Kenya’s government negotiated to buy sophisticated spy software from Italian surveillance company Hacking Team, according to leaked emails published by WikiLeaks. Messages obtained through an attack against Hacking Team reveal that a representative of the government requested an attack against a website critical of the Kenyan government as a “proof of concept”.

Advertising Read more

“There is a website we would wish you urgently bring down, either by defacement or by making it completely inaccessible,” said an email from a Kenyan representative sent to Hacking Team on 6 May 2015. It referred to the Kahawa Tungu website, which focuses on alleged corruption within the Kenyan government.

It is not immediately clear who sent this email to the Italian surveillance company, but other emails originating from the same internet domain name (kensi.org) outline communications with Eric Mwangi, whose email signature identifies him as a member of the cyber security department of the Kenyan president’s office.

Mwangi, who has not responded to several calls and an email from RFI, was introduced to Hacking Team by Chris Kinyanjui, executive director of Com 21 Ltd, a Kenyan information technology and communications company. In his emails, Kinyanjui identifies Mwangi as working for Kenya’s National Intelligence Service.

In a telephone call by RFI to Kinyanjui using the number listed on his email signature in 2014, the person talking denied he was Chris Kinyanjui or worked for Com 21 Ltd.

“We’ve always suspected that there is some snooping around certain websites and around certain emails,” Grace Githaiga, an associate of the Kenya ICT Action Network, told RFI. “Finally we’re getting information publicly that the government has been making such requests to bring certain websites down.”

Investigations into Hacking Team’s operations have already revealed that several countries, including Egypt, Ethiopia, Morocco and Sudan, were using the company’s sophisticated spy software to snoop on their citizens. However, the leaked emails also reveal ongoing negotiations between Hacking Team and agents acting on behalf of other countries.

An email dated 2 June 2015 shows correspondence between Kamel Foughali from a company called KCS International and Hacking Team. Foughali wrote that he was working on behalf of the Algerian police and later signed Hacking Team’s non-disclosure agreement. His company, which is based in Spain, was interested in working with the Italian firm on an Algerian government tender to supply the remote control system Galileo.

In 2013, Hacking Team received a message from Simão Nhanga, a person who said they represented SINSE, Angola’s intelligence agency. Nhanga asked for Hacking Team’s prices for their Da Vinci remote control system and relevant “procedures to purchase”.

It is not clear whether a deal for Hacking Team’s snooping software was ever signed with the Kenyan intelligence services. And the Italian spyware firm refused to carry out the Kenyan request for an attack on a website. However, Mwangi was not the only one in negotiations with Hacking Team.

Offer Hameiri, who heads the Israel-based Oyamo Group, said on 11 June 2014 that he was negotiating on behalf of the Kenyan police. Hameiri and Hacking Team staff sent several messages of correspondence to organise a trip to Haifa for a demonstration of the spyware. Hameiri did not respond to RFI’s request for a comment via email.

Numerous legal concerns surround Kenya’s possible use of spy software for snooping illegally on its citizens. Grace Githaiga, a Kenyan information technology policy specialist, points out that implementation of Kenya’s data protection law has been pending for several years so if spying was being carried out it is “not within the rule of law”.

“It’s most worrying because in Kenya there actually is a constitutional statement for the protection of privacy,” said Gus Hosein, executive director of Privacy International, an organisation which fights for the right to privacy.

The Kenyan government does not “have the guts” to defend their citizens’ privacy and is not “honouring their citizens sufficiently”, according to Hosein. “Instead they’re just buying the kit and deploying it without any consideration of rights,” he told RFI.

RFI spoke to Kenya’s government spokesman Manoah Esipisu for comment and was told to speak to Kenya’s interior ministry. Despite Esipisu’s promises to provide a contact, it was not possible to get a reaction.

In a statement this week, Hacking Team said their surveillance system is “critical to the work of preventing and investigating crime and terrorism”.

Daily newsletterReceive essential international news every morning Subscribe