Indian intelligence agencies seeking tech for mass phone tapping: WikiLeaks
Andhra Pradesh: Alleged move to get snooping technology creates a flutter.
Hyderabad: The revelation by the WikiLeaks website that the Andhra Pradesh government had tried to purchase spying technology to listen in to cellular phone conversations has sent ripples in political circles here.In contrast to many of the private companies performing outsourced aggressive surveillance work for the world’s spy agencies, Hacking Team doesn’t try to hide behind a generic corporate identity.
LONDON – Top Indian security agencies were secretly negotiating with Italian cyber-surveillance firm, Hacking Team, to procure software for intercepting communications through remote bugging of devices, reveals the purported internal Hacking Team e-mail exchanges released by WikiLeaks.The released data reveals that not only Indian intelligence agencies but several states’ police forces also were procuring powerful surveillance technology which can infect and target desktops, intercept mobile calls, steal files and even spy on emails.NEW DELHI: Several Indian government agencies and many state police forces had reportedly engaged, or are in talks to engage, the services of a controversial Italian hacking company that is notorious for making surveillance software and supplying them to oppressive regimes.The New Jersey State Police considered buying controversial spy software that can be used to remotely control smart phones and computers, even meeting in West Trenton with representatives of an Italian surveillance company now accused of selling the same technology to repressive governments around the world. “Hack into your targets with the most advanced infection vectors available,” the company touts.
Gamma International, Academi and QintetiQ could be companies doing anything, but Hacking Team – well, it doesn’t take a genius to guess what line of work they are in. The emails are part of the 440-gigabyte (GB) internal data stolen this week through a major cyber attack on the firm, a major portion of which has been made public. According to set of emails released by WikiLeaks on Italian surveillance malware-maker Hacking Team, Indian agencies seemed to have been an active client of the company for devices meant not just for targeted counter-terrorism operations but also for sweeping invasion of privacy. The brochure says the software “is invisible to the user, evades antivirus and firewalls, and doesn’t affect the devices’ performance or battery life.” The State Police scheduled a meeting with Hacking Team on Nov. 1, 2013. The revelation came at a time when the two Telugu states — Telangana and Andhra Pradesh — are locked in a raging controversy with AP charging Telangana with snooping and tapping the phones of its key political figures including the Chief Minister N Chandrababu Naidu.
The communication chain revealed details of the company’s dealings with the Research & Analysis Wing (RAW), Intelligence Bureau and various state intelligence units. The leaked emails include one related to CABSEC (Cabinet Secretariat or R&AW, India’s external espionage agency) which HT claimed was one of their clients. The emails also revealed that Italian company was constantly in touch with the AP government through Ortus Consulting and as latest as July 6 the company’s officials were to come to Hyderabad for a presentation and demo of their technology.
It doesn’t provide security at all, really; none of their software will help clients avoid cyberattacks, tighten up their internal networks, or patch flaws in their software. Hundreds of email communications between Hacking Team, its partner NICE — an Israeli company specializing in surveillance and data security — and Indian contacts show their active presence in India. Apparently the AP Intelligence Unit made the request for the snooping technology soon after an alleged audio tape of telephonic conversation between Naidu and a nominated Telangana MLA Elvis Stephenson came to light suggesting that somebody was listening and recording to the phone call.
An email from Adam of Nice Systems to Marco of HT, Italy on August 21, 2011 said: “CABSEC is an Intelligence organisation, directly under the Prime Minister’s office. The audio tape, certified as authentic by the forensic experts, has now become a crucial piece of evidence for the Telagnana authorities in the cash for vote scam involving Telugu Desam leaders.
Customers being addressed by SEMCO India in the e-mails include the Cabinet Secretariat and intelligence units in Delhi, Mumbai, Andhra Pradesh, Karnataka and Gujarat. According to sources, such a technology was very much available with the police force of unified Andhra Pradesh but following the bifurcation of the state it went to Telangana police intelligence unit leaving their AP counter part empty-handed. I will prepare and update about all opportunities and will forward to you ASAP.” The purported leaked email and attachments also made public the presentation that was given to R&AW about lawful hacking platform which offers Intelligence monitoring and remote-controlling of targeted computers and mobile devices. There, his profile says, his job required him to “design, build, and install custom covert electronic surveillance devices and enclosures.” The emails stop after that. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move … Remote Control System: the hacking suite for governmental interception.
The Hacking Team was mostly interested in pushing its flagship product Galileo, a platform-independent undetectable remote control system, which takes control of targeted devices and monitor them regardless of encryption and mobility. In an email sent in February 2014, the chief of Hacking Team’s office in Singapore refers to R&AW, NIA (National Investigation Agency), IB (Intelligence Bureau) and NTRO (National Technical Research Organisation) as “customers” , indicating the possibility of them already availing the company’ s services. At the same time, the HT and its associate companies were also selling snooping devices to agencies in Pakistan as email dated August 20, 2013 claimed that at least two other companies joined together to supply equipment to Pakistan’s ISI. “As Mostapha informed you, you will be your peer for the Pakistan activities.
The company demonstrated to Indian agencies ways to infect mobile phones with malware — the phone could be in the same room, or could even be infected by just knowing the number. It didn’t disclose its clients, the technology behind its software, or the sort of work it was contracted to do, citing the need for privacy and security. One of the major clients is Cabinet Secretariat (CABSEC), which was already a customer of Hacking Team’ s Israeli partner NICE, according to the emails. It occurred to me that I could perhaps propose using your solution, in addition to meet their needs”, Reddy wrote in the mail seeking a quotation of the cost. The company said in a statement it has lost control of who can use the product: “Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.
Reporters Without Borders (RSF) published an extensive report into “digital mercenaries” such as Hacking Team, who provide the technical expertise which underpins Snowden-era electronic surveillance. In it, the group named five “corporate enemies of the internet”: Hacking Team, Britain’s Gamma Group, Germany’s Trovicor, France’s Amesys, and America’s Blue Coat Systems. Communications also show that one Indian client wanted the Italian firm to change the ” terms of the solution” so as to hide offensive capabilities of the software. And if they didn’t directly sell to authoritarian regimes, they were almost as guilty, of letting dangerous tools fall into the hands of malicious actors.
If that happened, “their failure to keep track of the exports of their own software means they did not care if their technology was misused and did not care about the vulnerability of those who defend human rights,” the report said. Following the RSF report, it said that “Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the EU, the US, Nato and similar international organisations or any ‘repressive’ regime”. “We also go to some lengths to monitor reports of use of our software in ways that might be inappropriate or illegal. A report from CitizenLab, based at the University of Toronto, found that several journalists based in Washington DC, working for an Ethiopian diaspora news channel called ESAT, had been infected with what appeared to be Hacking Team’s RCS spyware. Despite Hacking Team’s assurance that “we will refuse to provide or we will stop supporting our technologies to governments or government agencies that … we believe have used HT technology to facilitate gross human rights abuses”, it appears that it continued to provide the software to Ethiopia, even after CitizenLab unveiled abuses over a year earlier. The company, which accepted that documents had been stolen in the attack, refused to comment on the validity of the dump as a whole, and a spokesman told the Guardian that “interpreting even valid documents without complete picture of why they were created or how they were used can easily lead to misunderstandings and even false conclusions”.
A year ago, the same hacker made a public dump of documents belonging to Gamma International, another of the five firms highlighted by RSF in its report. The tortured mess of regulations around the provision and export of spyware means it’s difficult to hold these companies to account, but slowly, public opinion seems to be turning against them.
Because the hack revealed more than just the internal documents of Hacking Team: it also laid bare the code for their intrusion software, and even revealed a critical vulnerability in Adobe Flash that the group had been using to inject malware in targets’ computers. Just days after the data leak, that vulnerability was adopted by virus writers who used it to deliver their own malware, taking advantage of the fact that Hacking Team had never told Adobe of the flaw it had discovered. And the company is now warning that its own software is being used: “Before the attack, Hacking Team could control who had access to the technology that was sold exclusively to governments and government agencies.
Share this article:
Other articles of the category "Android":
Feds require consumer warnings about older Java so...
BMW and Nissan roll out dual-plug EV chargers acro...
Oracle settles charges that it misled you on Java ...
Fallout 4 Addiction: Man Loses Job And Wife, Sues ...
Fallout 4 Addiction: Man Loses Job And Wife, Sues ...
Tesla Cars Will Get Free Spotify Premium&...
Microsoft pulls “Hey Cortana” feature ...
Microsoft disables Cortana for Android voice featu...