Advertisement
Surveillance

Leaked emails show Irish Defence Forces held talks with controversial hacking company

Hacking Team sells viruses to repressive governments, but the Defence Forces say they never bought anything.

90361108 Photocall Ireland Photocall Ireland

MEMBERS OF THE Irish Defence Forces appear to have discussed “purchasing solutions” from Hacking Team, a controversial Italian company which sells spyware to law enforcement agencies and governments throughout the world.

An apparent hack of the company led, last Sunday, to massive quantities of internal emails, invoices and source code being uploaded to the internet and widely shared online, including client lists that feature some of the world’s most repressive regimes.

Among the 400 gigabytes of data were a number of emails which appear to show Irish Defence Forces staff engaged in conversations with a Hacking Team “account manager”, from the summer of 2012 until last month.

TheJournal.ie sent a detailed list of questions to the Defence Forces, for this article.

A spokesperson would not address most of these, but did state that the Defence Forces had never bought anything from Hacking Team.

For operational security reasons the Defence Forces cannot comment on specific elements of your query, however the Defence Forces confirms that no services were purchased from the company in question.

The company has come under fire in recent years, and this week in particular, after the leaking of a client list that includes repressive regimes such as Saudi Arabia, Bahrain, Russia, the UAE and Ethiopia.

It also appears to have been selling “spyware” to the government of Sudan, during a UN embargo, and while that regime was listed by the US as a “state sponsor of terrorism.”

htad Excerpt from a Hacking Team ad. Hacking Team Hacking Team

Hacking Team sells a number of products and services, including viruses which enable state agencies to hack into “target” devices.

This spyware allows governments, police and intelligence services to remotely take control of devices anywhere, monitor incoming and outgoing emails, browsing activity, Skype calls, and even remotely switch on webcams and microphones.

In a brochure for the Galileo “remote control system”, the Italian firm boasts that it can help clients:

Take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices.
Remote Control System is invisible to the user, evades antivirus and firewalls, and doesn’t affect the devices’ performance or battery life.

‘Purchasing a solution’

It is not known which Hacking Team products or services were discussed or considered by the Irish Defence Forces, but in June 2012 a staff member appears to have met an account manager in Prague.

On 29 June, the Defence Forces staff member emailed Hacking Team to request a follow-up meeting in October, noting “I will be accompanied by my boss.”

HTIDF1

Towards the end of 2013, another in-person meeting seems to have taken place, where “purchasing a solution” was discussed, and plans were made to begin that process by the spring of 2014.

The staff member who attended the 2012 meeting, and a Defence Forces Commandant, were both party to an email in April 2014, which includes a proposal from Hacking Team for a further meeting to take place in Dublin.

HTIDF2

Discussions continued through to the end of 2014, when the Defence Forces staff member who appears to have been leading talks with Hacking Team, proposed a meeting at this summer’s ISS World Europe conference, again in Prague.

It was suggested that the Italian account manager would be “brought up to speed” then, and meet “some new friends.”

Copied on this email was a third, lower-ranking Defence Forces staff member, involved with the Communications and Information Services Corps (CIS).

HTIDF3

In what appears to be the latest email, sent on 28 May 2015, the same Defence Forces staff member looks ahead to June’s ISS Conference, CCing the same CIS staff member, as well as Hacking Team’s sales division.

HTIDF4

The ISS World Europe conference is run by Virginia-based company TeleStrategies, and claims to be “the world’s largest gathering of European Law Enforcement, Intelligence and Homeland Security Analysts…”

ISS World Programs present the methodologies and tools for Law Enforcement, Public Safety and Government Intelligence Communities in the fight against drug trafficking, cyber money laundering, human trafficking, terrorism and other criminal activities…

This year’s event, held between 2 and 4 June, featured dozens of seminars and presentations, including three by Hacking Team on subjects like “offensive surveillance” and “intruding personal devices.”

TheJournal.ie asked the Defence Forces which products or services were the subject of their discussions, but “for operational security reasons,” did not receive clarification.

‘Enemies of the Internet’

clients_revised_copy_0 EFF EFF

The software sold by Hacking Team is legal in and of itself. However, the way governments and law enforcement use those products is largely governed by specific laws, which vary from country to country.

The company has faced intense ethical scrutiny, both from privacy advocates, and human rights groups, concerned with the appearance of sales to repressive and brutal regimes around the world.

In 2012, Reporters Without Borders listed Hacking Team as one of five corporate “Enemies of the Internet.

Despite consistent claims by the company that it did not sell products to countries “blacklisted” by the UN, NATO and EU, Sunday’s document leak included convincing evidence to the contrary.

As noted by the Electronic Frontier Foundation (EFF), a US-based digital civil liberties group, Hacking Team appears to have been selling its Remote Control System (described above) to governments in Egypt, Ethiopia, Saudi Arabia, Russia, and 31 other nations.

Despite a UN embargo on Sudan, Hacking Team appears to have been selling spyware to the regime, which was also listed by the US as a “state sponsor of terrorism” at the time.

The UN warned Hacking Team that the software involved was “ideally suited to support military electronic intelligence,” and that they would therefore like to investigate whether this constituted a breach of the embargo – an extremely serious crime under international law.

A lawyer for Hacking Team argued in an internal email that:

If one sells sandwiches to Sudan, he is not subject, as far as my knowledge goes, to the law. [Hacking Team] should be treated like a sandwich vendor.

However, under pressure from the UN and Italian authorities, Hacking Team eventually suspended sales to Sudan in November 2014.

TheJournal.ie requested comment from Hacking Team, but did not receive any response to a detailed list of questions. 

h/t @beyourownreason

Read: State surveillance – How Gardaí and others can secretly monitor you>

Read: The Government is thinking up new ways to stop you from being hacked>

Your Voice
Readers Comments
31
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.