Top Indian security agencies were secretly negotiating with Italian cyber-surveillance firm Hacking Team to procure software for intercepting communications through remote bugging of devices, reveals the purported internal Hacking Team e-mail exchanges released by WikiLeaks on Thursday.
The emails are part of the 440-gigabyte internal data stolen this week through a major cyber attack on the firm, a major portion of which has been made public.
Of the one million e-mails, 3,000 pertain to the firm’s Indian-centric activities beginning August 2011. The communication chain reveals details of the company’s dealings with the Research & Analysis Wing, Intelligence Bureau and various State intelligence units.
E-mails reveal that the Hacking Team reaches out to the government allegedly via third party vendors that suggest requirement-based solution. The two prominent vendors in India — as per the email archives — are Israel-based NICE Systems and SEMCO, an industrial house in India.
Customers being addressed by SEMCO India in the e-mails include the Cabinet Secretariat and intelligence units in Delhi, Mumbai, Andhra Pradesh, Karnataka and Gujarat. In the past, Hacking Team representatives have been in touch with the police in Chennai, Hyderabad and Kolkata.
Following the October 2 Bardhaman blast in West Bengal last year, it reveals, the State police had made desperate attempts to contact the Hacking Team for its product Galileo.
The Hacking Team was mostly interested in pushing its flagship product Galileo, a platform-independent undetectable Remote Control System, that takes control of targeted devices and monitor them regardless of encryption and mobility.
The device can be infected by getting the user to browse a website or install an application on smartphone. Once infected, Galileo accesses all information, including Skype calls, Facebook, Twitter and WhatsApp, besides recording device location, files and screenshots.
The subsequent emails indicate that the Cabinet Secretariat and the Intelligence Bureau have been in regular touch with the Hacking Team representatives.
NICE Systems had in June 2013 organised a demo for an agency expecting a ‘one-click solution’ — wherein they could install a spying agent on the user’s phone by simply sending an SMS with a link to be clicked. However, the vendor required platform details and expressed inability in executing the solution in feature phones.
