In an article by PC Magazine yesterday (‘Surveillance Tech Firm ‘Hacking Team’ Breached‘, 6 July), it reported that a surveillance tech firm known as Hacking Team, which has many high-profile government clients, was itself hacked over the weekend by some unknown hackers.
The Milan-based company essentially sells surveillance and intrusion tools to government and law enforcement agencies in the world.
The unknown hackers were able to extract 400GB of the company’s internal documents and posted them on Internet.
The documents had revealed the many government clients of the company, including Singapore.
NGO Reporters Without Borders has marked the company as an “Enemy of the Internet” [link] due to its shady business practices and surveillance tool called DaVinci, which can apparently break encryption on emails, files, and Internet telephony protocols. Critics also said that the company has been selling their wares to governments of questionable human rights records.
Revelations from the documents may prove the critics right. For example, they showed that the company has been doing business with Sudan, currently under a UN arms embargo. According to Human Rights Watch, Sudanese security forces have repeatedly and violently suppressed protestors demonstrating against the government, with more than 170 killed in 2013.
CSO, a company of international consulting group IDG (International Data Group), which provides news, analysis and research on a broad range of security and risk management topics said, “The link to Sudan is especially newsworthy as the company previously stated they’ve never done business with the nation. There is a UN arms embargo on the Sudan, which is covered by EU and UK law. If they were doing business with the Sudanese government, Hacking Team could be in hot water.”
Hacking Team maintains that it has not done anything illegal.
“Don’t believe everything you see,” Hacking Team said. “Most of what the attackers are claiming is simply not true… The attackers are spreading a lot of lies about our company that is simply not true.”
However, that clarification runs contrary to what is mentioned in the company's promotional video shown below, one of the tagline goes, "You have to hack your target while your target is browsing the web, exchanging documents, receiving SMS crossing the borders".
The Singapore Connection
Hacking Team has offices in 3 different countries – Italy, US and Singapore. Its HQ is in Milan, Italy and its US office in Annapolis, Maryland.
But surprisingly, it decided to choose Singapore to locate its third office, out of the many other countries in the world [link]:
UOB Plaza 1
80 Raffles Place Level 35-25
One of the leaked documents actually showed the maintenance agreement status of its various customers and one of the customers that it actively supports presently is Singapore’s Infocomm Development Authority (IDA). Its maintenance contract with IDA was recently renewed in Feb this year:
One reader who alerted TRE to the news said, “It is evident that IDA has been using hacking services and tools to spy on Singaporeans and collect information!”
He added, “We want an answer from IDA!”
News of Hacking Team found to be dealing with “evil” regimes in the world, is now making headline news worldwide:
- The Guardian – Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim
- CNN – This company sells spy tools to evil governments
- Globe and Mail – Surveillance software maker Hacking Team gets taste of its own medicine
- The Slate – A Company That Sells Surveillance Software to Authoritarian Regimes Got Hacked Itself
- WSJ – Hacking Team, the Surveillance Tech Firm, Gets Hacked
- Wire – Hacking Team breach shows global spying firm run amok
So, what do you think IDA is doing with the surveillance and intrusion tools bought from Hacking Team?
TOC has emailed IDA for a response on this matter and update the article when they reply.
This article was first published at TREmeritus