What the hack?

Cyber security or spyware? The distinction isn't always clear. www.perspecsys.com under a Creative Commons Licence

The recent Hacking Team leak illustrates the hypocrisy at the heart of the arms trade, writes Andrew Smith.

There was something wonderfully ironic about surveillance and spyware specialists Hacking Team being hacked. It made for amusing headlines, but it also highlighted a number of issues with the so-called ‘cyber-security’ industry.

Over a million internal emails and documents were leaked online, revealing the inner workings and secrets of a dishonest and scurrilous company that has been all too happy to use its connections and influence to lobby governments, obstruct UN investigations and spread misinformation about what it is selling and to whom. Despite widespread condemnation, it has always claimed to be an ethical company; but with a client base that includes the governments of Uzbekistan, the United Arab Emirates and Saudi Arabia it is clear that human rights have always come second to profits.

Hacking Team may market itself as a ‘cyber-security’ company, but none of its tools are actually designed to stop cyber-attacks or increase security; they are designed to allow buyers to hack into the computer networks of their opponents and spy on them. The marketing materials for the company’s flagship Galileo Remote Control System makes this clear:

Advert

“Take control of your targets and monitor them regardless of encryption and mobility... Keep an eye on all your targets and manage them remotely, all from a single screen.”

Hacking Team’s founder David Vincenzetti has offered the defence that ‘the geopolitical [landscape] changes rapidly, and sometimes situations evolve. But we do not trade in weapons, we do not sell guns that can be used for years.’

He may not be selling guns or tanks, but the sales he has presided over have had a very real and immediate impact on those on the ground.

There are always serious questions to be asked about civil liberties whenever any government uses surveillance equipment against civilians. These questions become even more pertinent when the governments in question are authoritarian dictatorships and there is even less accountability. This point is acknowledged in an email from one Hacking Team executive, who notes: ‘I don’t think Arab clients take care of legal issues in using our product.’

In 2011 Hacking Team’s account manager for the Middle East sent emails that confirmed the company was looking for business with the Assad government in Syria. This shouldn’t be a surprise; Hacking Team’s equipment has been already linked to the oppressive surveillance of peaceful protesters in Bahrain, journalists in Ethiopia and campaigners in Morocco.

One particular buyer worth drawing attention to is the Sudanese government. Sudan is rightfully subject to a UN and EU-backed arms embargo, and hundreds have been killed during the recent years of instability and armed conflict. Hacking Team has always vehemently denied selling any of its wares to Sudan, but it is listed (alongside Russia) on a spreadsheet of ‘unofficial’ clients. The list is accompanied by an invoice for almost $550,000 from the Sudanese authorities, which suggests there is a strong case to answer.

The leak hasn’t only highlighted the serious moral failings of Hacking Team as a company. It has also illustrated the double standards and hypocrisy at the heart of the arms trade and the so-called ‘security’ industry. Vincenzetti himself has hinted at this in saying: ‘We did [sell tools to Libya] when suddenly it seemed that the Libyans had become our best friends.’ While we can be appalled by his lack of any remorse or sense of personal responsibility, he does have a point. Every single one of these sales has only happened because compliant governments have signed them off.

Like many of its competitors, Hacking Team has always enjoyed very strong government and industry connections. Privacy International alleges that it has received $1.6 million in public financing from the Italian regional authorities. Despite this, the Italian government has acted to curb Hacking Team’s exports in the past, following allegations of human rights abuses. However, the decision was reversed after a sustained lobbying exercise from Vincenzetti and his powerful contacts.

Unfortunately Hacking Team is far from unique. It is all too typical of an industry that is characterized by secrecy, corruption and human rights violations. This is not in any way to excuse Vincenzetti and his team, but they are only one part of a trade that fuels war and oppression while enjoying a totally disproportionate voice in the corridors of power. Spyware and ‘security’ is a loud and growing part of that voice, and it is one that campaigners need to resist.

Andrew Smith is a spokesperson for Campaign Against Arms Trade (CAAT). You can follow CAAT @CAATuk.