Four years after the ‘Arab Spring’, it is believed that empowerment of civil society in Latin America has been hampered by formal and informal structures of power, which – legally and illegally- are funneling digital manifestations of social grievances, thus avoiding significant challenges to the status quo.

This letter is in response to a statement issued by Hacking Team that has recently come to our attention, concerning Citizen Lab’s report titled “Police Story: Hacking Team’s Government Surveillance Malware” (June 24, 2014).

Since 2012, the Citizen Lab with the support of the International Development Research Centre (IDRC) has been working on building bridges between researchers and activists in the global North and South to form a space of peers for collaboration and organization at local, regional, and international levels. The following is a review of major outcomes in advocacy, litigation and public policy in 2013.

By getting into the malware business the federal and potentially provincial governments of Canada would be confronted with an ongoing reality: is the role of government to maximally protect its citizens, including from criminals leveraging vulnerabilities to spy on Canadians, or is it to partially protect citizens so long as such protections do not weaken the state’s ability to secure itself from persons suspected of violating any Act of Parliament?

As a follow-up to our post about the number of sites miscategorized by SmartFilter, our tests with Blue Coat show that miscategorization is not a problem limited to a single product. We should be skeptical of any company’s claims that they are able to categorize much of the web accurately, or that their rate of “collateral damage” is very low.

Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.

This report outlines an extensive US nexus for a network of servers forming part of the collection infrastructure of Hacking Team’s Remote Control System. The network, which includes data centers across the US, is used to obscure government clients of Hacking Team. It is used by at least 10 countries ranging from Azerbaijan and Uzbekistan to Korea, Poland and Ethiopia. In addition we highlight an intriguing US-only Hacking Team circuit.

This report maps out covert surveillance networks of “proxy servers” used to launder data that RCS exfiltrates from infected computers, through third countries, to an “endpoint,” which we believe represents the spyware’s government operator.

This post is the second in a series of posts that focus on the global proliferation and use of Hacking Team’s RCS spyware, which is sold exclusively to governments.