The private Italian spying firm Hacking Team was itself recently hacked and some of its internal documents, invoices, emails and customer lists were made public — the information can be found on WikiLeaks. According to Wired not only has the FBI used Hacking Team’s wares, “many of the other governments who bought the same software are repressive regimes, such as Sudan and Bahrain.”
Public records request-focused news site MuckRock put together a map showing agencies that have gotten Hacking Team demos or gotten onto the company’s email list. The Eugene Police Department appears on the map.
EPD spokesperson Melinda McLaughlin says there was no hack on EPD emails, and the emails posted on WikiLeaks “are ‘reply’ emails from those sent to an individual at EPD.”
The FBI purchased Hacking Team’s premiere spy product, “Galileo” aka “Remote Control System,” which Wired says is “a simple piece of hacking software that has been used by the Ethiopian regime to target journalists based in Washington, D.C. It has also been detected in an attack on a Moroccan media outlet, and a human rights activist from the United Arab Emirates.”
According to Hacking Team’s brochure, RCS allows an agency to “take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: You can monitor all the devices. Remote Control System is invisible to the user, evades antivirus and firewalls and doesn’t affect the devices’ performance or battery life.”
The hack on Hacking Team has raised debates on what some see as government and law enforcement’s need to be able to monitor terrorists and criminals versus the ethics of who those agencies are dealing with, including Hacking Team’s troubling relationships with repressive regimes.
EPD’s McLaughlin tells EW, “We are are not using this system. When officers go to trainings the vendors at booths sometimes get emails of attendees.” According to MuckRock, Hacking Team pulls lists from law enforcement conferences.
WikiLeaks emails show that the email account of EPD detective Curtis Newell sent automatic replies to Hacking Team on messages with the subjects “Hacker Can Send Fatal Dose to Hospital Drug Pumps” and “IRAN v. SAUDI: (CYBER) escalation” in June 2015.
Newell has worked on human trafficking cases and on Lane County Interagency Narcotics Team, according to media reports.
The WikiLeaks emails involving EPD can be seen here: wkly.ws/21x.