Explainer: Hacking Team's Reach in the Americas
Explainer: Hacking Team's Reach in the Americas
The spyware company has some of its best clients in the Western Hemisphere, with Mexico doling out the most cash in the world.
On the night of July 5, someone somewhere hacked Hacking Team, the controversial Italian cyber-surveillance company selling clandestine services to governments around the world. Unidentified hackers released 400 gigabytes of the firm’s files and some 1,500 emails, revealing which countries have purchased software. Hacking Team’s most popular product was its Remote Control System (referred to alternately as Galileo or DaVinci), a surveillance system that uses malware to infect devices and monitor them through calls, emails, apps like Skype and WhatsApp, and even webcams.
At least 45 countries have used Hacking Team’s services, according to Privacy International, and seven are from the Americas: Chile, Colombia, Ecuador, Honduras, Mexico, Panama, and the United States. All have active contracts with the exception of Panama, and Mexico brings in more revenue for the spyware company than any other country in the world.
Hacking Team claims all contracts are legal under each country’s laws, though its clients include regimes considered oppressive, such as Saudi Arabia and Sudan.
Here’s background on the deals between countries in the Western Hemisphere and the cyber-spy company, in order of the largest contracts.
Mexico: $5.8 million
With deals spanning 14 federal and state contracts, Mexico is Hacking Team’s largest client in the world. Leaked documents indicate that negotiations date back to 2010, and the latest contract was scheduled to be finalized this month during Defense Secretary Salvador Cienfuegos’ trip to Milan on July 20. Though Mexican law only permits the Attorney General’s Office to exercise domestic espionage with a judge’s permission, the Secretariat of National Defense (known as SEDENA) was considering buying a version of the Galileo surveillance program that could monitor up to 600 devices. SEDENA used web development company Neolinx as a third party, a common tactic for governments to mask direct links with Hacking Team.
While it is unclear whether SEDENA’s contract went through, Mexico’s Center for Research and National Security (CISEN), a division of the Secretariat of the Interior, is currently an active client of Hacking Team and paid the firm $224,000 in April. Interior Secretary Miguel Ángel Osorio Chong said Hacking Team’s services were purchased during the administration of Felipe Calderón rather than during current President Enrique Peña Nieto’s term, which began in 2012.
A leaked Hacking Team client list also shows contracts with the Mexican Police, Army, and Navy, among others, though these have expired. Meanwhile, contracts with the state of Tamaulipas ends in July, and in November for those with Durango and Yucatán.
Chile: $2.3 million
Hacking Team’s second-largest Latin American client and fifth-largest overall is Chile, according to the leaked file. The Investigations Police of Chile (known as PDI) confirmed they made the purchase, though for $2.85 million, a higher amount than hacked documents show. PDI bought the Galileo program under the name “Phantom” in December 2014 to use through 2018, via third-party firm Mipoltec. According to a PDI press release, the purchase had judicial authorization and is meant to enhance the agency’s technology and capacities to investigate organized crime, international terrorism, and large-scale narcotrafficking.
En relación a las informaciones acerca del software Phantom, la Policía de Investigaciones de Chile informa: pic.twitter.com/XmIaIzPFj1
— PDI Chile (@PDI_CHILE) July 6, 2015
While the PDI does not state who gave the legal green light, documents were to be brought before the Attorney General, according to emails reviewed by the Center for Journalistic Research and Information (best known as CIPER). The nonprofit also notes that other government bodies saw demos of surveillance programs, such as Chile’s national police force, known as DIPOLCAR, and the prison research department, known as DIAP, though no contracts were finalized.
United States: $1.5 million
U.S. deals with Hacking Team have been operating domestically and in Colombia. Emails show that the FBI began using Hacking Team spyware in 2011 under the codename “Phoebe.” Meanwhile, the Drug Enforcement Administration (DEA) started operating a program, this one called “Katie,” in 2012 out of the U.S. embassy in Colombia because the surveillance program was deemed “too controversial” at home, according to a 2011 email. Another email sent on June 9, 2015, suggests that the DEA can monitor all of Colombia’s Internet traffic with access to every Internet service provider in the country. Third-party companies Cicom and Robotec negotiated the contracts on behalf of the FBI and DEA, respectively.
The U.S. Army has also purchased equipment from Hacking Team, though the program may have never been carried out due to a budget cut. Files also show that the CIA, along with local governments and agencies in Arizona, California, Florida, and New York, initiated conversations with the software company.
Furthermore, the United States is home to several third-party companies that negotiated the deals between Hacking Team and the governments of Saudi Arabia and the United Arab Emirates.
In 2011, the President’s Security Office issued the first payment for a three-year contract for Hacking Team surveillance software that was set to expire May 2014. With Robotec again as an intermediary, then-President Ricardo Martinelli asked that the program to target 40 profiles in particular. Technological issues with equipment kept Martinelli from extending the contract. Then, the equipment went missing that December on the eve of presidential elections. Emails show that Varela’s administration temporarily maintained relations via a new intermediary from Quadrian Enterprises, though it did not go past two emails.
The data dump lists Ecuador’s National Intelligence Secretariat (known as SENAIN) as a Hacking Team client since 2013. SENAIN’s version of Galileo targeted 10 individuals, with the capacity to monitor 500 devices and social network accounts. The price tag: $460,000 and an annual maintenance fee of $75,000 until the program expired in October 2016. Robotec served as the intermediary.
Several websites reporting on the leaked documents went down after publishing, such as GKillCity, Plan V, and the Mil Hojas Foundation. SENAIN responded to the leaked information with a press release stating that no contract with the spyware company exists whatsoever.
Aside from U.S. surveillance programs in Colombia, the country’s Police Intelligence Directorate (known as DIPOL) made its own purchase of Hacking Team spyware for $335,000 to be active from 2013 to 2016, with an additional annual maintenance fee of $35,000. The police force says it doesn’t have commercial ties with Hacking Team, but rather with Robotec Colombia, according to an official statement. The same press release says the purchase “was for the purpose of enhancing the capacity to detect terrorist threats and organized crime in cyberspace.” Although DIPOL and Hacking Team did not negotiate directly, 2013 emails show that each entity had a third-party representative negotiating on their behalf: Robotec for DIPOL and NICE for Hacking Team.
That said, Hacking Team’s links to Colombia go as far back as 2008, when representatives from the company met with the Administrative Department of Security (DAS), though DAS was dissolved in 2011. A more recent email from September 2014 mentions a demo the company gave for the Technical Investigation Team, which operates under Colombia’s Office of the Attorney General.
The Attorney General’s Office is the only government body that can order communications surveillance. As such, Prosecutor General Eduardo Montealegre denied the National Police’s attempt to use a program similar to Galileo called Puma in 2014. Hacking Team emails show the National Police were considering paying $608,000 for the system in 2014 and $750,000 in 2015.
Leaked emails show that the Honduran government was in conversation with Hacking Team dating back to at least 2012. On March 20, 2014, the head of the National Investigation Directorate (known as DNII) signed the software license agreement and made the first payment for the Galileo program. NICE systems, an Israeli company, facilitated the deal via business partner Ori Zoller, a small-arms dealer that made headlines in the early 2000s when a shipment of thousands of AK-47s ended up with paramilitaries in Colombia.