Citizen Lab Senior Researcher Morgan Marquis-Boire has co-authored an article exploring the sale of commercial spyware produced by Hacking Team to law enforcement agencies and governments across the globe. In particular, the piece comments on the prevalence of Hacking Team’s Remote Control System (RCS) software, which is capable of monitoring emails, phone calls, texts and more, all without the target’s knowledge.
Manuals provided by Hacking Team feature detailed instructions on how to infect a device and set up spying, and are published as part of The Intercept article. The authors note that the Hacking Team website and brochures indicate that their software can “defeat encryption,” and is accessible for non-experts. An example manual can be found here. Further technical analysis of HackingTeam’s RCS software and Android implant can be found in the Citizen Lab report entitled “Police Story: Hacking Team’s Government Surveillance Malware.”
Suspected client governments include Ethiopia, Kazakhstan, Saudi Arabia, Mexico, and Oman. Based on comments made by CEO David Vincenzetti in 2011, there are indications that some sales have been made to American entities as well. Citizen Lab research has traced the use of RCS software, suspecting use of in twenty-one countries, nine of which received the lowest ranking, ‘authoritarian,’ in the Economist’s 2012 Freedom Index.
In August, Citizen Lab Director Ron Deibert wrote an open letter to Hacking Team, which urged Hacking Team and all other companies involved in the surveillance technology industry to carefully consider the human rights impact of their products and services, the potential for complicity in government practices that violate human rights, and steps to address these concerns.
UPDATE: Read Hacking Team’s CEO David Vincenzetti’s response (3 November 2014).