Turning the Table on the Trackers: Wikileaks Sniffs out Spy Salesmen
Other examples include - Stephan Oelkers, a top executive at the Gamma Group, an Anglo-German rival, who made three trips to Uganda in early January this year, and again in late May, followed by a trip in mid July and Avner Turniansky, from the Israeli company Verint, who traveled to Nigeria in April.
All three individuals work for companies that boast about their ability to monitor suspects by following mobile phones, intercepting emails and analyzing social media, so it is perhaps more than a little embarrassing that their own staff have been tracked by activists, effectively turning the tables on them.
Julian Assange, the editor in chief of WikiLeaks, says that the information came from a special counter-intelligence unit that his organization created "to protect WikiLeaks' assets, staff and sources from hostile intelligence operations and to reveal the nature of intelligence threats against journalists and sources more broadly."
Wikileaks suspects that many buyers use these technologies to snoop on activists and dissidents. Certainly the technology that Gamma, Hacking Team and Verint offer for sale would allow such surveillance.
According to research conducted by the Kaspersky Lab, an anti-virus company, Hacking Team sells technology that can be used to create emails to target suspects by inviting them to click on a link or attachment that then installs a spy tool called Remote Control System (RCS) on the target's computer.
RCS (also known as DaVinci) can then copy the Web browsing history of its targets, turn on their computer microphone and webcam to eavesdrop on them, as well record their conversations on computer applications like Skype.
Middle Eastern Travels
Maanna, whose LinkedIn profile confirms that he works for Hacking Team in Milan, completed high school in Tyre, Lebanon, before moving to Turin, Italy, to do an undergraduate and graduate degree in telecommunications engineering. After finishing his degrees, he worked for two years at Nokia Siemens Network, where he sold mobile data technologies to companies like T-Mobile in the Czech republic and Germany and Orange in Spain and the UK, before he jumped ship to come to the Italian company in January 2011.
Marco Bettini, a sales manager for almost ten years at HackingTeam whose LinkedIn profile says he studied at the Istituto Radiotecnico Beltrami, is also identified as traveling to Morocco and UAE in February 2013.
Hacking Team has come under fire for the alleged use of its software in Morocco, Turkey and the UAE.
Mamfakinch, a Moroccan citizen journalist group that was created during the 2011 Arab Spring, believes that it was targeted with a "backdoor" attack by software that is identical to Hacking Team's RCS system, according to an analysis by Dr. Web, an anti-virus company. Slate Magazine described how the organization's computers were infected by spy software after members opening an email titled "Dénonciation" (denunciation) that contained a link to what appeared to be a Microsoft Word document labeled "scandale (2).doc" alongside a single line of text in French, which translates as: "Please do not mention my name or anything else, I don't want any problems."
Citizen Lab, a computer security research group in Canada, has alsoidentified emails sent to Ahmed Mansoor, a UAE human rights activist, that was also allegedly designed with Hacking Team software. Mansoor was a member of a group of activists who were imprisoned from April to November 2011 on charges of insulting an Emirati royal family. He told Bloomberg that he was identified and then beaten after he clicked on an email that contained a Microsoft attachment that infected him with the spy software.
Rabe said that his company also understands the potential for abuse of their products, so they review customers before a sale to determine whether or not there is "objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations."
The company also notes that their products have an auditing feature that cannot be turned off so that agencies can check how and when surveillance occurs. "Of course, HT cannot monitor the use of our software directly since clients must have the ability to conduct confidential investigations," Rabe adds. "Should we suspect that abuse has occurred, we investigate. If we find our contracts have been violated or other abuse has occurred, we have the option to suspend support for the software. Without support, the software is quickly rendered ineffective."
Rabe says that Hacking Team did investigate "the Morocco and UAE assertions" but he was not able to comment since the company "does not share the results of such investigations nor do we publish whatever actions we may subsequently take."
Profiting Off the Suffering of Individuals
Other travel schedules - such as those of Oelkers to Uganda - are hard to verify. The company did not respond to requests for comment by press time.
Human Rights Watch has this to say about Uganda: "After 26 years of President Yoweri Museveni's rule, ongoing threats to freedom of expression, assembly, and association continue to raise serious concerns. Security forces largely enjoy impunity for torture, extrajudicial killings, and the deaths of at least 49 people during protests in 2009 and 2011."
In the last year, however, Uganda has not cracked down on online organizing: "Unlike in the previous year, there were no reports the government attempted to restrict access to the Internet," says the latest the U.S. State department report on human rights report on the country. "Individuals and groups could generally engage in the expression of views via the Internet, including by e-mail."
Could this change if Uganda buys sophisticated tools from Gamma to allow it to track dissidents? That is what groups like Privacy International are concerned about.
"This is clearly not an ad-hoc process within a small industry, but a calculated and considered business deal in a global trade with profits made off the suffering of individuals," says Page. "As the Wikileaks release today has shown, the business procedure behind the sale of surveillance technology is as well laid out as any other international trade - including proposals and presentations, site and country visits, contracts, and costing packages."
Page said that the companies that develop and sell surveillance technology to such regimes should not be allowed to abdicate responsibility for freely selling this technology to just any government regardless of their human rights record.
© 2013 CorpWatch