Hacking Team Tried to Sell Smartphone Viruses to South Florida Cops
In early July, an Italian-based company called Hacking Team — which had been criticized for profiting by selling malware to regimes with poor human rights records — was itself ironically hacked. Its Twitter account taken over and a 400 gigabyte trove of internal information about the company in the form of emails and customer lists was leaked to the public July 5.
Emails from the leak, published on Wikileaks, showed that several South Florida police agencies ended up on Hacking Team's email list. The emails also show that several U.S. police agencies, including the Broward Sheriff's Office, went as far as receiving a demo from the company for a program called Remote Control System.
"All meeting [sic] went very well," Hacking Team's Marco Cantino wrote in one email, dated January 29, 2013, referring to demos given to several agencies, including the Broward Sheriff's Office. "All clients impressed by RCS Da Vinci. Follow ups on most of them are expected soon."
The police were definitely interested.
"The dectectives [sic] there were definitely impressed by RCS," Catino wrote in an email, saying most of the questions were about the legal aspects, but in the end they seemed confident that the product could be used for investigations.
Other local agencies that ended up on mailing lists include Miami Shores, Boca Raton, and Boynton Beach police departments. Elsewhere around the state, agencies include the Florida Department of Law Enforcement and several county sheriff's offices. The Miami-Dade Police Department ended up on the mailing list too.
However, emails from MDPD show the department wasn't interested in Hacking Team's products and actually requested to have its email removed from the list December 26. It wasn't. MDPD continued to receive newsletters from Hacking Team up to the day of the massive data breach.
BSO, though, at least took at look at the RCS program, which contains Galileo and Da Vinci, two remote access trojan viruses that can secretly infect computers and allow a hacker to bypass encryption and control virtually every aspect of it from a remote location. When infected, the computer essentially becomes a part of a malicious botnet controlled by a single user. Antivirus companies themselves have warned against the Da Vinci virus in the past.
According to Alex Heid, president and cofounder of security research group Hack Miami, these types of viruses have been circulating the internet for years and are a favorite among the underground hacker market, selling from $10 to thousands of dollars. Hacking Team is cashing in by selling software ordinarily used by criminals to law enforcement agencies around the world.
"It seems that the Hacking Team corporation changed up the game by turning underground malware methodologies into enterprise solutions that are geared toward the niche of investigations and surveillance," Heid told New Times.
Hacking Team sells its products only to law enforcement and intelligence agencies that would find RCS useful because it is known to strip anonymity from anyone using the Tor network, an alternate internet designed to keep users anonymous that's often used by drug smugglers and human traffickers.
Documents from the Hacking Team archive show that its customer list includes the FBI, which spent $775,000 on the program since 2011, using it to unmask Tor users and track bomb threats. The list also includes Ethiopia, which used RCS to spy on journalists in 2013.
RCS software targets iPhones and Android devices too. In a newsletter broadcast to a mailing list October 3, 2014, Hacking Team introduced RCS as "the most effective vector to target Android phones." Some of the capabilities include being able to take camera shots with the computer's webcam, secretly switch on the microphone, and even spy from apps such as Facebook and WhatsApp.
Computer security experts such as John McAfee, who earned billions by selling antivirus software in the early 1990s, don't like this one bit, likening it to George Orwell's dystopian novel, 1984.
"Everybody has a smartphone these days," McAfee tells New Times. He adds that Android holds 91 percent of the world market in smartphones. "They use their smartphones to share data; they put info in the cloud. The smartphones are designed to do one thing only: collect information about you."
In 2012, McAfee himself was the target of law enforcement as he became entangled in a sticky situation while he evaded Belize authorities, who wanted him for questioning in the homicide of his former neighbor. New Times profiled McAfee during his brief stay in Miami after being deported from Guatemala.
Though it seems that MDPD's involvement with Hacking Team never went beyond merely being on a mailing list and that BSO's involvement never went beyond a demo, Heid finds it disturbing that the departments considered using the software and credits BSO for at least questioning its legality.
For McAfee, it's more ominous.
"I would recommend you read George Orwell's 1984," he says. "That's the paradigm we're living in now."