Hackers Target Controversial Italian Cyber Espionage Company
DAVID GREENE, HOST:
It turns out one way to learn what hackers are up to is to hack them. A company called Hacking Team was recently hacked, and the unidentified people who did it released 400 gigs of documents from the Italian-based tech firm. This data dump revealed that Hacking Team was helping authoritarian governments break into the computers of journalists, activists and everyday citizens. Here's NPR's Aarti Shahani.
AARTI SHAHANI, BYLINE: Hacking Team sells software that lets you break into someone else's computer or phone and listen in to calls, read encrypted emails, steal files. The company itself was hacked. And according to documents posted online Sunday night, a lot of nation-states are clients.
BILL MARCZAK: For example, Ethiopia, Morocco, UAE, Oman, Saudi Arabia.
SHAHANI: Bill Marczak is a research fellow at Citizen Lab, an institute that studies surveillance, based at the University of Toronto Munk School of Global Affairs. Hacking Team talks openly about how it sells its spyware. Marczak, who's been investigating the company since 2012, figured they'd make those sales quickly and then look the other way. So in case a pro-democracy activist got located and shot, they wouldn't have blood on their hands.
MARCZAK: They'd have more plausible deniability.
SHAHANI: But it appears these spies-for-hire were far more hands-on, providing tech support to regimes on an ongoing basis. So say I'm a target...
MARCZAK: If I receive a suspicious attachment or a suspicious link and I open or I click on that, then my computer might communicate with servers belonging to Hacking Team in order to infect me with the spyware, as opposed to just communicating with servers which are controlled by the government.
SHAHANI: This year and last, Citizen Lab published two reports about the Ethiopian government spying on journalists. But Hacking Team said it has an internal policy to investigate abuse and terminate customers when appropriate. The company did not respond to NPR's inquiry asking them to specify when they've taken such steps. And a leaked customer list indicates they're continuing business in Ethiopia.
MARCZAK: Further sales are being negotiated.
SHAHANI: According to leaked invoices, the Italian company billed Ethiopia 1 million birr, or just under 44,000 euros. Egypt got a bill for 58,000 euros, and Sudan got one for 480,000 euros, which was just half of the payment due. Hacking Team had claims to a United Nations panel, but they had no business relations with Sudan. Danny O'Brien, a lawyer with the Electronic Frontier Foundation, says the services are not cheap.
O'BRIEN: This really does indicate that pretty much every government in the world either has this capability to break into an individual's personal computer or mobile phone or is willing to pay a sizable amount of money to gain that capability.
SHAHANI: Only a handful of companies publicly talk about selling hacker tools to nation-states - Hacker Team, FinFisher and Vupen are among them. But given so much evidence about global demand, O'Brien expects that supply will continue to grow, too. Aarti Shahani, NPR News. Transcript provided by NPR, Copyright NPR.