Leak Shows FBI Bought Spyware

John Lister's picture

A business which makes spying software for governments and police has been hit by a major hacking attack. The company has recommended customers temporarily stop using its products in case the attack compromises security.

The business is named "Hacking Team," and is based in Italy. It specializes in software that can monitor the online activities of computer users and even retrieve data from their computers. Critics claim the software often uses the same tactics as malware created by cyber criminals.

The firm says its situation is different as it only sells its products to public bodies which have the legal right to use their software for monitoring in their own country. However, it's long been suspected that while this is technically true, the software is often used by countries which abuse human rights and are monitoring people to repress the media and political opponents.

'Hacking Team' Doubly Hacked

That seems to be confirmed by the publication of more than 400 gigabytes of Hacking Team data, ironically via a post on the company's Twitter account, which was also hacked. The company is neither confirming nor denying that the files are genuine.

The data includes emails, passwords, internal documents, and the source code that runs their software. The last of these is arguably the most immediate commercial concern, as it could make it easier for people to use the software without paying.

However, other leaked information may be the most damaging for the company and its clients alike. Hacking Team refuses to publicly confirm the identity of its clients, citing confidentiality; however, leaked documents list its clients as including government security agencies in several African and Middle Eastern countries with poor human rights records. Most notable among these is Sudan, which if true, may breach international trade restrictions for using spying software. (Source: reuters.com)

FBI Among Customer List

European and United States agencies are also on the list. The documents list both the Drug Enforcement Agency (DEA) and the Federal Bureau of Investigation (FBI) among the clients, with the FBI said to have spent a total of around $750,000 since 2011. (Source: wired.com)

Although it isn't clear which software the FBI has used from Hacking Team, an email among the data suggests that it is using the spying software only as a "backup" for other surveillance techniques. It appears that may include the ability not only to monitor communications such as emails and Skype, but could also exploit security weaknesses to access data on users' computers.

What's Your Opinion?

Should firms making such software be banned from dealing with oppressive governments, or is it up to those governments to decide what's legal in their country? Are you surprised that US agencies appear to be buying spyware for their operations? Is it time for clearer guidelines on exactly if, when and how the US government should use hacking techniques for surveillance?

Rate this article: 
Average: 5 (5 votes)

Comments

Dennis Faas's picture

Spying, especially after 2001, is certainly a hot commodity. Initially the cables from wikileaks were very shocking, but the sheer volume of hacks and leaks has all but desensitized me to the topic. I think when it comes to spying and governments, much of the same applies. "Everyone else is doing it," and there really doesn't seem to be any rules. I'm sure that when it comes to who can and cannot use spying software, money talks and the rest walks.

plamonica_3840's picture

So we are talking about some un-named group hacking into a companies account through some illegal means stealing company records and your question is should the FBI be allowed to legally purchase software?

Did I miss the part where we are worried about the illegal activity here? My identity has been stolen so many times now I'm not even sure I'm still me. I think that Law Enforcement should have at least the same tools as the criminals.

matt_2058's picture

Spying between countries is something completely different than a government agency spying on its own citizens.

As for limiting a resource to non-oppressive governments, who's going to make that decision? The U.N.? The country where the subject provider resides, like the U.S. does with its technology and export limitations? It should probably be the provider's country, and if the provider doesn't like it, then they can relocate.

There's no surprises when it comes to the U.S. and surveillance. Think back to the deal between the U.S. and UK to spy on the other's citizens to circumvent national laws. THAT should have gotten some U.S. officials thrown in jail. But it didn't.

In the end, every country should use resources to protect and defend itself. Unrestricted spying on its own citizens is the crime here.

I applaud exposing crap like this. Not necessarily the method to get the info, but definitely the end result.