Earlier this month Italian cyber security company Hacking Team suffered a massive 400GB data breach, and on Friday whistle blower website Wikileaks released virtually all of the company’s internal emails.
Hacking Team makes its money building malware that allows governments to break into their citizens’ communications undetected, and it seems that it has had many dealings with South Africa.
In an email dated 24th July 2014, the unit commander of Durban’s Organised Crime Unit, Colonel AK Hoosen, asked Hacking Team CEO David Vincenzetti where Google’s email provider Gmail is located.
“Where is gmail (sic) located and how do i subpoena them to provide information for evidence purpose?,” the one line in the mail reads.
Vincenzetti forwarded the mail on to a sales staff member with a little note: “Please find a help request from a military guy in South Africa. Yes, such a request indicates that this guy is close to clueless.”
Vincenzetti also apparently saw some financial gain in Hoosen’s stated ‘cluelessness’, saying, “HOWEVER, we could exploit his request in order to establish a commercial contact.”
The sales representative, identified as Massimiliano Luppi, replied to Hoosen’s request and explained that Hoosen can’t force Google to provide information on a user.
“What you can do, in order to bypass this bottleneck, is to infect the device of your suspect/target. This is exactly the purpose of our solution Remote Control System,” Luppi explained.
By Luppi’s own description, it is designed to “attack, infect and monitor target PCs and Smartphones, in a stealth way. It allows you to covertly collect data from the most common desktop operating systems, both laptops and mobiles.”
He further explained that once a target is infected, you can access information such as Skype calls, Facebook, Twitter, gain access to the microphone and file, and see the device’s location.
It is unclear from the email trail if Hoosen eventually bought Hacking Team’s Remote Control System.
Of the more than 1 million emails, there is a good number of them that also implicate the South Africa Revenue Service (Sars). Jan Vermeulen, of MyBroadband, turned up an enlightening conversation between Sars and Hacking Team last week.
In once such mail, Helgard Lombard, the manager for the Technical Physical Security and Anti Corruption at Sars’ Pretoria branch asked the same sales representative about smartphone infection.
Lombard wanted Luppi to go into as much detail as possible.
“I will appreciate it if you could send me information regarding the smartphone infections. The information must be as comprehensive as possible, e.g. is it necessary to “Root” Android smartphones, can the infection be concealed in a MMS, etc. I would also want to know what the minimum quantity licenses would be that we have to acquire and what the annual maintenance fee word be for updates, etc,” the email request reads.
While Lombard didn’t get the information he wanted, Hacking Team still offered to demonstrate the technology in South Africa – after Lombard signed a Non-Disclosure Agreement.
Hacking Team has come under fire many times in the past, having been accused of supplying spying and infection software to governments with less than stellar reputations. The company has been accused of supplying such tools to censured countries like Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia, the UAE and Ethiopia – which it has denied.
If you are still not totally convinced that completely anybody can be a target for hackers (especially if Sars has your details), you can browse through the Wikileak emails at your own leisure.
[Image – CC by 2.0/Kit]