Andhra Pradesh Intelligence wing bought hacking tools
The emails also revealed that talks were held for another deal in 2014
Hyderabad: The intelligence wing of undivided AP police was a customer of Italian malware giant Hacking Team since 2011. Company officials conducted a demo for the police in Hyderabad on March 11, 2011 and clinched a deal on March 14, 2011.
The intelligence department had mass surveillance tools which can intercept phones, computers, mails, social networking profiles and track the exact location of any person regardless of his profile.
The emails also revealed that talks were held for another deal in 2014. The expensive equipments is suspected to have gone to Telangana police and due to this AP police tried to buy them again in June this year.
The internal conversation of Hacking Team officials showed that police forces from Hyderabad and Chennai were the first customers from India. It took another two years for other police forces to become customers of the firm.
The leaked emails indicated that a team from Hyderabad had visited an expo in Dubai in February 2011 and established contact with Hacking Team. After the meet, an official named Shiva Kumar from the Intelligence department contacted Hacking Team official Marco Bettini via email.
And both parties had a series of email conversations with subject ‘Visit to Hyderabad’ between February 25 and 27, 2011. Later, for another deal on February 26, 2014 a middleman named Anupam Tripathi, who was general manager of SEMCO, sent an email to Hacking Team attaching the authorisation letter from AP police indicating the company will pursue the deal for the police department.
In the 2011 emails (subject: Visit to Hyderabad), Mr Bettini thanked officials for visiting Dubai Expo and stated, "Referring to our converstaion I am pleased to confirm our availability for a demo at your premises on March 11, 2011. I will inform you soon about arrival and departure to decide the time of the meeting. I also want an Internet leased line and a high resolution projector.”
In the second mail Bettini said, "I'd like to inform you about the trip details: We would arrive in Hyderabad on Thursday March 10 in the evening and depart for New Delhi on Friday the 11th at 4.25 p.m. Since our presentation will take about three hours I would like to suggest to start the meeting at 10 am and finish at 1 pm. We will stay at Marriott on Tank Bund Road. Is it close to your office?"
The leaked email showed that the intelligence official replying them stating the department had done all arrangements for the demo. "It is nice to see mail from you. We were impressed by your applications. We are more interested in infecting mail IDs and mobiles, a kind of Botnet applications. I can send mail in detail about needs of our organisation tomorrow. I suggest Grand Kakatiya Hotel which is a 5-star hotel nearer to my organisation. I look forward to your mail. We will make all arrangements for your presentation and demo," the intelligence official said in the mail.
Malware can trap innocents
The mass surveillance tools provided by Hacking Team not only includes ‘lawful interception’ but a wide range of unethical means too, since it has the capability to snoop on each and every citizen, experts say.
The company’s association with several governments and the tools they provide were already controversial as they can lead to the gross violation of privacy and constitutional rights of citizens.
A former employee of Hacking Team, Mr Claudio Agosti, says that apart from surveillance, the malwares produced by Hacking Team can also be used to trap innocent people by planting fabricated evidence in their computers or phones.
Another dangerous side of the company malware is that the Hacking Team can leak information about the police or any other customers because they might have control over all information collected through their tools.
“A feature of the malware called ‘evidence planter’ can be used to plant evidence and remove traces on a victim’s device,” says Mr Agosti, who is now a privacy activist.
Another feature named ‘kill switch’ gives an agent the ability to shut down a setup made for a customer. This means that if a customer violates their license, Hacking Team can interrupt the service.
The malware customers certainly do not know if this feature is used. Imagine the consequences of a private company having more control over software and data that the state uses than the state itself," says Mr Agosti.
"Another feature 'backdoor' is a technical modification of the software, with which Hacking Team developers can disable data collection or get access to customers," he adds.
In an email leaked by Wikileaks Hacking Team claims, "Remote Control System (RCS) can monitor all modern smart phones: Android, iOS, Blackberry, Windows phone.
Once a target is infected, you can access all the information, including Skype calls, Facebook, Twitter, WhatsApp, Line, Viber and many more like device location, files, screenshots, microphone, virtual currencies and much more."
Experts say since these tools allow intelligence agencies to get a full picture of the citizen's life.
Misuse may lead to danger
When government agencies misuse surveillance technology for political gains it leads to several risks.
The secrets of intelligence departments get exposed and that harms anti-terror operations, experts say.
With surveillance equipments provided by Hacking Team even the most protected networks and encrypted communications can be snooped on. No person including ministers or top bureaucrats can escape surveillance.
“With such tools an agency can tap the phones and computers of anyone, including chief ministers. That’s why there is a suspicion that the AP CM’s phone was tapped,” says S. Anoop, an IT security expert from Gachibowli.
AP Chief Minister Naidu had lodged a petition with Governor Narasimhan saying that the TS government had tapped his telephone. As per law hacking into others' devices is an offence. However, intelligence agencies are allowed to do it by the state for security sake.
The police units do seek permission to legally intercept phones regularly as part of intelligence gathering.