in unnecessary surveillance software updates. Cyber technologies are increasingly important for either defense and offense, the latter being essential for fighting, yet it’s the companies and countries inquiring that could pose serious threats to our technological infrastructure.
As we sift through more emails, tell us what you’ve found by searching here then commenting below.
[Photo by Carsten Koall / Getty Images News]