Australian Federal Police and the Defence Force used the services of the world’s most infamous hacking company, according to secrets revealed by Wikileaks, and there are Australian companies selling spyware here and overseas.
SABRA LANE, PRESENTER: The rise of terrorism, technology and national security has forged a network not only of police and spy agencies, but of private companies with extraordinary capabilities the country knows little about.
Cracks opened into this hidden world of hacking and surveillance when the world’s most notorious hacking company’s secrets were spilled by WikiLeaks.
It was revealed the Australian Federal Police had used its services to spy on potential targets.
An investigation by 7.30 has unearthed a number of private Australian companies selling spyware here and overseas, including one that claimed the Australian Defence Force as its client.
Conor Duffy and Lisa Main report.
CONOR DUFFY, REPORTER: In quiet Australian suburbs right across the country, some of the nation’s most secretive countries ply their trade in spyware. They sell technology to governments around the world that’s so powerful it can turn your computer into a recording device, access your most sensitive information or even track your movements.
ADAM MOLNAR, DEAKIN UNI., DEPT. OF CRIMINOLOGY: The private surveillance industry is massive. It’s one of the few sectors that continually posts significant growth compared to others.
NIGEL PHAIR, FORMER AFP: The private sector have got to be critical key partners in the development of this sort of technology. You know, they play a vital role, they’re able to do development. The Government just hasn’t got enough staff to be able to create these sorts of things.
SCOTT LUDLAM, GREENS SENATOR: I think we should be really concerned with the outsourcing effectively of the state’s military-industrial complex, if you like. In addition to the sort of normal national security shroud that gets thrown over some of these things, you’ve got commercial-in-confidence.
CONOR DUFFY: Little is known about exactly what technologies are being sold and to whom. But the thick walls protecting this industry were knocked flat when a hacker breached the defences of the world’s most infamous spyware company, Hacking Team, which is based in Milan, Italy.
The company’s most famous product is attack software called Remote Control System that infects and tracks a target’s computer or smartphone.
SHUBHAM SHAH, INFORMATION SECURITY PROFESSIONAL: The software allows for Hacking Team to basically infect people, infect them in the sense of putting a virus or malware on their computer and then essentially have full access to their computer. They can do all sorts of things. They can download files on the computer, they can upload files to the computer, they can monitor all internet traffic.
SCOTT LUDLAM: Well they appear to not have a particularly high moral threshold when it comes to choosing some of the client regimes that they work with. … Their fourth-largest source of revenue comes from Saudi Arabia, which has a horrific human rights record. They’ve worked with the UAE, with – they (inaudible) ran demo software to a Bangladeshi death squad. It’s hard to imagine some of their customers having a worse human rights record.
CONOR DUFFY: After Hacking Team’s security was breached, WikiLeaks published more than one million of the company’s emails. Buried in that massive data dump are rare glimpses of Australian companies that trade in secrets.
This is the Perth base of Providence Australasia, the Australian offshoot of a bigger company based in England. It’s made up of retired Special Forces soldiers. In November, 2012, the company’s Australian representative, Matt Jamieson, wrote to Hacking Team on behalf of agencies in Australia and New Zealand. Hacking Team was delighted Providence was bringing a brand new customer.
MATT JAMIESON, DIR., PROVIDENCE AUSTRALASIA (male voiceover, email): “The client Providence is representing in Australia is the Special Forces from Defence. Apparently this client is already using Gamma’s solution, but is not happy at all with it and asked Providence to contact us. Time for us to defeat the competition!”
CONOR DUFFY: Another email a month later shows Hacking Team was keen to meet with Defence and nudge out rival spyware company Gamma.
MATT JAMIESON (male voiceover, email): “I just wanted to follow up on Australian Special Forces as I am currently organising the agenda for February.”
CONOR DUFFY: It certainly seems Providence wasn’t just boasting about working for Defence. Government documents show Providence billed the Defence Department $70,000 for multimedia surveillance in July this year.
In a statement, Defence said it had no record of a meeting with Hacking Team. It also said it had no direct relationship with the company. It said it engaged Providence for equipment and training from 2010 to 2015.
What the emails do prove is that the business wasn’t all one way. Providence sent Hacking Team a brochure demonstrating they could do break-ins to secretly plant video and recording devices. These black op’ skills included lock picking as well as tracking targets and the Italian company was very interested.
MATT JAMIESON (male voiceover, email): “The training they provide is unconventional, focusing on military intelligence and surveillance. … Premium price here is mandatory!”
CONOR DUFFY: Providence did not respond to repeated requests to discuss the emails, but information about its Australian arm was removed from its website after 7.30 began making inquiries.
Another company in touch with Hacking Team is Criterion Solutions, based here in Canberra. Emails show Criterion contacted Hacking Team, who believed Criterion was representing Australian domestic spy agency ASIO.
CRITERION SOLUTIONS EMAIL (male voiceover): “Hi Marco, Australian customer interested in our product is ASIO.”
CONOR DUFFY: In a phone interview, the company’s sales rep’, Michael Sinkowitsch, said negotiations didn’t progress beyond a nondisclosure agreement.
And is it correct that your client was ASIO?
MICHAEL SINKOWITSCH, SALES REP., CRITERION SOLUTIONS: No, I genuinely don’t know where that’s come from.
CONOR DUFFY: In the past year, Criterion Solutions has received over $5 million from Defence for surveillance aircraft, communication devices, multimedia network equipment and electronic hardware.
NIGEL PHAIR: Their speciality is drones, so they import drones out of the Nordic countries and sell them into Defence. They’re particularly good technology. They have great range, great capability and are very stealthy.
CONOR DUFFY: The company also boasts it is the exclusive Australian supplier of QRC Technology. Among the products QRC sells is Stingray technology – fake mobile phone towers that can suck all the sensitive information out of a smartphone.
ADAM MOLNAR: It’s a technology that law enforcement can use that sits in between a real cellphone tower, mobile phone tower and an individual’s mobile phone. The FBI has been very adamant about their use. The FBI says that they purge that data after the end of every operation, but in countries like Australia where there is no limit on how long data can be retained by law enforcement, it creates a circumstance where there’s a trove of data that is now subsequently searchable and can be acted upon.
CONOR DUFFY: Criterion says it only sells QRC products to phone companies wanting to test mobile phone networks and denied it could be used to target cellphones.
MICHAEL SINKOWITSCH: I’ve never heard of it other than something that unfortunately killed Steve Irwin. I’ve never heard, you know, the term Stingray in technology.
CONOR DUFFY: This quiet suburban home in regional NSW is the registered address of another Australian company called Miltech that pitches itself as one of the most high-tech in the country. As well as doing deals with Australian Defence, its director, Kevin McKinnon, sought to position himself as a middleman between Hacking Team and Indonesian intelligence, which was already using a number of his services.
Emails show negotiations between Miltech and Hacking Team fell through, but Hacking Team wanted to take advantage of the rift between Australia and Indonesia, sparked by revelations Australia tapped the Indonesian President’s phone.
HACKING TEAM EMAIL (male voiceover): “The Indonesia Government is trying to achieve a sort of intelligence autarchy because it deeply mistrusts the so-called Five Eyes. So the Indonesian market is ready. It is willing to build up its own intelligence apparatus.”
CONOR DUFFY: Hacking Team declined to be interviewed, but in an email defended its products, saying the only illegal act was when it itself was hacked.
HACKING TEAM EMAIL (male voiceover): “Hacking Team requires clients to affirm that HT technology will not be used for illegal or military purposes.”
CONOR DUFFY: The leaked Hacking Team files allow a glimpse of a rapidly-expanding industry that wants secrets, but would prefer to keep its own. It’s impossible to know exactly what all this spyware is being used for. While it may all be legal and potentially crucial for law enforcement, it’s feared oversight may not be keeping pace with what are incredibly invasive surveillance techniques.
ADAM MOLNAR: The Australian case is that you could have an agency who has a legitimate warrant to conduct the operation. They collect the data. But once the data’s collected, it would be very easy for that data to be retained indefinitely and then subsequently shared.
SCOTT LUDLAM: Hacking Team are getting singled out at the moment because they got so comprehensively owned and had effectively the company’s DNA spooled out on WikiLeaks. But there are a lot of other outfits like them and I suspect this is really the tip of the iceberg.
NIGEL PHAIR: I think if those outfits are legitimate, and by legitimate, not just corporately legitimate, they have good people that work there, they’re not pseudo-criminal outfits, I think we should have some degree of comfort. But as a society, we need to have that discussion.
SABRA LANE: Conor Duffy and Lisa Main with that report.
For more information on this story, you can read the responses to 7.30 from Hacking Team:
Q: Emails from hacking team claim that Providence’s Australian rep was brokering a deal on behalf of ‘Australian Special Forces’. Did this deal go ahead and what was supplied?
A: As a matter of long-standing policy, Hacking Team does not disclose details of contracts or even the identities of clients. We are not authenticating any of the various documents published after the criminal attack on our company that was revealed on July 6.
Q: Other emails show Hacking Team was interested in services offered by Providence that included bypassing alarms and allowing ‘physical infections’. Why was this capability desirable or necessary?
A: Again Hacking Team does not comment on details of proposals or actual agreements with clients.
Q: Hacking team has been criticised for dealing with countries like Saudi Arabia, does Hacking Team do any due diligence around the human rights records of its customers? How can it be ethical to operate in regimes were opposition figures and journalists are targeted?
A: Please see our Customer Policy. Hacking Team has always sold its technology in accordance with the law. When new regulation went into effect (the Wassenaar Arrangement protocol) in Italy in January of this year, Hacking Team immediately complied with the new rules.
Hacking Team is the first and only company offering lawful surveillance tools to voluntarily publish a policy that attempts to deal with responsible sales and operations. This is an attempt to go beyond the requirements of law.
However, many countries that are labeled “repressive” by activists have a very serious need for tools to fight crime and terrorism. You mention Saudi Arabia, an ally of the west. However Saudi Arabia is where the terrorists who plotted and carried out the 9/11 attack on the U.S. began their work. It is in the interests of the world community that the Saudis have tools to fight terrorists. Furthermore, Saudi Arabia has never been on any blacklist that prohibited the sale of surveillance technology to the country.
Additionally, Hacking Team requires clients to affirm that HT technology will not be used for military or illegal purposes.
Q: Emails show Providence setting up a potential deal for Hacking Team with the Ministry of the Interior in Ecuador. Did the planned demonstration of this software go ahead? Is a deal going to be done?
A: Hacking Team demonstrates its software to many potential clients, however, demonstrations do not always lead to sales. Again, no comment on contacts with clients or potential clients.
Q: Does Hacking Team have any suspicions on who carried out the hack on it?
We believe these criminals were sophisticated, well-funded and had ample time to plan and execute the attack. Beyond that we have no theories to offer. Police agencies are investigating and, of course, we are cooperating in any way possible.
Q: Can the company recover from this?
A: The work of recovery is well underway and the company is focused on providing law enforcement the tools needed to investigate crime, prevent it or prosecute criminals in the digital age.
In the digital age, criminals and terrorists take full advantage of the secrecy provided by the Internet, encrypted communications over mobil and fixed devices and Internet services such as Tor to conduct crime. Each of us runs the risk of becoming a victim of fraud, extortion or worse because of this situation. There are hundreds of examples of crime such as the theft of financial data that has a direct impact on both consumers and business.
Law enforcement must have a way to do what it has always done, that is to track criminals and prevent or prosecute crime. With the development of global terrorism and especially the ‘lone wolf’ terrorist, this requirement is even more important.
Hacking Team has helped fight crime by providing a surveillance tool to law enforcement. The company believes this is a small step toward a more secure world for all who wish to used the Internet and digital tools lawfully.
View the original content and more from this author here: http://ift.tt/1Jse5OP
from hacker samurai http://ift.tt/1I0MD8k
via IFTTT
No comments:
Post a Comment