!

Hacking Solution for Governmental Interception

End User Questionnaire
Product: Remote Control System Galileo
This questionnaire has been created to better understand your technical and operational needs regarding the
Hacking Interception Solution.
Your organizations name: _________________________________________________
Contact details of the leader of this initiative
Name: _____________________________________________________
Email address: ___________________________________________________
Your organizations profile:
! Law Enforcement Agency
! Anti Corruption
! Anti Narcotics
! Anti Fraud
! Anti Terrorism
! Judicial Police
! Criminal Police
! Organized Crimes
! Other: ______________________

! Intelligence
! National Security
! Counter intelligence
! Military Intelligence
! Other: ______________________

Your Use Cases:

!
!
!
!
!
!

VoIP interception
Chat interception
Social network
Mail/Messages
Web browsing
Document capture

!
!
!
!
!
!
!

Key logger
Positioning/Tracking
Microphone activation
Camera Activation
Target Profiling
Intelligence (Data Correlation)
Other: _____________________________________

Your Targets profiles:

!
!
!
!
!
!

Known targets (Internal operations)

Unknown targets
Reachable targets
Traveller targets
Social targets
High skilled targets

Confidential

1/3

Your Target devices

"

PC/Laptops
! Windows
! MacOS
! Linux

" Mobile/Tablets
! Android Phone or Tablet
! iOS (iPhone/iPad)
! BlackBerry
! Windows Phone

Most used Targets Social Applications:

!
!
!
!

Facebook
Twitter
Skype
Whatsapp

!
!
!
!

Wechat
Line
Telegram
Other_______________________

Attack scenarios:
Question
Can you gain physical access to target devices (i.e., at his
home, office, at the border, etc.)?

Answer
Please explain as needed.

Can you be physically close to target (i.e., in the same

hotel, airport, restaurant, coffee-shop or house)?
Please describe the type of information you can know
about your targets (i.e., email, phone number, device type,
etc.)?
Can you have cooperation with an Internet Service
Provider (ISP)?

Confidential

2/3

Your Project

Question

1.

Do you have an approved budget for this project?

What is the estimation?

2.

Please describe the specific requirements of this

project.

3.

Desired date to begin the project (kick-off).

4.

Desired date to have the solution up and running for

production of data

5.

How many target/devices you might want to

monitor simultaneously?
(50, 100, 500, 1000)

6.

Please describe your internal organization:.

7.

Hacking Teams solution consists in software only.

Who will be responsible to supply hardware
equipment: servers, switch, firewall, etc.?

8.

Would you share with us what type of Monitoring

Center you currently run?

9.

Explain your experience with other hacking solutions

or Trojan technologies.

10.

Explain your experience using exploits or dealing

with exploit markets.

11.

Explain your experience in using Social Engineering

or tools for Social Engineering.

12.

What IT security training does your team have and

what does the team require?

13.

Please explain what you desire to see in a

demonstration or in a Proof-of Concept.

14.

Please explain if the project requires a public tender,

if it is a direct acquisition, if you prefer a
local/business partner, etc.

15.

Expected duration of the acquisition process at your

organization.

Answer
Please explain as needed.

Users:
Analysts:
IT Security skilled:
Tactical units:
Other information:

Please provide any other information that will help Hacking Team completely understand the project or
potential project and any limitations or special circumstance you foresee in executing the project.
Confidential

3/3

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have
been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete
the image and then insert it again.

Custom er Policy
Since we founded Hacking Team, we have understood the power of our software in law enforcement and intelligence
investigations. We also understand the potential for abuse of the surveillance technologies that we produce, and so we
take a number of precautions to limit the potential for that abuse.
We provide our software only to governments or government agencies. We do not sell products to individuals or private
businesses. We do not sell products to governments or to countries blacklisted by the U.S., E.U., U.N., NATO or ASEAN.
We review potential customers before a sale to determine whether or not there is objective evidence or credible
concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations. We
fully comply with dual use and export controls called for in the nineteenth plenary meeting of the Wassenaar
Arrangement.
Moreover, in HT contracts, we require customers to abide by applicable law. We reserve the right in our contracts to
suspend support for our software if we find terms of our contracts are violated. If we suspend support for HT
technology, the product soon becomes useless.
We will refuse to provide or we will stop supporting our technologies to governments or government agencies that:
We believe have used HT technology to facilitate gross human rights abuses.
Who refuse to agree to or comply with provisions in our contracts that describe intended use of HT software,
or who refuse to sign contracts that include requirements that HT software be used lawfully.
Who refuse to accept auditing features built into HT software that allow administrators to monitor how the
system is being used.
HT policies and procedures are consistent with the U.S. Know Your Customer guidelines. We conduct ongoing
employee training to assure that employees know and understand the provisions of these guidelines.
Should we discover red flags described in these guidelines while negotiating a sale, we will conduct a detailed inquiry
into the matter and raise the issue with the potential customer. If the red flags cannot be reasonably explained or
justified, we may suspend the transaction.
Our review will include:
Statements made by the potential customer either to HT or elsewhere that reflect the potential for abuse.
The potential customer's laws, regulations and practices regarding surveillance including due process
requirements.
Credible government or non-government reports reflecting that a potential customer could use surveillance
technologies to facilitate human rights abuses.
Hacking Team encourages anyone with information about apparent misuse or abuse of our systems and solutions to
promptly report that information to us at info@hackingteam.com.
Hacking Team has established a process of monitoring news media, activist community blogs and other Internet
communication, and other available sources for expressed concerns about human rights abuses by customers or
potential customers. Should questions be raised about the possible abuse of HT software in human rights cases, HT
will investigate to determine the facts to the extent possible. If we believe one of our customers may be involved in an
abuse of HT software, we will contact the customer as part of this investigation. Based on the results of such an
investigation, HT will take appropriate action.

Copyright - HT S.r.l. - Via della Moscova, 13 20121 Milano - Tel: +39.02.29060603 Fax: +39.02.63118946 - e-mail: info@hackingteam.com

Remote Control System

N.d.A. - Non disclosure Agreement

NON DISCLOSURE AGREEMENT

In order to protect certain confidential information which may be
disclosed
between them, H.T. S.r.l. (HT) and the company identified below,
(Company or Partner) agree to the following terms and conditions
to cover disclosure of the Confidential Information described below:
1.

Effective Date: This Agreement shall become effective as of the

earlier of the first communication of Confidential Information
by either party to the other, or execution by both parties.

2.

Discloser and Recipient: Each party may disclose to the other

information it considers proprietary and confidential. As used
herein, the party disclosing Confidential Information is the
"Discloser" and the party receiving the Confidential
Information is the "Recipient".

3.

Duration of Obligations: Disclosures will occur under this

Agreement beginning on the Effective Date and ending twelve
(12) months thereafter and a Recipients obligations under this
Agreement expire five (5) years after the end of such disclosure
period. Notwithstanding the foregoing, the Recipients duty to
hold in confidence Confidential Information that was disclosed
during term shall remain in effect until such Confidential
Information is no longer to be considered as Confidential
Information as stated herein.

4.

Description of the Confidential Information: The term

Confidential Information as used herein shall mean any and
all proprietary information that is disclosed by Discloser to
Recipient, including, but not limited to, matters of a technical
nature such as trade secret processes or devices, techniques,
data, formulas, inventions (whether or not patentable),
specifications and characteristics of products planned or being
developed, and research subjects, methods and results;
matters of a business nature such as information about costs,
margins, pricing policies, markets, sales, suppliers, customers,
product plans and marketing plans or strategies; and other
information of a similar nature that is not generally disclosed
by Discloser to the public. Confidential Information shall
expressly include any and all information derived from the
Confidential Information.
Recipients obligations hereunder shall only extend to
Confidential Information that relates to the purpose stated in
Paragraph 5, or that although not related to such purpose, is
nevertheless disclosed as a result of the parties discussions.
Confidential Information may be disclosed in written or other
tangible form (including on magnetic media) or by oral, visual
or other means.

5.

6.

No license granted/Return or destruction of information:

Neither party acquires any intellectual property rights under
this Agreement except the limited right necessary to carry out
the purposes set forth in paragraph 5 above. All Confidential
Information shall remain the property of the Discloser. At
Disclosers written request, Recipient will either destroy and
certify such destruction or promptly return to Discloser any
recording containing Confidential Information from computers
or from any other electronic or paper support/device, that are
in Recipients possession or kept or controlled by Recipient
and/or by any other person or body which came into the
possession of such documents from Recipient, in accordance
with the provisions of this Agreement..

7.

Restriction on copying: Recipient shall not, without the express

prior written consent of the Discloser, exploit or make use,
directly or indirectly, and/or copy, duplicate or reproduce such
Confidential Information, for any other purpose other than the
purpose defined under paragraph 5 above; unless Recipient
obtains Disclosers written permission prior thereto. Any such
permitted copies will be considered, in any case, as a
Confidential Information.

8.

Restriction on disclosure: Except as may be authorized by

Discloser in writing, Recipient (a) will not disclose Confidential
Information to any person who is not a party to this
Agreement; (b) shall not use any Confidential Information to
compete or obtain any competitive or other advantage with
respect to the Discloser. (c) limit dissemination of Confidential
Information only to its employees who clearly have a need-toknow such Confidential Information, and then only to the
extent of such need-to-know for of the purpose under
paragraph 5; and (d), before disseminating Confidential
Information to Recipients employees, (i) to communicate in
writing to Discloser the names of such employees, and (ii) to
have an appropriate written agreement with its employees
enabling them to comply with all of the provisions of this
Agreement, to be also notified to Discloser before
disseminating Confidential Information.

9.

Standard of care: Recipient shall protect Disclosers

Confidential Information by using the same degree of care, but
no less than a reasonable degree of care, to prevent the
unauthorized use, dissemination, or publication of the
Confidential Information as Recipient uses to protect its own
Confidential Information of a like nature.

10.

Exclusions: This Agreement imposes no obligation upon

Recipient with respect to information that (a) is or becomes a
part of the public domain without breach of this Agreement;
(b) was in Recipients possession before receipt from Discloser;
(c) is received in good faith by Recipient from a third party
without a duty of confidentiality; (d) is disclosed by Discloser to
a third party without restrictions similar to those contained

Use of Confidential Information: Recipient shall make use of

the Confidential Information only for the following purpose:
Product evaluation and/or for exploring a business relationship
between the Discloser and the Recipient

-2HT S.r.l.
Headquarters: Via della Moscova, 13 20121 Milano
Tel: +39.02.29060603 Fax: +39.02.63118946
e-mail: info@hackingteam.it web: http://www.hackingteam.it
P.IVA: 03924730967 Capitale Sociale: 223.572,00 i.v.
N Reg. Imprese / CF 03924730967 N R.E.A. 1712545

HT_NDA_1.1

herein; or (e) has been independently developed by

employees, consultants or agents of the Recipient without
violation of the terms of this Agreement or reference or access
to any Confidential Information.
11.

or unenforceable, such determination that shall not affect the

validity or enforceability of any other term or provision.

Court orders: Confidential Information disclosed in response to

a valid order of a court or other governmental body to the
extent of and for the purpose of such order, does not represent
breach of this Agreement; provided, however, that Recipient
uses reasonable efforts to limit disclosure to the greatest
extent reasonably possible under the circumstances. and that
Recipient shall first notify Discloser of the order and permit
Discloser to seek an appropriate protective order or other
appropriate remedy against the disclosure.

12.

Right to proceed with technology: This Agreement does not

restrict either party from developing, improving or marketing
any products or services provided, however, that such activities
are not in breach of this Agreement.

13.

Warranties: Each Discloser warrants to Recipient that it has the

right to make the disclosures covered by this Agreement.
However, notwithstanding any language to the contrary,
the parties are not obligated to disclose any particular
information to the other party. Any Confidential Information
provided hereunder is on an AS IS basis with no warranties,
implied or otherwise, including those of merchantability or
fitness for a particular purpose.

14.

15.

Term of Agreement and survival clause: Either party may

terminate this Agreement by giving the other party written
notice thereof at least thirty (30) days prior to the effective
date thereof. However, the obligations of this Agreement shall
survive termination or expiration for the period described in
paragraph 3.

16.

Notice of Breach: Recipient shall notify the Discloser

immediately upon discovery of any unauthorized use or
disclosure of Confidential Information by Recipient, or any
other breach of this Agreement by Recipient, and will
cooperate with efforts by the Discloser to help the Discloser
regain possession of Confidential Information and prevent its
further unauthorized use.

17.

Governing Law and jurisdiction: This Agreement shall be

governed by and construed under the laws of Italy. Any dispute
arising out or in connection with this Contract, including any
question regarding its existence, validity or termination, shall
be submitted to and finally settled by a panel of three
arbitrators under the rules of the Arbitration Regulation of the
Milan Chamber of National and International Arbitration, that
the parties declare to be aware of. The arbitration shall be held
in Milan and the language shall be English. The Arbitrators will
decide according to the rules of the international arbitration
set forth in the Italian Code of Civil Procedure.

18.

Injunctive Relief: The parties acknowledge that monetary

damages may not be a sufficient remedy for unauthorized
disclosure of Confidential Information and that either party
may seek injunctive and preliminary relief to remedy any actual
or threatened unauthorized use or disclosure of the
Confidential Information, without requiring the posting of any
bond or other security, in addition to any other damages that
can be demonstrated.

19.

Amendments: This Agreement shall constitute the full and

entire agreement between the parties with respect to the
confidentiality and non-disclosure of the Confidential
Information and shall supersede any and all prior or
contemporaneous agreements and understandings relating
thereto. No change, modification, or addition to any provision
of this Agreement shall be binding unless made in writing and
executed by the duly authorized representatives of both
Parties. This Agreement may not be assigned by either party
without the consent of the other party.

Severability: If a competent court holds that (i) any of the

provisions contained in this Agreement is for any reason
excessively broad with regard to time, geographic scope or
activity, that provision shall be construed in a manner to
enable it to be enforced to the maximum extent compatible
with applicable law; (ii) any provision in this Agreement is void

IN WITNESS WHEREOF, this Non-Disclosure Agreement has been signed by the duly authorized representatives of
the parties hereto in two (2) identical copies.
HT S.r.l.:

Company

By:

________________________

By:

_______________________

Title:

_________________________

Title:

_______________________

Signed:

_________________________

Signed:

_________________________

Date:

_________________________

Date:

_________________________

-3HT S.r.l.
Headquarters: Via della Moscova, 13 20121 Milano
Tel: +39.02.29060603 Fax: +39.02.63118946
e-mail: info@hackingteam.it web: http://www.hackingteam.it
P.IVA: 03924730967 Capitale Sociale: 223.572,00 i.v.
N Reg. Imprese / CF 03924730967 N R.E.A. 1712545

HT_NDA_1.1