A sprawling network of resellers helped Hacking Team get its spy tech into the hands of a long list of government clients.
Image: Hacking Team
The massive breach that leaked internal documents belonging to Hacking Team, the Italian spyware vendor famous for its computer hacking toolkit Remote Control System (RCS), has already confirmed that the company sold its surveillance tech to some of the most brutal regimes around the world, along with some closer to home.
But they didn't do it alone.
Emails and documents from the 400 gigabyte mega-leak reveal a sprawling network of resellers—some of them based in the United States—that helped Hacking Team get its spy tech into the hands of a long list of government clients.
Those clients include notoriously repressive governments such as Sudan, Ethiopia, Uzbekistan, Kazakhstan, the United Arab Emirates, and many more.
Nevertheless, many international defense and cybersecurity firms were eager to get a piece of the profits from Hacking Team's Remote Control System, or RCS, which allows governments to infect devices of criminal suspects, dissidents, journalists, and activists, capturing emails, recording keystrokes, snooping on Skype calls, and even bugging their microphones and webcams.
Emails and documents from the 400 gigabyte mega-leak reveal a sprawling network of resellers.
Not all of these corporate partners are obscure; a few of them are even based in the United States. AECOM, a Los Angeles-based multinational with $19 billion in revenue that has built surveillance systems for the Super Bowl, is described in an email as an "occasional" partner and sells Hacking Team's spyware to Saudi Arabia along with two other firms, Technology Control Co. and YES Solutions.
Cyberpoint International, another American firm headquartered in Baltimore, also became a Hacking Team "partner," selling its software to the United Arab Emirates. The UAE government has used the spyware to target pro-democracy activists, and at least one has been beaten bloody as a result.
And yet, Cyberpoint is considered a cybersecurity darling in Washington: As The Intercept points out, the company was granted a special export license by the US State Department to develop defensive cybersecurity. Its chief strategy officer, Paul Kurtz, is also the chairman of a cybersecurity center at New York University's campus in Abu Dhabi.
Companies like Hacking Team have strong incentives to sell their product through resellers, explains Edin Omanovic, a research officer at the UK nonprofit Privacy International who has studied these networks of surveillance vendors. "By using assorted brokers, distributors, and re-sellers to peddle their gear, surveillance companies are using the favourite practices of arms dealers across the world," he told Motherboard in an email. "Not only does this maximise their profits, it makes it a lot more difficult to enforce any safeguards and a lot easier to obscure their practices."
Probably one of Hacking Team's biggest partners is NICE Systems, an Israeli surveillance company run by a former Israeli intelligence officer. Halfway through its first year as a reseller, NICE pulled in 426,800 Euros (about $470,000) from Hacking Team's spyware, according to a list of "offensive" clients from that time. In 2014, a leaked sales sheet reveals, the company was vigorously promoting RCS, closing deals in Thailand, Azerbaijan, and Honduras while actively negotiating new business with the governments of Uzbekistan, Bahrain, Kuwait, Guatemala, India, Kyrgystan, Turkmenistan, Georgia, Brazil, Finland, Israel and more.
Many of those deals came to fruition. An up-to-date client list found among the leaked documents shows dozens of countries are paying RCS customers, and many still have active subscriptions. A client overview spreadsheet dated June 3rd of this year lists NICE as the channel for RCS sales to Uzbekistan's National Security Service, Ethiopia's Information Network Security Agency, and the Bayelsa State Government in Nigeria. The same document shows Kazakhstan as an "Opportunity" being pursued by Elbit, another major Israeli defense contractor with a subsidiary in the United States, which is listed as a Hacking Team partner.
In February 2010, RESI got authorization to sell Hacking Team's demo to the Tunisian government
Another major reseller, Robotec Corporation, handles much of Hacking Team's sales in Latin America. The company has offices in Miami, and has been a key partner in selling Remote Control System to Columbia, Ecuador, Costa Rica and Panama, where Hacking Team's equipment mysteriously went missing at the end of 2014.
An Italian firm called RESI Informatica seems to be one of the earliest to resell RCS. In February 2010, RESI got authorization to sell a demo of the software to ATI, a Tunisian government agency which controls the country's biggest Internet Service Provider.
According to internal documents, the agency's status is now "expired." But the Tunisian government's access continued through the country's Jasmine Revolution, which suffered well-documented human rights abuses before eventually ousting long-standing dictator Abidine Zine Ben Ali in January 2011.
Right now the spotlight is still on Hacking Team as the company attempts to do damage control in response to the massive hack. But as more details from their giant cache of data comes flooding into the light, the breach's impact may begin to ripple outward to the company's clients and business partners.
This story has been updated to add comments from Privacy International's Edin Omanovic.