In an article titled “The Hacking Team Defectors,” VICE Motherboard outlines the experiences of employees who have quit Hacking Team in the wake of a hacking of the company in July 2015, when internal emails, client lists and the spyware’s source code were leaked. A small group of high level former employees are suspected by the company as being behind the hack. There have been separate lawsuits against five of them.
The article highlights Citizen Lab research entitled “Backdoors are Forever: Hacking Team and the Targeting of Dissent,” in which it was revealed that the Moroccan government had purchased spy software from Hacking Team to target local citizen journalist group Mamfakinch. Alberto Pelliccione, a former employee of Hacking Team, said that the report prompted an internal debate amongst developers and employees, which “never subsided.” Other former employees, such as Guido Landi, who was a developer focusing on windows, expressed concern with the sale of the software to some countries. He said: “You shouldn’t sell to Sudan. Period. Same goes for Ethiopia, and even in other less evil countries, there were abuses.”
Citizen Lab also documented the use of Hacking Team software by the Ethiopian government. Despite the concerns outlined in the report, Hacking Team failed to stop selling their software to the country, and was later found to be using it to target journalists in the report entitled “Hacking Team Reloaded: US-Based Ethiopian Journalists Again Targeted with Spyware.”
In an article highlighting the recent release of Citizen Lab’s report entitled “Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation,” The Varsity interviewed Director Ron Deibert and Senior Research Fellow Bill Marczak. The report finds that 32 governments across the world may be deploying the FinFisher software, developed by Gamma Group. Bill Marczak, one of the authors of the report, expressed concern that the proliferation will continue: “Governments will not want to be left behind as more and more of their peers get into the computer/phone intrusion game.”
Marczak explained that though Gamma is likely to continue to enhance the decoy system, slight modifications do not impact the ability to detect FinFisher servers. He added that there is little accountability in the sales of this type of software around the world: “In the case of the surveillance business, you have the private sector involved with very little government regulation. Since the private sector naturally tends towards profit maximization in the absence of government regulation, you get companies selling to very repressive places like Turkmenistan. That, in essence, is the problem — surveillance companies have little requirement or incentive to perform due diligence on their clients.”
Director Ron Deibert said that universities have a key role to play as stewards of a free and open Internet: “I see what we are doing as a form of ‘digital arms control verification’ in this regard, shedding a light on abuses and violations of human rights around access to information, freedom of speech, and privacy.”
The New York Times reported that the United States government charged two technology distributors with illegally shipping American equipment to the Syrian government, in order to help it monitor Internet traffic and spy on dissidents. The case is one of the few occasions of the American government pushing to limit the use of censorship and spying software, given that the same tools are used by Western law enforcement agencies to track criminals and disrupt security threats. The Obama administration signed an International agreement in 2013 that calls for limits on exporting surveillance technology to regimes with poor human rights records.
There are concerns that the distribution of surveillance technology is emerging as a 21st century arms race. Citizen Lab Director Ron Deibert was interviewed by the New York Times regarding exports of surveillance technology. He said that the trade of surveillance technology involves several actors: “You have the professionals, the big firms that are very legitimate, and then you have some dodgy parts of the business, which, like gunrunning, is subterranean and shrouded in secrecy.”