For more than a year, the FBI has been complaining that the rise of encryption technologies will make its investigators “go dark” and help criminals get away.
Hacking Team, the infamous spyware vendor that was hacked earlier this year, is now pitching its products to help US law enforcement get around its encryption problem with hacking tools.
The company apparently thinks this whole hoopla around encryption is the perfect time to speak up. “Most [law enforcement agencies] in the US and abroad will become ‘blind,’ they will ‘go dark:’ they will be simply be [sic] unable to fight vicious phenomena such as terrorism,” Hacking Team’s CEO David Vincenzetti wrote in an email sent to a mailing list made of potential and current customers on October 19. “Only the private companies can help here, we are one of them.”
Vincenzetti went on to add, “It is crystal clear that the present American administration does not have the stomach to oppose the American IT conglomerates and to approve unpopular, yet totally necessary, regulations.” Hacking Team’s boss’ boasts come roughly four months after a mysterious hacker only known as PhineasFisher hacked into the company’s servers, leaking 400 GB of internal data, including emails, the company’s customers list. Most importantly, the hacker also leaked the source code underlying the company’s spyware suite, known as Remote Control System or RCS.
The leak sent Hacking Team into “full on emergency mode,” forcing it to ask its customers to shut off their systems. Since then, the company has been working on launching a new version of its software, RCS 10, security experts have learned. But it’s unclear when it’ll actually release it. Hacking Team did not respond to a request for comment. In the email sent to the mailing list, Vincenzetti confirmed that the company is now “finalizing brand new and totally unprecedented cyber investigation solutions, game changers, to say the least.”
In the meantime, after weeks of being unable to monitor their targets, some customers are back online, sources close to the company told. Vincenzetti’s pitch could also be seen as an attempt to come back into the US market. Hacking Team sold to the FBI and the Drug Enforcement Agency in the past, but both federal agencies are not customers anymore. The DEA cancelled its contract after using it only 17 times in three years, while the FBI let its license expire because it didn’t see RCS as a “must have,” as Hacking Team spokesperson Eric Rabe put it in an internal email.
The company also unsuccessfully pitched RCS to several local police departments in the US, despite the fact that some of them seemed to be eager to use it. While it might seem bizarre to make a pitch on a mailing list, a source with knowledge of the company told that the mailing list likely has several US government employees on it. To reach more people, especially potential customers, Vincenzetti collects business cards from people at the surveillance conference ISS World and adds their email adresses to the lists, the source said.
In fact, several unhappy subscribers asked Vincenzetti to be removed from the list, according to leaked emails. “Please remove me from your mailing list,” an agent at the Chandler Police Department said in an email to Vincenzetti in January of this year. “It was fun for awhile, but now you are to the point of being considered spam.” This email, on the other hand, is not spammy. It actually offers a glimpse into the embattled company’s aspirations, showing that despite the embarrassing hack, it’s not giving up. It remains to be seen if cops and spy are willing to give it a second chance.