Emails reveal Security Service interest in hacking software

MSS hooked up with controversial Italian surveillance team for hacking suite for government agencies

The Remote Control System is designed to attack, infect and monitor target PCs and smartphones in stealth.
The Remote Control System is designed to attack, infect and monitor target PCs and smartphones in stealth.

Leaked emails have revealed that the Malta Security Service and a private security firm sought to acquire hacking technology from spyware peddler Hacking Team.

The Italian surveillance and intrusion software firm – considered by Reporters Without Borders as an “enemy of the internet” – was hacked and around 400GB of stolen internal company files.

The files were distributed online through the company’s own Twitter account which was hacked as well. The emails were also published on Wikileaks.

Among the emails were exchanges between Massimiliano Luppi – a key account manager at Hacking Team – and Duncan Barbaro Sant, director at Alberta. Internal Hacking Team correspondence also showed that, as recent as last month, a government official held a meeting with the firm in Prague expressing interest in a service offered.

International media reports do not list Malta as a Hacking Team client, suggesting that no deal was ever reached.

But an email dated June 5 between Hacking Team employees, sheds light on a meeting held with two individuals, understood to be Malta Security Service officials, at Prague.

The brief email recounts the dinner held and a request by the Maltese officials to the Hacking Team to carry out on-site and IT training in Malta. The two men, the email continues, spoke Italian fluently and expressed interest in the ‘DEMO’. It is also understood that Hacking Team had had earlier contact with the MSS through the Italian government.

The other set of emails pertaining to Malta date back to May 2013 when Alberta director Duncan Barbaro Sant approached the firm after visiting their stand at the Counter Terrorism Fair in London.

Barbaro Sant expressed interest in wanting “to market” Hacking Team’s ‘Remote Control System’, a hacking suite for governmental interception, to the Maltese government or the Malta Security Service.

MaltaToday is informed that Alberta representatives later held a meeting with MSS chief Michael Cassar, but no follow-up meeting took place as no interest by the MSS was registered.

“Meeting went well. I have been made aware that the Malta Secret Service are already in possession of a similar software but I told them that it is probably the software that was installed age ago. In view of this, a second meeting will be organised but this time with the MSS,” Barbaro Sant informed Luppi in an email date 14 May 2013 sent at 17:26.

He proceeded to ask Luppi to help him draft an introductory letter: “If you were to send an introductory letter to MI5 how would you draft it to attract their interest and attention? Maybe you can forward me a sample for me to forward to them and to the Prime Minister with whom I also have good relations. (for what it’s worth).

“If you are to come over to perform a demonstration I need to make sure the government is seriously interested. I would not want to waste your time, or mine for that matter.”

According to Luppi, the Remote Control System “is designed to attack, infect and monitor target PCs and smartphones in a stealth way [sic] once a target is infected, RCS allows accessing a variety of information including Skype traffic, MSN traffic, keystrokes, files, screenshots, microphone eavesdropped data, camera snapshots etc. Invisibility features include full resistance to all the major and most common endpoint protections systems.”

The Alberta director thanked Luppi for the presentation which “would serve as a perfect introduction for the Police to get to know who you are”.

The final email retrieved is dated 16 May 2013 from Luppi to Barbaro Sant: “Don’t hesitate to contact me if you have any question”.

Hacking Team hacked

According to engadget.com, Hacking Team’s clients are: Australia, Azerbaijan, Chile, Colombia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, Honduras, Hungary, Iraqi Kurdistan, Kazakhstan, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Poland, Panama, Russia, Saudi Arabia, Singapore, South Korea, Spain, Sudan, Syria, Thailand, Tunisia, Turkey, United Arab Emirates, United States, Uzbekistan.

Countries not on the maintenance list that were discovered to be active with Hacking Team's services and products include France, Ireland, the UK and Switzerland.

Gizmodo.com also reports that the leaked emails reveal “reveal that the FBI dropped big money on Hacking Team’s powerful snooping software, paying over $800,000 on updates and maintenance even though Hacking Team’s software was considered a backup to the FBI’s other digital tools. And an exchange between CEO David Vincenzetti and other employees suggests that Italian members of Anonymous physically broke into the company’s Milan headquarters in an act of sabotage”.