Download press release [PDF]

Toronto, Canada (February 28, 2014) – The Citizen Lab is pleased to announce the release of “Hacking Team’s US Nexus” by Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, John Scott-Railton, and Sarah McKune.

Hacking Team, also known as HT S.r.l., is a Milan-based purveyor of “offensive technology” to governments around the world. One of their products, Remote Control System (RCS), is a trojan that is sold exclusively to intelligence and law enforcement agencies worldwide. “Hacking Team’s US Nexus” is the third in a series of reports that focus on the global proliferation and use of Hacking Team’s RCS spyware.

The first report, “Hacking Team and the Targeting of Ethiopian Journalists,” provided evidence that US-based journalists were targeted on US soil by the government of Ethiopia. The report was covered by the Washington Post. The second report, “Mapping Hacking Team’s “Untraceable” Spyware,” identified twenty-one governments that we suspect are current or former users of RCS. The report showed that computers infected with RCS send surveillance data back to the government operator through a series of servers in multiple third countries, called a proxy chain or circuit. This is to prevent someone who discovers a copy of the spyware or an infected computer from tracing it back to the government. The report was covered by SC Magazine, Wired Italy [Italian], and Der Spiegel [Germany].

In “Hacking Team’s US Nexus,” we delve deeper into these proxy chains. Our analysis traces these proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations. We also identify several cases where US-based spyware servers were disguised as the websites of US companies.