For Arab Human Rights Defenders, Hacking Team Files Confirm Suspicions of State Surveillance · Global Voices
Abir Ghattas

Cartoon by Doaa Eladl, via Cartoon Movement.
Human rights advocates across the Arab world are combing through the troves of data uncovered in last Sunday's massive hack of the controversial Italian security and surveillance technology firm Hacking Team.
Hacking Team's notorious “Remote Control System” has been used by oppressive regimes in Saudi Arabia, Bahrain, Sudan, UAE, Oman, Morocco and Egypt to surveil and intimidate political opponents, human rights advocates, journalists, and digital activists. The Remote Control System is a pernicious form of surveillance technology that enables the attacker, usually a government entity, to infiltrate and control the device of the target. It can copy files from a computer’s hard disk, record Skype calls, e-mails, instant messages, passwords typed into a web browser, and even turn on and eavesdrop via a computer's webcam.
Hacking Team technologies have become so prevalent in this realm that the company was named an “Internet Enemy” by Reporters Without Borders in 2012. Working with activists who have been targeted by governments using Hacking Team products, the University of Toronto's Citizen Lab has undertaken large scale technical research to better understand the systems used by Hacking Team and other major surveillance technology providers. Their research can be found here.
The company's official Twitter account, that was also hacked, pointed to the torrent file of more than 400 gigabytes of internal data: Emails, bills, client lists, source code, contracts and even personal WhatsApp backups. The documents are also available on Transparency Toolkit and the emails are available on Wikileaks [updated July 15, 2015].
It remains unclear who hacked Hacking Team. An individual known as “Phineas Fisher”, who claimed to have hacked into the systems of Gamma, a UK and Germany-based major surveillance technology company, has claimed responsibility for the attack, but this is difficult to verify.
Screenshot of Hacking Team tweet linking to the 400GB of leaked data.
Shortly after information from the hack became public, several security experts and journalists started posting Hacking Team's lengthy client list, internal communications records, and some invoices. Among the international clients, several Arab states have apparently used the services of Hacking Team.
Cairo-based digital rights activist Ramy Raoof tweeted to his 111K followers documents revealing that GNSE Egypt, a prominent e-business firm in the region, appears to have negotiated the purchase of Hacking Team software:
from the #HackingTeam Leaks: invoice to #Egypt – 58,000 EURO – January 2012. pic.twitter.com/pgSJOwUwQq
— Ramy Raoof (@RamyRaoof) July 6, 2015
GNSE the man-in-the-middle company in #HackingTeam deal with #Egypt intelligence. Contacts http://t.co/BugJeepS4C – http://t.co/YExcAOWbDn — Ramy Raoof (@RamyRaoof) July 6, 2015
Raoof pointed out that the hack proved what the activists in the region knew all along:
rights groups knew #Egypt using #HackingTeam spyware since 2012; Sunday's hack just proved it http://t.co/UiqP2z9ZQl
— Ramy Raoof (@RamyRaoof) July 7, 2015
Advocates in Morocco have had similar reactions. In 2012, citizen media group and Global Voices partner Mamfakinch was the target of an attack using Hacking Team's Remote Control System. When they received an email that appeared to contain a story tip, unsuspecting members of the group opened a document attached to the email and their computers were instantly taken over by the system. Sunday's revelations confirm that they had learned some years prior, after investigating the incident with the help of digital security experts.
Human rights defender and digital security consultant Mohammed Al-Maskati tweeted to his 89K followers that Bahrain bought several spy software products from Hacking Team.
البحرين اشترت برامج تجسس و تنصت من شركة @hackingteam ، بحسب ما كشفت عنها الوثائق و اخر صيانة كانت منذ فترة بسيطة #bahrain — Mohammed Al-Maskati (@MohdMaskati) July 6, 2015
Bahrain purchased several spywares from @Hackingteam and as per the leaked documents, the last maintenance happened not so back ago.
2-برامج التجسس من @hackingteam تستطيع التنصت على المحادثات في برنامج Skype و نسخ الملفات و تشغيل الكاميرا -يتبع #bahrain
— Mohammed Al-Maskati (@MohdMaskati) July 6, 2015
2- The @hackingteam spyware can breach encrypted files and emails, Skype and other Voice over IP or chat communication, copy local files and turn on the device camera.
3-و ايضا تستطيع تسجيل كل ما يتم ادخاله عن طريق الكيبورد keyboard و هذا يشمل الباسوورد و المعلومات الحساسة و غيرها #bahrain — Mohammed Al-Maskati (@MohdMaskati) July 6, 2015
The spyware can also log every keystroke, which will include sensitive information and passwords.
One invoice from the files shows the purchase of a “Remote Control System” for a total of €210K by an entity called “Midworld Pro” located in Dubai, UAE. A file name associated with the invoice reads “Midworld Pro – Bahrain”. Separate documentation indicates that the government of Bahrain purchased €210K worth of services and products from Hacking Team, suggesting that this purchase was likely routed to Bahrain through the UAE.
MidWorld Pro invoice – Obtained from the leaked documents.
Along with Egypt and Bahrain, documents also revealed that the Lebanese Army purchased Hacking Team's Remote Control System, along with other equipment. It appears that the government spent over one million Euros on their products.
Lebanese Army Galileo Invoice
Lebanese Army Hardware Invoice
Lebanese Army Hardware Invoice (2)
Lebanese journalist Mahmoud Ghazayel tweeted that he was blocked by the official Lebanese Army account on Twitter after inquiring about the Hacking Team leaked files.
I just got blocked by @LebarmyOfficial after trying to get their opinion about this matter #IsHackingTeamAwakeYet pic.twitter.com/ohfxypKqHp — محمود غزيّل (@ghazayel) July 6, 2015
The leaked documents also revealed that Hacking Team sold to Sudan. EFF's Eva Galperin tweeted:
Hacking Team never sold to Sudan? Here's the instructions for the 480,000 Euro wire transfer. cc @hackingteam pic.twitter.com/JqexHpvb3s — Eva (@evacide) July 6, 2015
In the leaked ClientList_Renewal.xls, Hacking Team noted that Sudan is “not officially supported”. Russia was also listed as such. The documents also reveal several communications between the company and the United Nations Security Council Committee regarding the use of a Remote Control System within Sudan. Hacking Team's Remote Control System appears to have stood in violation of a 2005 resolution (1591) that placed an arms embargo on the country.
To learn more about the global reach of Hacking Team's products, see Matthew Stender's interactive map visualizing all Hacking Team clients:
Follow @RamyRaoof, @MohdMaskati, @Gharbeia and @simsimt for more information and commentary on this unfolding story.