| Jaromil on Thu, 5 Nov 2015 15:03:42 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: <nettime> Fwd: Hacked Team [getting off-topic...] |
back on the HT case 4 months later
On Mon, 27 Jul 2015, Radovan Misovic wrote:
> I found an interesting article related to this topic.
> Hacking Team: a zero-day market case study
[...]
A new article finally tells more of the story behind the scenes and shows
better the connection between "market" dynamics and the ethics of those involved
http://motherboard.vice.com/read/the-hacking-team-defectors
I simply second the definition of a fascist (with plenty of italian effing
acquaintances) ruling the company. When looking at the rest of the booming tech
security industry, I believe what really went wrong in HT is going wrong in any
other company with dreams of grandeur and obsession of scaling up operations in
the military industrial complex. Software embargos can't help at all here,
since software is probably the easiest thing to smuggle, ever.
Now, good luck with startups and zilicon falleys
The Hacking Team Defectors
Written by Lorenzo Franceschi-Bicchierai
November 2, 2015 // 09:00 AM EST
Copy This URL
I am sitting in a nondescript all-white office room in Sliema, a touristy,
commercial town that faces Malta's capital of Valletta. I'm staring at my
computer, typing commands into the terminal, and I have no idea what I'm
doing.
Sitting across the room there's a hacker who looks nothing like the image
of a hacker that popular culture has ingrained in our minds. He has a
buzz-cut, he's clean-shaven, has an earnest smile, and is wearing a dark
blue polo shirt and cargo shorts. He looks more like a tourist than
someone who used to develop spyware for the infamous Italian surveillance
tech company Hacking Team.
He is sending me a bunch of commands written in the Python programming
language, trying to exploit a flaw in my MacBook's operating system, so
that I can get administrative privileges on my work computer.
"Let me write another backdoor," he says.
After a few failed attempts, and a couple more Python scripts, it finally
works.
"Fuck yeah, you're root," he says, using the technical term for a user who
has full privileges on a computer. "We just exploited your computer!" he
adds, laughing.
I laugh too, and then I realize that, technically, a guy that used to work
at Hacking Team, the surveillance technology vendor that sold its products
to almost 40 law enforcement and intelligence agencies from across the
world, according to data dumped online this summer, just hacked my
computer.
***
His name is Alberto Pelliccione. Until last year, he was the man
responsible for developing Hacking Team's Android spyware, and one of the
employees who had worked on the company's marquee product, the
surveillance suite known as Remote Control System or RCS, since its early
days.
In February of last year, Pelliccione resigned. Since then, the company's
top brass, particularly the CEO David Vincenzetti, has gone after him for
leaving, and later sued him for allegedly using Hacking Team's code to
create an antidote to the company's spyware, a defensive system called
ReaQta.
Now, after a mysterious hacker only known as PhineasFisher breached the
company in July, exposing its most guarded secrets, such as internal
emails, list of clients, and even the spyware's source code, Pelliccione
was fingered by Vincenzetti as a potential suspect.
But he's not the only one who's faced the wrath of his old company.
A small group of high-level former employees, who all left after
Pelliccione, are also suspected of being behind the hack, and have been
called "infidels" and "traitors" by the Italian press. Their departure, as
well as what happened to them after they left, shows that even internally,
some were not happy about the direction the company took in the last few
years; there have been multiple reports that Hacking Team's products were
being abused by some of its customers, such as Morocco, the United Arab
Emirates, Ethiopia, or Saudi Arabia.
"Hacking Team shouldn't be a fucking religion that if you wanna leave you're
an infidel or a traitor."
The group of former employees was accused of having played part in the
hack after months of separate lawsuits against five of them. Two of them
even received visits from the Italian intelligence -- all ploys that seem to
be a way to intimidate and punish them for having left the company.
A Hacking Team former employee asked not to be named because Vincenzetti,
"with his ongoing lawsuits, is at least a little bit effective in his
terrorist tactics aimed at forcing people not to talk."
Guido Landi, who worked as a developer at Hacking Team focusing on
Windows, is one of the former employees that the company is going after.
For him, Hacking Team is a "madhouse," led by a "fascist" who won't
forgive anyone who dares to leave.
Another former employee said that ever since Pelliccione left, the ones
that followed him were immediately "categorized as enemies, criminals,
people of dubious reputation."
This past summer, before the breach, another developer announced that he
wanted to resign. Immediately, according to internal emails, Vincenzetti
worried that he might leave for a competitor and wrote in an email to
other executives that he was considering "legal actions."
Intimidating people wanting to leave was "routine procedure," according to
a former employee. Landi confirms, saying that he heard of various cases.
"As soon as you resigned, you became the enemy," he says.
"Hacking Team shouldn't be a fucking religion that if you wanna leave
you're an infidel or a traitor, Pelliccione tells me. "It's just a company
and if you're sick of it, you should have the right to leave."
***
Hacking Team's former Android developer Alberto Pelliccione. Photo:
Lorenzo Franceschi-Bicchierai/Motherboard
At the end of 2007, Pelliccione was researching robotics and artificial
intelligence at the National Research Council in Rome. That's when he got
a call from an old friend who was working at Hacking Team. At the time,
the company was a small firm focused mostly on consulting and helping
companies, such as big banks, to protect themselves. The year prior, the
company had just started working on its offensive hacking solution, which
would later be known as DaVinci, the first version of RCS. When he joined,
Pelliccione says there were less than four people working on the project.
"We were doing stuff the world had never seen," Pelliccione tells me.
Slowly, RCS became the company's main, and eventually only business, and
Pelliccione became the lead developer of the mobile team, first focusing
on Windows mobile, and then Android.
Initially, the company only sold to the Italian government, but thanks to
aggressive marketing, and a rising global demand for tools to break into
criminals' computers and cellphones, Hacking Team quickly went global,
selling all over the world. Despite the booming business, the company was
able to keep a low profile until late 2012.
On October 10, 2012, researchers at the Citizen Lab, a digital watchdog at
the University of Toronto's Munk School of Global Affairs, revealed that
the Moroccan government had used a sophisticated spy software to target
the local citizen journalist group Mamfakinch. The researchers found that
the malware used against the journalists was called "DaVinci," and traced
it back to Hacking Team.
It was the first time the company's products had been linked to human
rights abuses. Hacking Team's top brass called for an emergency meeting,
as the Citizen Lab report had also exposed the company's tools, which
relied on being invisible to antivirus software to be effective. The
management asked the developers to go back to the drawing board, and make
DaVinci stealth again.
Publicly, Hacking Team brushed off the report, saying its policy was not
to discuss its customers, and that the company's goal was to provide tools
to investigate crimes. Internally, the top brass told its employees that
there was no way for them to know how the customers used the tools, and
that there was no way for them to know whether the targets in Morocco were
really activists or criminals.
"You shouldn't sell to Sudan. Period. Same goes for Ethiopia. And even in
other less evil countries, there were abuses."
But the developers, as well as other employees, were taken aback,
according to Pelliccione. They started asking questions, and debating
whether the tools they were creating were being used to fight crime and
terrorism, or quash dissent.
"That debate lit up internally on that day, and never subsided,"
Pelliccione tells me.
The executives also decided to compartmentalize and separate the sales and
field application engineers teams, who had the most visibility into the
customers, from the developers -- "a separation aimed at avoiding internal
discontent," Pelliccione says.
The compartmentalization became even physical. The developers were working
on the ground floor of Via Moscova 13, Hacking Team's headquarters in
Milan, while the management was placed on the first floor, and the sales
and field application engineers, who travelled around the world demoing
the products, worked on the fifth floor.
At that point the employees had a harder time knowing what was going on,
and how some of the tools were being used, or whom the company was selling
to. But Citizen Lab researchers kept revealing more cases of abuse, and
Pelliccione says there probably are many more that nobody will ever know
about.
Landi, who says he had little visibility into the customers, admits that
he could have asked friends at the higher floors, but he decided not to,
preferring not to know. Looking back, however, he says Hacking Team sold
to countries it shouldn't have sold to.
"You shouldn't sell to Sudan. Period. Same goes for Ethiopia," Landi says.
"And even in other less evil countries, there were abuses."
IFrame
For his six years at Hacking Team, despite being the lead of the Android
development team, Pelliccione says that he was never hired full time, and
never felt really valued by the company. For that reason, and because of
the internal debate over the legitimacy of Hacking Team's tools, he
decided to leave.
"Nobody likes to know that what you make is used for evil," he says. "No
matter how much you regulate these tools, you'll never effectively know
how they could be used. You can hope they will be used for good, but you
never know who really ends up using them."
Hacking Team declined to comment for this story, but the company has long
maintained that it doesn't sell to countries where there are "credible
concerns" that its products "will be used to facilitate human rights
violations." Yet, after Citizen Lab reported a first suspected case of
abuse by the Ethiopian government, the company didn't stop selling to the
country, which was later caught again targeting the same journalists using
Hacking Team's spyware.
The company even used to have an external review board that was supposed
to make sure the Hacking Team didn't sell to repressive regimes. Despite
this panel, which turned out to be formed by lawyers at the international
firm Bird & Bird, the company sold to Sudan, when the UN had put the
country on an embargo blacklist.
Exhibit A: Italy
John Adams July 6, 2015
The company has also always claimed that it had no visibility into how the
customers were using its products. But in reality, whenever a client
wanted to infect a target with a booby-trapped document, it would send the
document to Hacking Team's technicians, who were tasked with weaponizing
it. While this didn't necessarily mean that the company knew whom the
documents would be sent to, they could have an idea, depending on the
content of the document.
In 2013, Reporters Without Borders named Hacking Team one of the "Enemies
of the Internet" for selling tools to repressive regimes. A year later, on
February 12, 2014, Citizen Lab revealed that the Ethiopian government had
used Hacking Team's spyware to hack into the computers of several
journalists in the diaspora, in what activists saw as yet another clear
attack on freedom of speech.
For Pelliccione, that was the final straw. Two days later, he told his
bosses that he wanted to resign. On Feb. 21, the company announced in an
internal email that he was leaving to launch his own security company in
Malta.
"I wish Alberto all the best," Hacking Team's Chief Operation Officer,
Giancarlo Russo, wrote in the email, in which he described Pelliccione's
decision as "bold and courageous."
But Vincenzetti, the CEO, didn't take it that well.
"Alberto was one of the top guys," Vincenzetti wrote in an email sent only
to other executives. "This has NEVER happened."
"No matter how much you regulate these tools, you'll never effectively know
how they could be used."
The CEO immediately doubted Pelliccione's real motives, wondering if he'd
take other people with him to create a "spin-off" company or a
"competitor." In the following weeks, another employee, a field
applications engineer, left the company too. In an email discussing her
departure, Vincenzetti talked about "serious cracks" in the company, and
the risk of more "defections" that could end up "destroying" the company.
In May, Vincenzetti shared more bad news, another "serious loss," this
time it was Landi, another key developer.
"Guido [Landi] is the right arm of [Chief Technology Officer] Marco
Valleri," Vincenzetti writes. "Without him, we can't guarantee the
invisibility of our product."
Vincenzetti added that he had involved Hacking Team's "highest contacts"
with the Italian government to figure out where Landi was going. He was
likely referring to two agents at the Italian secret service, the
country's intelligence arm: Coronel Riccardo Russi, and General Antonello
Vitale.
When another key employee named Mostapha Maanna resigned a few days later,
Vincenzetti started to see a "conspiracy," as Pelliccione puts it, and was
worried the former employees wanted to compete with Hacking Team.
In the following months, Vincenzetti launched a full on probe into their
activities, according to leaked emails and documents. Russi played a
fundamental role in it, personally meeting with Landi and Maanna, and even
paying them a "visit," as he himself put it in an email, sent from his
personal account in August of 2014.
Meanwhile, Pelliccione founded ReaQta and set up shop in Malta to create a
new system that uses artificial intelligence to detect cyberattacks.
Worried about Pelliccione, Hacking Team hired private investigators from
the US firm Kroll to figure out what he was up to, according to a leaked
internal report.
In the following months, Kroll posed as a potential buyer to learn more
about ReaQta. The investigators met with Pelliccione, as well as with one
of his collaborators, Alberto Velasco. At the time, Velasco was also an
Hacking Team freelance contractor who represented the company in the
United States. It was Velasco's American-based company, Cicom USA, that
acted as middle man when the Drug Enforcement Administration bought
Hacking Team's software in 2012.
In a meeting in Annapolis, Maryland, on January 16, 2015, Kroll
investigators asked Velasco and Pelliccione, who was connected via Skype,
whether ReaQta could block Hacking Team's malware. The two, according to
the firm's report, "laughed nervously." Pelliccione then said that indeed,
ReaQta could neutralize Hacking Team's tools.
For Hacking Team's brass, that was an admission of guilt. Four months
later, on May 5, Vincenzetti filed a lawsuit in Italy against Pelliccione,
Velasco, Landi, Maanna, and Serge Woon, another former employee who went
to work with ReaQta, for conspiring to create an "antidote" against
Hacking Team, using stolen code.
"These accusations are just an act of retaliation."
In the lawsuit Vincenzetti wrote that ReaQta's ability to block Hacking
Team's RCS can only be due to the "subtraction of RCS source code from
Hacking Team's systems." Vincenzetti accused Maanna and Landi of leaving
Hacking Team with the purpose of helping Pelliccione commercialize ReaQta.
The company also sued Velasco in the United States, as well as Woon in
Singapore.
The former employees deny all the accusations. Pelliccione tells me that
the lawsuit is nonsense, given that ReaQta is a defensive product, while
Hacking Team is an offensive tool. And it wouldn't make sense for him to
market ReaQta as an antidote given that Hacking Team is used by a small
number of customers for targeted surveillance. In other words, it wouldn't
make business sense, he says.
Hacking Team spokesperson Eric Rabe declined to comment on the lawsuits,
saying these are "internal matters."
Since going to court, the company has kept the pressure on the former
employees. Last summer, before getting hacked, it hired private
investigators to tail Maanna, according to leaked emails and reports from
the detectives. In an email, a Hacking Team lawyer told the detectives
that company was looking for "evidence" of Maanna's "participation in an
Islamic group." The detectives' report, however, is nothing but mundane,
as they didn't find any evidence of affiliation with any groups, but just
witnessed Maanna go play tennis and to the grocery store.
A picture of Mostapha Maanna, another former employee of Hacking Team,
taken by detectives hired by the company to tail him.
A few weeks after the devastating hack, in which PhineasPhiser siphoned
off 400 gigabytes of internal data, Italian prosecutors started
investigating the former employees. (Pelliccione and Landi declined to
comment about the investigation).
Alessandro Gobbis, the lead prosecutor, confirmed to me in a phone call in
August that the former employees were being investigated after someone
"outside" of the prosecution signalled them as potential suspects. Gobbis
declined to reveal the names of all the former employees who are under
investigation, as well as who fingered them as potential suspects.
Sources, however, told me it was Vincenzetti who implicated them. The
prosecutor also declined to reveal any other details of the investigation,
given that it was still ongoing.
"We're looking into all the possibilities," he told me over the phone.
Hacking Team's spokesperson Rabe said in an email that the company "has
not named or accused anyone of the attack since the perpetrators are
simply unknown," and that Hacking Team "can only speculate about who or
even why the company was targeted this attack."
In the weeks after the hack, Vincenzetti said that the attack was a
"vicious and reckless crime," perpetrated with the goal of destroying the
company. But Vincenzetti also promised not to back down, saying the
company will emerge with "new and better tools."
The group of former employees strongly deny their alleged involvement in
the attack.
"We had nothing to do with it," Pelliccione says. "I feel like these
accusations are just an act of retaliation."
***
Hacking Team's official twitter account on the day of PhineasFisher's
attack.
It's a scorching hot summer day in Malta. Pelliccione and I are sitting at
a table, eating a chicken shawarma. After six years developing tools to
hack into people's computers, Pelliccione has switched sides, and is now
using his skills and experience to keep the hackers out.
It's been more than a year since he left Hacking Team. During that time,
the hacker has been working with a small team of developers to create a
next generation defensive solution called ReaQta-Core. Pelliccione says
ReaQta-Core uses artificial intelligence and machine learning to protect
against malware, and lives at the CPU level, so it's able to provide
better protection than traditional antiviruses. The company hasn't
received venture capital yet, but it's now actively looking for investors.
During our lunch, Pelliccione looks into the void for a second.
"Do you remember when that security firm analyzed Hacking Team's Android
implant?" he asks.
He's referring to an analysis by Trend Micro, which called the company's
Android spyware "the most professionally developed and sophisticated
Android malware ever exposed."
I nod. He stares at me, and quotes the analysis, smiling.
"When I read that," he says, pretending to tip his nonexistent hat, "I
shook my own hand. I wrote that malware!"
# distributed via <nettime>: no commercial use without permission
# <nettime> is a moderated mailing list for net criticism,
# collaborative text filtering and cultural politics of the nets
# more info: http://mx.kein.org/mailman/listinfo/nettime-l
# archive: http://www.nettime.org contact: nettime@kein.org