Late Sunday, hackers dumped online a massive trove of emails and other documents obtained from the systems of Italian surveillance firm Hacking Team. The company’s controversial technology is sold to governments around the world, enabling them to infect smartphones and computers with malware to covertly record conversations and steal data.

For years, Hacking Team has been the subject of scrutiny from journalists and activists due to its suspected sales to despotic regimes. But the company has successfully managed to hide most of its dealings behind a wall of secrecy — until now.

For the last few days, I have been reading through the hacked files, which give remarkable insight into Hacking Team, its blasé attitude toward human rights concerns, and the extent of its spyware sales to government agencies on every continent. Adding to the work of my colleagues to analyze the 400 gigabyte trove of hacked data, here’s a selection of the notable details I have found so far:

Demo for Bangladesh “death squad”

In May, a Hacking Team representative traveled to Dhaka, Bangladesh, to demonstrate the company’s spy technology at the headquarters of a brutal paramilitary security agency that is known for torture and extrajudicial killings. The Rapid Action Battalion (pictured above) — described by Human Rights Watch as a “death squad” that has perpetrated systematic abuses over more than a decade — wanted to see “a practical demonstration” of Hacking Team’s surveillance equipment “in the ground settings of Bangladesh,” according to the company’s emails. Last month, a reseller for Hacking Team in Bangladesh reported that he had submitted the bid papers for the deal and was “pushing RAB to select our offer through our personal relationship.”

DEA mass surveillance in Colombia

Hacking Team supplies its technology to the DEA, which one email shows is apparently using the spyware to launch surveillance operations from the U.S. embassy in Bogota, Colombia. More notably, the email suggests that, in addition to the Hacking Team technology, the DEA is also using other spying equipment at the embassy in Colombia to perform dragnet Internet surveillance. Last month, a Hacking Team field engineer had a meeting with DEA agents in Cartagena and noted that he was told the agency had “bought another interception tool (something that will receive all the traffic for Colombian’s [sic] ISPs).”

Impressing dictator’s spies



In October 2014, in Doha, Qatar, Hacking Team demonstrated its technology for two officers from the Belarus intelligence agency Operations and Analysis Center, or OAC. The Belarus government is an authoritarian regime that been accused by Human Rights Watch of suppressing “virtually all forms of dissent,” cracking down on journalists, activists, opposition politicians, and anyone else deemed to have deviated too far from the orthodoxy of despotic president Alexander Lukashenko, known as “Europe’s last dictator.” Nevertheless, these issues don’t seem to have put off Hacking Team’s attempts to make a sale. “The prospect confirms to be impressed by our solution,” noted a Hacking Team employee after the meeting with the two officers. “They will evaluate to proceed with the Sales Department to arrange a dedicated meeting.” It is unclear from the emails whether the sale went ahead or if efforts to finalize it are still ongoing.

Sales through Israeli company

One of Hacking Team’s key corporate partners is Nice Systems, an Israel-based company with close links to Israeli military and intelligence agencies. (CEO Barak Eilam, for instance, was formerly an officer with an “elite intelligence unit” in the Israeli Defense Forces, according to his biography. Eilam’s LinkedIn profile links him to Unit 8200, Israel’s signals intelligence corps.) The leaked Hacking Team documents show that Nice has been working on closing a large number of deals for the company across the world, winning contracts in Azerbaijan and Thailand and pushing for sales in Brazil, Colombia, Guatemala, Honduras, Israel, Kuwait, Finland, Georgia, Greece, India, Turkmenistan, Uzbekistan, Kirghistan and elsewhere.

Hacking Team had not responded to a request for comment on this story at time of publication. On Tuesday, a spokesperson for the company told the International Business Times: “We don’t have anything to hide about what we are doing and we don’t think that there is any evidence in this 400GB of data that we have violated any laws and I would even go so far as to argue that there is no evidence that we have behaved in anything but a completely ethical way.”

Top clients



According to the hacked files, Hacking Team’s top sales in recent years have come from governments and law enforcement agencies in these countries, in descending order of sales: Mexico, Italy, Morocco, Saudi Arabia, Chile, Hungary, Malaysia, UAE, the United States, Singapore, Kazakhstan, Sudan, Uzbekistan, Panama, Ethiopia, Egypt, Luxembourg, Czech Republic, South Korea, Mongolia, Vietnam, Spain, Ecuador, Oman, Switzerland, Thailand, Russia, Nigeria, Turkey, Cyprus, Honduras, Azerbaijan, Colombia, Poland and Bahrain.