Revealed: The true extent of Hacking Team contacts across Europe.

4 min readJul 7, 2015


A map of EMEA countries where Hacking Team had contact with governments.


Relationships with Hacking Team, like in other EU countries, started in 2010 and lasted to this day. And once again the catalyst for contact was ISS, the “Lawful interception” conference held in Prague every year.

Exanovis ceased its activities in 2013 and their website only mentions the following:

Dear customers, partners and friends
Since 9th of December 2013, Exanovis AG has stopped its business. The company Exanovis AG and its employees thank you for your loyalty and relationship during the past 11 years. We wish you all the best.

They were part of a failed and albeit costly attempt at modernizing the Swiss Monitoring Capabilities, “Interception System Schweiz” (ISS), as they represented the Danish consortium ETI, (Acquired by BAE Systems in 2011 ) which was awarded the €18m contract. (link)

Other customers approached the company, such as one of Switzerland’s Province Police Service (“Police de sûreté” ) in Lausanne :

Exanovis makes contact again in April 2012, where meeting HT at ISS Prague is on the table, as well as a visit to Italy in June:

But there is confusion as to what ISS might mean, and the Italians are confused:

Can you please explain me what do you mean exactly when you say “We are entitled by the ISS project to discuss your solutions and possible business in Switzerland with your company”
What is this ISS project you are talking about?

Massimiliano Luppi
Key Account Manager
HT srl

The federal authorities had investigated the “Interception System Schweiz” (ISS) in 2012 and everything points to Exanovis being exanorated (in its relationship with ETI ) and now in charge of the project:

Further meetings take place and proposals are forwarded:

But this would be the last email exchanged with Exanovis…

State Police make a request in 2013 and HT travels to Zurich for a demo

An email with location for a meeting in Dec 2013

Da: Alessandro Scarafile []
Inviato: giovedì 19 dicembre 2013 11:16
Oggetto: Switzerland POC Report

Here below some brief technical information about POC performed in Zurich on 17–18 December.

Day 1 (December 17)

- Comprehensive RCS Console analysis
- Windows 7 Ultimate 32bit : Silent Installer infection
- Mac OSX Snow Leopard : Silent Installer infection

Day 2 (December 18)

- Windows 7 Ultimate 32bit : Silent Installer infection
- Mac OSX Snow Leopard : Silent Installer infection
- Linux Ubuntu 12.04 : Silent Installer infection
- Windows 8 Pro 64bit : Offline Installation (USB) infection
- Android Samsung Galaxy S2 : QR Code infection
- iPhone 5 : Installation Package (SSH over Wi-Fi) infection
- Android Sony Xperia : Web Link infection

7 devices, 9 infections. All the target devices (except the iPhone 5) were directly provided by the customer.

All the infections were done successfully and with zero problems. The 2 Windows Silent Installer infections have been correctly managed in Scout/Elite mode.

Particularly, the infection on Android Samsung Galaxy S2 directly rooted the phone, allowing the customer to immediately test and retrieve data like screenshots, WhatsApp Messenger chats and phone audio calls.

Single gap, the inability to retrieve Device and Chat modules on Mac, due to Snow Leopard issues within RCS 9.1.3. I already spoke with Massimo this morning and it has been confirmed that these problems have already been solved in the 9.1.4 release.


Alessandro Scarafile
Field Application Engineer

Once again, the email thread dies off, but an invoice reveals a RCS (Remote Control System ) was purchased for half a million Euro:

More on this story:

Revealed: The true extent of Hacking Team contacts across Europe.

Read part 1-UK-France-Ireland
Read part 3-Iraqi Kurdistan via Luxembourg
Read part 4-Cyprus
Read part 5-Balkans