Revealed: The true extent of Hacking Team contacts across Europe.

Data-Source
9 min readJul 7, 2015

PART1
UK, FRANCE, IRELAND

Breach on cybersecurity firm unveils vast network of contracts, at the heart of Europe and covering most countries.

Sudan, Ethiopia, U.A.E, Bahrain, Uzbekistan… So far all the countries that the company said it wasn’t selling its systems to proved to be among its biggest customers.

This is what Eric Rabe, their US spokeperson, had to say about it in 2013:

On the issue of repressive regimes, Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the E.U., the U.S.A., NATO and similar international organizations or any “repressive” regime. Furthermore, we have created an external board to review potential HT sales, and this board has a veto over sales it deems illegal or unwise. We also go to some lengths to monitor reports of use of our software in ways that might be inappropriate or illegal. When we find reports of such issues, we conduct an investigation to determine if action is needed. Under the terms of our contracts with clients, we have the authority to suspend support for the software that is used illegally, making it ineffective.

But we discovered it had all but stonewalled a United Nations investigation into its contracts with Sudan

And that revenue streams were closely related to sales to many of these repressive regimes:

EU Countries are involved too.

While only a handful of EU countries appear on the list of customers above, many Intelligence Services were engaged in talks with the company, hosted demonstrations at home or traveled to Italy for further talks, until very recently.

FRANCE

A demo was organised on Sept 12th 2014, after an initial meeting one year prior:

They discussed purchasing Hacking Team’s Galileo system
(previously called DaVinci )

Date: Fri, 29 Aug 2014 09:32:56 +0100
Subject: Re: MOD France
From: Marco Bettini <m.bettini@hackingteam.com>
To: Brian Groom <bgroom@kcsgroup.com>

Of course, new modules (like Intelligence, translation) and new platforms will be offered separately based on the configuration chosen.

Estimated price reserved to you for new modules are:
- Intelligence module from Euro 50k to 90k depending on the configuration
- Translation module (three languages) Euro 110k
- New platforms (operating systems) Euro 35k each

New demonstrations are planned for September 2014, at the Novotel Paris Charles de Gaulle Terminal - Roissy pôle:

Date: Fri, 29 Aug 2014 11:29:17 +0100
Subject: Re: MOD France
From: Marco Bettini <m.bettini@hackingteam.com>
To: Brian Groom <bgroom@kcsgroup.com>

Jean-Marc Delair just called HT saying my assistant that he wants to arrange the meeting on September 12.

And it seems the group’s capabilities were discussed internally within the French Ministry of Defence:

Da: Brian Groom [mailto:bgroom@kcsgroup.com]
Inviato: Monday, August 25, 2014 02:33 PM
A: Marco Bettini <m.bettini@hackingteam.it>
Oggetto: RE: MOD FranceGood afternoon, Marco: I trust you are keeping well.

It appears that another department within the French Government have received a summary presentation of the Galileo system within the last couple of days and that there is a genuine and quite serious interest in this HT product.

There is now a request for an overall demonstration of all of the facilities within Galileo in the first half of September in Paris (at the same place as the original Da Vinci demonstration.) Can you offers any dates, please, to fit their requested timescales?

There are many emails between Sept 2014 and April 2015, apparently the MOD is quite anxious that the software contains no backdoor (which since these revelations arised has been proven to be the case ) and requested a source code walkthrough.

Finally, another meeting takes place on April 2nd 2015:

Another visit is planned, but this time things get serious, French Defense personnel are to travel to Italy:

Date: 7 avril 2015 16:58:46 UTC+2
De: GENTIL Benoit <benoit.gentil@sagic.fr>
À: Philippe Vinci <p.vinci@hackingteam.com>

Objet: Rép : Dates pour la visite à Milan ?

est-ce que cela serait possible d’organiser une démonstration semaine 21 c’est à dire entre le 18 et 22 mai?

Cordialement.
Benoît Gentil

The climate has changed in France, after gunmen killed 17 people in Paris and new anti-terror laws are to be introduced:

Date: Wed, 08 Apr 2015 13:20:50 +0100
Subject: Fwd: Dates pour la visite =?ISO-8859–1?B?4A==?= Milan ?
From: Philippe Vinci <p.vinci@hackingteam.com>
To: Alessandro Scarafile <a.scarafile@hackingteam.com>

Hi Alessandro,

I would like to ask you if a FAE could be available during the week of May 18 to make a complete product presentation and demo to a French prospect, GIC (Groupement Interministériel de Contrôle)
http://fr.wikipedia.org/wiki/Groupement_interministériel_de_contrôle

GIC is today in charge of administrative interception directly under the French Prime Minister…which means non-judicial interception…mainly for prevention, anti-terrorist interception, etc…

As an example, they are the one operating mediation platform such as AQSACOM for the rest of the Law Enforcement agencies in France. They are technical people, but they don’t have today any knowledge (that I know) on offensive solution.
They want to prepare themselves to the change of regulations that will certainly take place in France allowing Hacking interception soon for those matters as anti-terrorism.

There are no more emails after April 2015, but it is safe to say that the French government was clearly intent on buying “offensive” interception solutions from Hacking Team.

But what is perhaps most worrying of all, is top French government officials using yahoo addresses…

IRELAND

Read story

UK

No financial information has so far emerged from the trove of leaked data, and the country is not listed as a customer.
But it has been very active, since 2011:

Date: Tue, 08 Mar 2011 16:44:23 +0100
Subject: Could you contact me to discuss your product?
From: Keith <keith@covertnetworkassociates.co.uk>
To: <m.luppi@hackingteam.it>

Sir,

I have been speaking to a colleague of mine from our time in the Metropolitan Police New Scotland Yard.

He told me that he attended a presentation when your product was demonstrated, he informed me that he was very impressed by it, (and he is not easy to impress) and suggested it might be something that may be of interest to some of the people I deal with in the law enforcement, security service and intelligence community.

-Further arrangements are made for a demo in London:

Date: Tue, 10 May 2011 11:47:08 +0100
Subject: RE: Re June 7th
From: Keith <keith@covertnetworkassociates.co.uk>
To: ‘Massimiliano Luppi’ <m.luppi@hackingteam.it>Massimiliano,

Good morning from a sunny UK.

1) Those possibly attending will come from Met Police, Home Office, Security Services, HMRC, (Customs and Excise) Serious and Organised Crime Agency and various other law enforcement and government agencies. It is anticipated that there will be around 25–40 people attending. The audience will consist of decision makers and more importantly technical people who will understand the product you are demonstrating.

2) The event will take place at a Metropolitan Police premises, Cobalt Square, 1 South Lambeth Road London SW8 1SU. The nearest underground station is Vauxhall on the Victoria line (light blue on the map). Vauxhall also has an over ground railway station. It is anticipated that you will need to be there around 12.30pm to enable you enough time to set up your presentation, the whole afternoon has been set aside for you.

“Individuals from various law enforcement and security agencies would like to take matter forward”

Date: Thu, 30 Jun 2011 18:50:37 +0100
Subject: RE: Training in the UK
From: Keith <keith@covertnetworkassociates.co.uk>
To: ‘Massimiliano Luppi’ <m.luppi@hackingteam.it>

I have spoken to a number of individuals from various law enforcement and security agencies to see if they would like to take matters forward, I am pleased to say that all those I have spoken to, on behalf of their respective organisations have expressed an interest in attending a training session in the UK with a view to then being able to evaluate the product in their own environment.

-Commissions?

Date: Mon, 19 Sep 2011 15:30:39 +0100
Subject: FW: Re Dates for UK
From: Keith <keith@covertnetworkassociates.co.uk>
To: <m.luppi@hackingteam.it>

I still need to understand what my arrangement with your company may be in the case of a successful sale to any of those I have been instrumental in introducing you too and would appreciate getting something formalised preferable before we confirm the date of you future visit.

Date: Fri, 23 Sep 2011 09:39:35 +0100
Subject: RE: The 27th October 2011
From: Keith <keith@covertnetworkassociates.co.uk>
To: ‘Massimiliano Luppi’ <m.luppi@hackingteam.it>

Massimiliano,

Can you confirm if you are available to make the 27th October in London.

I had a communication yesterday from the Met asking if they can bring another three departments with them for training and then evaluation of your system, this would mean at the moment you may have around 12 people from different law enforcement and security agencies who might be in attendance on the day.

-Commissions are again discussed in Sept 2011:

Date: Tue, 27 Sep 2011 13:40:27 +0100
Subject: RE: The 27th October 2011
From: Keith <keith@covertnetworkassociates.co.uk>
To: ‘Massimiliano Luppi’ <m.luppi@hackingteam.it>

Additionally I need clarification of what financial benefit I would be entitled to should any sales develop from my efforts to promote you and your company products

Prices were still not discussed in November 2011, nor commissions:

Additionally I know we have spoken about this on a number of occasions, but I also need in writing your proposal for my remuneration if any sales develop from the leads/contacts I have introduced to the Hacking Team.

May you send me by return both the cost of the system with a breakdown of what the costs relate to which I can forward to the potential customers. I appreciate you have numerous other calls on your time but, I feel that without being able to get this information back to those interested parties now may mean that I and you lose the opportunity to make sales in the UK now and in the future.

Dec 2011: The MET orders 5 licences

Date: Tue, 06 Dec 2011 19:53:23 +0100
Subject: Quote for 5 licences
From: <keith@covertnetworkassociates.co.uk>
To: Massimiliano Luppi <m.luppi@hackingteam.it>

Massimiliano, The Met have asked for a quote for 5 licences. Can you get
an official quote back to me by tomorrow afternoon please. Keith.
Sent from my BlackBerry® wireless device

Price Tag: €190,000

Keith I sent you the doc on yesterday. Didn’t you receive it?
I am just back from singapore, cannot send you the quote now.
Anyway. Price is 190.000.
Price valid for 2011.
Sw delivery in december, installation and training in January.

There’s a 18 months lapse in the emails, but it was due to lack in funding, and a new meeting is organised at London Metropolitan Police in June 2013:

And 6 months later the tender is made official:

Date: Fri, 20 Dec 2013 15:34:09 +0100
Subject: Invitation to Tender.
From: <Paul.Knapp@met.pnn.police.uk>
To: <m.luppi@hackingteam.com>

I write with reference to the discussions and meetings you have recently held with my colleagues from SCO11 based at Larkhall Lane.

I am pleased to now invite your organisation to submit a formal tender proposal for the supply, delivery and support of the requirement as detailed within the attached Statement of Requirement (SoR). The SoR has been Win-Zipped and password protected. On receipt of this email would you please email me immediately (paul.knapp@met.police.uk) to acknowledge receipt and confirm that it is your intention to submit a tender by the due date.

But restructuring at the MET and further delays never materialised in a purchase.

Here were the details of the proposal:

Last contacts were made by Hacker Team, still hoping to land a contract.

More on this story:

Revealed: The true extent of Hacking Team contacts across Europe.

Read part 2-Switzerland
Read part 3-Iraqi Kurdistan via Luxembourg
Read part 4-Cyprus
Read part 5-Balkans

--

--