(July 7): Leaked information online revealed that the Malaysian government was among the countries buying services from Milan-based hackers, Hacking Team, who have been selling software to repressive governments to spy on their citizens.
This was revealed after Hacking Team itself became the victim of a major hack over the weekend, where the leaked information, including its client list, was posted on its own Twitter feed.
According to a posting by Twitter user @obeselowlife on blogging website medium.com, Malaysian Intelligence and the Prime Minister's Office are clients of the Hacking Team.
The Malaysian Anti-Corruption Commission (MACC) was a former client but invoices uploaded by Twitter user @SynAckPwn showed that the contract with the anti-graft body had lapsed, the posting said.
The leaked invoices also indicated that the purchases were routed through a Malaysian surveillance tech reseller in Shah Alam – Miliserv Technologies.
One of the software purchased by the Malaysians was the Da Vinci remote control system, a “trojan horse” that tricks a victim into opening it, where after that, the software is able to track, eavesdrop, and download information from the victim’s infected device.
Da Vinci's capabilities include the ability to copy files from a computer’s hard disk, record Skype calls, emails, instant messages, and passwords typed into a web browser.
It is also able to turn on a device’s webcam and microphone to spy on the target.
According to British daily, The Guardian, privacy groups welcomed the hack into the spyware company, including Privacy International, which noted that the leaked materials showed how Hacking Team assisted some of the world's most repressive regimes to spy on their citizens, including Bahrain, Ethiopia and Sudan.
The group had also reportedly said the spyware tools had been used in the past to target human rights activists and pro-democracy supporters.
@obeselowlife said on medium.com it was puzzling why the PMO would be a customer of a blackhat software, adding that in the past, WikiLeaks had revealed the existence of a foreign intelligence unit in the PMO, publicly referred to as the Research Division.
"While Malaysians debated the aftermath of the Snowden scandal in 2013 and its repercussions for Malaysia, agencies in the Prime Minister’s Office had already established contracts to add intrusive spyware into its electronic arsenal,” it said in reference to Edward Snowden, a former CIA worker who leaked classified information from the National Security Agency in 2013.
"Deep electronic government domestic surveillance in Malaysia was likely already a fait accompli by the time the global debate on electronic surveillance raged in 2013," the posting said.
The Malaysian Insider is in the midst of contacting MACC and PMO for a response to the leaked information.
The Hacking Team, meanwhile, refused to comment when contacted by British newspaper The Guardian, which was directed to an email address, but emails were returned as undeliverable.
However, one of the company's employees, Christian Pozzi, had tweeted that the leaked documents contained “false lies” about the services the company offers.
“A lot of what the attackers are claiming regarding our company is not true. Please stop spreading false lies about the services we offer,” Pozzi had tweeted.
“We are currently working closely with the police at the moment. I can’t comment about the recent breach.”
But Pozzi's feed was later hacked, and after that, it was deleted altogether. – The Malaysian Insider
