Leaked emails have exposed plans by Hacking Team and a Boeing subsidiary to deliver spyware via drones for sale to government agencies.

The scheme proposed the use of unmanned aerial vehicles (UAVs or drones) to deliver Hacking Team's Remote Control System Galileo spyware via Wi-Fi networks from above. Boeing subsidiary Insitu and representatives of Hacking Team enthusiastically discussed the deal after meeting up at the International Defense Exposition and Conference (IDEX) in Abu Dhabi back in February.

Putting the plan together would involve developing a ruggedized and miniaturized Tactical Network Injector (TNI), Hacker News reports. This mini-TNI would be used to introduce malicious traffic into insecure Wi-Fi networks while perched on a drone and subject to jolts and low temperatures. Malicious traffic injection would only work in this scenario in cases where a target is surfing in an insecure, open Wi-Fi hotspot (coffee shop, transport hub, etc.) without using protective VPN technology.

Insitu, developer of the small ScanEagle surveillance drone and other aerospace kit for military and law enforcement applications, outlined the basic premise of the development plan in one leaked email exchange.

We see potential in integrating your Wi-Fi hacking capability into an airborne system [drone] and would be interested in starting a conversation with one of your engineers [Hacking Team staff] to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System.

Hacking Team responded to the suggestion with enthusiasm, but the plan itself doesn't appear to have progressed much beyond the planning stages before Hacking Team's email spool was leaked by hackers following a high-profile breach earlier this month. It's unclear who the ultimate customers of the aerial malware delivery system might have been. The email exchanges outlining the plan were first reported by Glenn Greenwald's The Intercept here.

The idea of combining spyware and drones may not in itself be new. The alleged leader of Mexico's infamous Los Zetas gang was captured two years ago using a combination of commercial computer spyware, GPS mobile tracking, and aerial drones. The operation to capture Miguel Treviño Morales – also known as "Z-40" – may have involved spyware for law enforcement from Hacking Team rival Gamma International, as The Register noted at the time.

The Mexican government was a customer of Gamma's FinFisher software, according to local reports. The exact role of spyware in the arrest – much less whether it was delivered by a drone – remains unclear, partially because Gamma International declined our invitation to explain how its technology has helped in the arrest of an alleged Mexican cartel leader without bloodshed. ®