Two U.S. companies \u2013 Linode of New Jersey and Rackspace of Texas \u2013 have been hosting surveillance software designed by Hacking Team of Italy, according to a new report. The software was allegedly been used by governments in Ethiopia, Morocco, Turkey and the United Arab Emirates to track dissidents.<\/p>\n
\u201cWhat we\u2019ve tried to do here is unravel Hacking Team\u2019s labyrinthine hidden collection structure that they use to hide government spying globally<\/a>,\u201d Morgan Marquis-Boire, a co-author of the report published by Citizen Lab at the University of Toronto, told the Washington Post.<\/p>\n According to research conducted by the Kaspersky Lab, an anti-virus company, Hacking Team sells technology that can be used to create emails to target suspects<\/a> by inviting them to click on a link or attachment that then installs a spy tool called Remote Control System (RCS) on the target\u2019s computer.<\/p>\n RCS (also known as DaVinci) can then copy the Web browsing history of its targets, turn on their computer microphone and webcam to eavesdrop on them, as well record their conversations on computer applications like Skype.<\/p>\n Citizen Lab identified 555 servers that have hosted RCS software since 2012 \u2013 80 were hosted by Linode and 19 by Rackspace<\/a>. Other companies that ranked high on the list were Telecom Italia with 32 servers and Santrex of the United Kingdom with 26. (The latter company shut down last September after being cited to be among the top three hosts of malicious software<\/a>)<\/p>\n The researchers note that such hosting likely violates international law. \u201cWe doubt foreign governments using Hacking Team\u2019s RCS spyware seek permission from the US government to engage in surveillance of US-based targets, or to transmit surveilled data obtained elsewhere through US-based services,\u201d wrote the authors. \u201cWithout that consent, foreign governments using the RCS spyware in this manner wilfully flout the international legal principles of sovereignty and nonintervention.\u201d<\/p>\n Hacking Team has not denied the allegations. \u201cOur clients do not use our tools to attack U.S. systems, but rather to perform surveillance on subjects of criminal investigations,\u201d Eric Rabe, the firm\u2019s chief communications executive, told the media in an email statement. \u201cMuch of the world\u2019s Internet traffic transits the United States, so it is no surprise that Citizen Lab would find servers in this country carrying all manner of Internet traffic including that of various criminals and terrorists.\u201d<\/p>\n Rackspace told the Washington Post that if the allegations were true that they \u201cwould definitely violate our policies\u201d while Linode has promised to investigate.<\/p>\n Hacking Team has come previously come under fire for the alleged use of its software in Ethiopia, Morocco, Turkey and the UAE.<\/p>\n The most recent incident was the targeting of Ethiopian Satellite Television Service (ESAT)<\/a>, an independent news outlet that broadcasts reports critical of the Ethiopian government, mostly from its offices in Alexandria, Virginia.<\/p>\n On December 20, 2013, an attacker who used the name Yalfalkenu allegedly made several attempts to steal files and passwords as well as to intercept Skype calls and instant messages from two ESAT journalists by asking them to open a fake document that contained a virus designed by Hacking Team.<\/p>\n In Morocco, Mamfakinch, a citizen journalist group that was created during the 2011 Arab Spring, believes that it was targeted with a \u201cbackdoor\u201d attack<\/a> by software that is identical to Hacking Team\u2019s RCS system, according to an analysis by Dr. Web, an anti-virus company. Slate Magazine described how the organization\u2019s computers were infected by spy software after members opening an email titled \u201cD\u00e9nonciation\u201d (denunciation) that contained a link to what appeared to be a Microsoft Word document labeled \u201cscandale (2).doc\u201d alongside a single line of text in French, which translates as: \u201cPlease do not mention my name or anything else, I don’t want any problems.\u201d<\/p>\n And Wired magazine recently published details of an attack on a U.S. activist who was sent an email about Turkey <\/a>that appeared to come from a trusted colleague at Harvard that \u201creferenced a subject that was a hot-button issue for the recipient, including a link to a website where she could obtain more information about it.\u201d Although she did not click on the email, Arsenal Consulting, a digital forensics company, analyzed the link and discovered that it too contained RCS attack software.<\/p>\n Citizen Lab has also identified emails sent to Ahmed Mansoor, a UAE human rights activist, that was also allegedly designed with Hacking Team software<\/a>. Mansoor was a member of a group of activists who were imprisoned from April to November 2011 on charges of insulting an Emirati royal family. He told Bloomberg that he was identified and then beaten after he clicked on an email that contained a Microsoft attachment that infected him with the spy software<\/a>.<\/p>\n Hacking Team has previously informed CorpWatch that the company strictly follows applicable export laws and other regulations and only sell their products to governments or government agencies.<\/p>\n \u201cThe point that is generally missed in discussions like this is that the world is a dangerous place, with plenty of criminals and terrorists using modern Internet and mobil technologies to do their business, and that threatens us all,\u201d Eric Rabe, the general counsel of Hacking Team, wrote. \u201cWe firmly believe that the technology we make available to government and law enforcement makes it harder for those criminals and terrorists to operate<\/a>.”<\/p>\n Rabe said that his company also understands the potential for abuse of their products, so they review customers before a sale to determine whether or not there is \u201cobjective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations.\u201d<\/p>\n The company also notes that their products have an auditing feature that cannot be turned off so that agencies can check how and when surveillance occurs. \u201cOf course, HT cannot monitor the use of our software directly since clients must have the ability to conduct confidential investigations,\u201d Rabe adds. \u201cShould we suspect that abuse has occurred, we investigate. If we find our contracts have been violated or other abuse has occurred, we have the option to suspend support for the software. Without support, the software is quickly rendered ineffective.”<\/p>\n Rabe says that Hacking Team did investigate \u201cthe Morocco and UAE assertions\u201d but he was not able to comment since the company \u201cdoes not share the results of such investigations nor do we publish whatever actions we may subsequently take.\u201d<\/p>\n