Leaked emails from an Italian-based hacking company reveal that government agencies engage in surveillance more invasive than previously thought, spending millions of dollars on spyware and malware software to accomplish their questionable goals. Tellingly, their use of the product places them squarely in the same category as other repressive regimes around the world.
After hackers ironically hacked Hacking Tools, a Milan-based company that sells strictly to governments, hundreds of gigabytes of emails and financial records were leaked. The emails show that the FBI, DEA, and U.S. Army all purchased software that enables them to view suspects’ photos, emails, listen to and record their conversations, and activate the cameras on their computers, among other things.
While this may seem like old news, the most controversial revelation was the government’s purchases of “Remote Control Systems.” The FBI, DEA, and U.S. Army, courtesy of Hacking Tools, possess the capability to take control of a suspect’s computer screen. The technology is so invasive that even the DEA, known for its violative surveillance policies, had reservations about purchasing it.
According to documents obtained by The Intercept, an internal request to purchase RCS was denied by DEA management in 2011 because it was “too controversial.” By 2012, however, the DEA had resolved its concerns, likely spending a similar amount to the $773,226.64 (plus thousands in maintenance fees) the FBI invested in its own set of software.
Hacking Tools was so committed to business with these American agencies that it concocted codenames to refer to them. As The Intercept summarizes,
Hacking Tools has been sharply criticized for its sale of RCS to oppressive regimes around the world. From Sudan to Bahrain, Hacking Tools seeks business opportunities with rulers that target political activists, journalists, and political opponents—putting the American government agencies that employ the same technology—and often have the same objectives— in questionable company.
Aside from RCS, one of the more contentious revelations is the company’s hard sell that it can bypass encryption, a capability the FBI has openly desired since phone companies made encryption a default setting last year. According to one company newsletter, Hacking Tools offers “technologies to ACCESS THE DATA…IN CLEARTEXT, BEFORE it gets encrypted by the device and sent to the network and AFTER it is received from the network and decrypted by the device itself. Actually THIS IS precisely WHAT WE DO.”
The FBI did seek warrants to use Hacking Tools technology in a handful of cases, but apparently uses a different platform for “critical” investigations. What the FBI really wanted from the Italian firm, according to leaked emails, was “more ability to go after users of Tor, the anonymizing web browser.” Such users accounted for 60% of the FBI’s use of Hacking Tools products.
Regardless of how the technology is used, the FBI has encountered skepticism from lawmakers. Sen. Chuck Grassley, R-Iowa, asked the director of the FBI for “more specific information about the FBI’s current use of spyware,” in order for the Senate Judiciary Committee to investigate “serious privacy concerns.”
In spite of these legitimate concerns, the technology is permeating other levels of government. Largely because of aggressive marketing by Hacking Tools, District Attorney offices around the country are eager to use the software. From San Bernadino to Manhattan, government lawyers have expressed strong interest in using the company’s products for investigations, suggesting a dangerous permeation of unconstitutional surveillance into an already decaying justice system.
Whether or not the government agencies who have purchased the software use it extensively or not is, at this point, irrelevant. That such bureaus and government officials have so much as the desire to use it — in some cases, in spite of a clear understanding of its controversial nature — is cause enough for concern.
Meanwhile, Hacking Tools has remained ambivalent. Company spokesperson Eric Rabe said, “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”
More telling of the company’s rationalization of perpetuating authoritarianism in the name of profit, however, is a quote from Giancarlo Russo, the company’s chief operating officer. In a 2013 email, he wrote,
If you buy a Ferrari… they can teach you how to drive. They cannot grant you will be the winner of the race…If Beretta sell [sic] you a gun, the most peculiar and sophisticated one, they can teach how to use it. They can not grant you are going to shoot your target properly on the field.