By David Kushner

Illustrations by David Foldvari

FEAR
VIN
A
IS
MOG
OR

THIS MAN
DAVID
CENZETTI
BUILT
SPYWARE
EMPIRE.
THE ITALIAN
UL A CODE
BREAKER
AN ARMS
DEALER?

AS THE SUN ROSE OVER THE BANKS OF THE SEINE AND THE MEDIEVAL, HALFTIMBERED HOUSES OF ROUEN, FRANCE, ON JULY 13, 2012,

Hisham Almiraat opened his inbox to nd

Denunciation in the subject line of an
email. Please do not mention my name
or anything, wrote the sender, Imane. I
do not want any trouble.
The editor and co-founder of Mamfakinch, a pro-democracy website created in
Morocco during the Arab Spring, Almiraat
was one of his countrys most outspoken
dissidents and someone accustomed to
cryptic emails: Moroccan activists faced
jail time for their views and risked their
jobs, or even their lives, for speaking out
against their government. From Normandys capital city, where Almiraat was in
medical school, the bespectacled 36-yearold spent his timein between classes
and hospital shiftsmentoring, coaching,
and editing more than 40 citizen journalists. The group covered the roiling unrest
back in Almiraats homeland, where he

RORISTS. BUT THERE, ON MARQUIS

would soon return after completing his
studies. (Almiraat contributed to FOREIGN POLICY in 2011.)
Almiraat and his colleagues also trained
Mamfakinchs writers to use encryption
software, most notably the Onion Router,
so that their online activities remained
anonymous and shielded. Tor, as its
widely known, masks a users identity and
physical location. People were relying
on us to protect theirreputations, their
careers, and probably also their freedoms,
Almiraat says. All of that could be put in
jeopardy if that were made public. It was
precisely this forethought that had earned
Mamfakinch the Breaking Borders Award,
sponsored by Google and the citizen-media group Global Voices, for its eorts to
defend and promote freedom of speech
rights on the Internet.
But on that July morning, just 11 days
after receiving the award, Almiraat read
the message from Imane and knew something wasnt right. A website link directed
him to a document labeled Scandal,

30

MAY | JUNE 2016

which, once downloaded, was blank.

and notorious dealer in online spycraft:

His associates received the same note.

the Hacking Team.

Suspicious, Almiraat promptly for-

The Blackwater of surveillance, the

warded the email to an activist he knew,

Hacking Team is among the worlds few

who then sent it to Morgan Marquis-Boire,

dozen private contractors feeding a clan-

a dreadlocked, tattooed 32-year-old digital

destine, multibillion-dollar industry that

activist whod grown up hacking in New

arms the worlds law enforcement and

Zealand under the nickname Mayhem.

intelligence agencies with spyware. Com-

A top security researcher at Google, Mar-

prised of around 40 engineers and sales-

quis-Boire had made waves recently as a

people who peddle its goods to more than

volunteer detective for Citizen Lab, a tech-

40 nations, the Hacking Team epitomizes

nology research and human rights group at

what Reporters Without Borders, the inter-

the University of Toronto; he and several

national anti-censorship group, dubs the

colleagues had found evidence that sug-

era of digital mercenaries.

gested Bahrain was using surveillance soft-

The Italian companys toolsthe hack-

warea product intended for government

ing suite for governmental interception,

spying on suspected criminalsagainst

its website claimsare marketed for ght-

supporters of political reform.

ing criminals and terrorists. But there, on

After a month-long analysis of the Scan-

Marquis-Boires computer screen, was

dal le, Marquis-Boire contacted Almiraat

chilling proof that the Hacking Teams

with disturbing news: Anyone who had

software was also being used against dissi-

opened the document had been infected

dents. It was just the latest example of what

BOIRES COMPUTER SCREEN WAS PROOF THAT THE HACKING TEAM WAS EQUIPPING A REPRESSIVE REGIME.
with highly sophisticated spyware, which

Marquis-Boire saw as a worrying trend:

had been sent from an Internet protocol

corrupt regimes using surveillance compa-

address in Moroccos capital of Rabat. Fur-

nies wares for anti-democratic purposes.

ther research comrmed that the Supreme

When Citizen Lab published its nd-

Council of National Defense, which ran

ings in the October 2012 report Backdoors

Moroccos security agencies, was behind

are Forever: Hacking Team and the Tar-

the attack. Almiraat and his colleagues had

geting of Dissent?, the group also docu-

essentially handed government spies the

mented traces of the companys spyware

keys to their devices, rendering Tor, or any

in a document sent to Ahmed Mansoor, a

other encryption software, useless. Moroc-

pro-democracy activist in the United Arab

cos spooks could read the Mamfakinch

Emirates. Privacy advocates and human

teams emails, steal their passwords, log

rights organizations were alarmed. By

their keystrokes, turn on their webcams

fueling and legitimizing this global trade,

and microphonesand spies likely had

we are creating a Pandoras box, Christo-

been doing exactly those things and more

pher Soghoian, the principal technologist

since the intrusion in July.

with the American Civil Liberties Unions

That wasnt all. Marquis-Boire and other

experts found a trail of bread crumbs

Speech, Privacy, and Technology Project,

told Bloomberg.

from a surveillance company that, youd

The Hacking Team, however, showed no

think, would have left no bread crumbs,

signs of standing down. Frankly, the evi-

let alone a trail, he recalls. Tucked in the

dence that the Citizen Lab report presents

source code of the Scandal document, a

in this case doesnt suggest anything inap-

few small lines had been left behind in

propriately done by us, company spokes-

error. And they were the rst fragments

man Eric Rabe told the Globe and Mail.

that ultimately led to the most powerful

As media and activists speculated about

FOREIGNPOLICY.COM

31

which countries the Italian rm served, the

media platforms, instant-messenger pro-

founder and CEO of the Hacking Team,

grams, video-conferencing softwarethat

David Vincenzettifrom his sleek, white

they could use to plot. Police, who lacked

oce inside an unsuspecting residential

in-house computer-security teams at the

building in Milantook the bad press in

time, were not equipped to ght back. And

stride. He joked with his colleagues in a pri-

private contractors typically specialized in

vate email that he was responsible for the

defensive technology, such as anti-virus

evilest technology in the world.

software, not programs that could attack

A tall, lean 48-year-old Italian with a

and decrypt criminals tools.

taste for expensive steak and designer

For Vincenzetti, the tragedy was a busi-

suits, Vincenzetti has transformed him-

ness opportunity. With only one client so

self over the past decade from an under-

farMilans Polizia Postale, the local law

ground hacker working out of a win-

enforcement branch that focuses on Inter-

dowless basement into a mogul worth

net crimethe budding entrepreneur set

millions. He is nothing if not militant

out to convince Spains government just

about what he denes as justice: Julian

how crucial his spyware could be in the

Assange, the embattled founder of

ght against terrorism.

WikiLeaks, is a criminal who by all means

The son of a teacher and agricultural

should be arrested, expatriated to the

chemicals salesman, Vincenzetti was a self-

United States, and judged there; whis-

taught hacker, seduced by cryptography

tleblower Chelsea Manning is another

at the age of 14. The teenager spent hours

lunatic; Edward Snowden should go to

reading computer forums online. Deci-

jail, absolutely.

phering codes reminded him of the chess

Privacy is very important, Vincen-

tournaments in which he often competed:

zetti says on a recent February morning

a complex series of oensive and defensive

in Milan, pausing to sip his espresso. But

moves until the shrewdest player won. A

national security is much more important.

hacker is someone who passes through

Vincenzettis position has come

gaps. A hacker never breaks the front door,

at a high cost. Disturbing incidents

Vincenzetti says. I was a hacker, he adds.

have been left in his wake: a spys sui-

A good hacker.

cide, dissidents arrests, and countless

Shortly after Vincenzetti enrolled at

human rights abuses. If I had known

the University of Milano-Bicocca in 1993,

USINESSES AND GOVERNMENTS AGAINST HACKERS. BUT, HE WONDERED, WHAT WOULD HAPPEN IF HACKERS
how crazy and dangerous he is, Guido

the school hired him as a network and

Landi, a former employee, says, I would

security administrator, a job for which

never have joined the Hacking Team.

he should have qualied only after he

received his degree. He was very well

ON MARCH 11, 2004, four commuter trains

known, recalls former classmate Stefano

cruising through Madrids early-morning

Zanero, now an associate professor at the

rush hour were hit by 10 large explosions.

university. He was one [of the] geeks that

The bombings, which left nearly 200 peo-

were beginning to understand how the

ple dead and 1,800 injured, marked the

Internet worked.

deadliest terrorist attack in Spains his-

Vincenzetti saw the nascent techno-

tory. The incident was all the more fright-

logical landscape as requiring a new kind

ening because the perpetrators likely were

of gamesmanship. The security industry

inspired by reading about al Qaeda online,

was dominated by companies focused on

and they had at their disposal an arsenal

defending businesses and governments

of new, cheap digital technologiessocial

against hackers. But, he wondered, what

32

MAY | JUNE 2016

would happen if hackers were instead

It was very exciting to be part of this.

Though the Hacking Team does not

unleashed as a mode of security? I was

For potential clients, Vincenzetti crafted

track how clients use RCS after a sale, Vin-

trying to foresee the future, he says.

an elevator pitch, boasting RCSs security

cenzetti says he does monitor the media

Between 2003 and 2004, Vincenzetti

features: To guarantee anonymity, cus-

to ensure clients do not commit crimes.

and two college friends worked in their

tomers would only use code names when

Should questions be raised about the pos-

dank, underground apartment and coded

calling the Hacking Teams product-sup-

sible abuse of HT software in human rights

what would become the Hacking Teams

port line, and the companys crew would

cases, the company states in its customer

agship software. Called the Remote Con-

not have access to clients collected data.

policy, HT will investigate to determine

trol System (RCS), it commandeers a tar-

It would be very dangerous for the people

the facts to the extent possible. If we believe

gets devices without detection, allowing

working here, he says now.

one of our customers may be involved in

a government to deploy malware against

At Vincenzettis start-up, days burned

an abuse of HT software, we will contact

known enemies. (The product was later

by as employees coded. Then, a few

the customer as part of this investigation.

dubbed Da Vinci, then Galileo.) Think of

months after the terrorist attack in Madrid,

Based on the results of such an investiga-

it as a criminal dossier: A tab marked Tar-

Vincenzettis pitch landed. Spains Secret

tion, HT will take appropriate action. (By

gets calls up a prole photo, which a spy

Service became the Hacking Teams sec-

way of example, Vincenzetti tells me he

must snap surreptitiously using the camera

ond customer. With his newest deal sealed,

severed his contract with Russia in 2014,

inside the subjects hacked device. Beside

Vincenzetti remembers thinking to him-

before the invasion of Crimea, after read-

the picture, a menu of technologies (lap-

self, Hey, David, this company is going

ing reports about corruption, murder, and

top, phone, tablet, etc.) oers an agent the

to have a future.

other news of what, he says, Russia was

ability to scroll through the persons data,

becoming.)

including email, Facebook, Skype, online

IN VINCENZETTIS MIND, RCS wasnt a sinister

According to Vincenzetti, China, Nige-

aliases, contacts, favorite websites, and

technology; however, its dual-use poten-

ria, Pakistan, and Iraq, to name a few

geographical location. Over time, the soft-

tialfor both peaceful and military appli-

repressive states, have requested the Hack-

ware enables government spooks to build

cationswas not lost on the businessman.

ing Teams services. He has had countless

a deep, sprawling portfolio of intelligence.

We were very quick to understand the

chances to sell to them, he says, but he has

Installing RCS isnt always easy. Spies

power of a tool like ours, he says. Exist-

declined every time. Even still, he admits

must get it into technology quickly and

ing international arms regulations did

vetting has been an imperfect process. In

secretlysay, in the seconds a phone

not cover spyware, so Vincenzetti and his

2011, Sudanthe president of which the

passes through security at a border check-

colleagues were responsible for gauging

International Criminal Court had indicted

point. Moreover, each device a target uses

the ways clients might use the companys

on genocide chargescame calling. The

must be infected separately. Yet there are

products. His employees, he says, never

following year, the countrys National Intel-

myriad options for delivery: a USB, DVD,

took this lightly.

ligence and Security Service paid 960,000

WERE INSTEAD UNLEASHED AS A MODE OF SECURITY? I WAS TRYING TO FORESEE THE FUTURE, HE SAYS.
public Wi-Fi network, or even a QR code

The Hacking Teams existing customer

disguised as something enticing (such as

policyposted on its website one year after

euros (around $1.3 million) for RCS.

Vincenzetti says his life had become

an ad for an escort service).

Citizen Lab exposed the Italian rmvows

exceedingly busy at that point. It wasnt

In the early days, Vincenzetti framed

to sell only to governments, not to corpora-

uncommon for him to think that a month

the Hacking Team as important defend-

tions or individuals. (Vincenzetti says the

had passed when it had been only a week.

ers of international securitya mod-

company declines frequent requests from

He awoke regularly at 3 a.m. to exercise

ern-day Justice League dreaming up

people who want to spy on their spouses.)

whether that day he was meeting with the

technology that governments could use

Yet it will not, under any circumstances,

FBI in Washington, negotiating a seven-g-

to protect their citizens. Alberto Pellicci-

sell to a country blacklisted by the United

ure deal in South Korea, helping cops inl-

one, the lead developer of RCS for mobile

States, European Union, United Nations,

trate cartels in Mexico, or working from his

devices and a former artificial-intelli-

NATO, or the Association of Southeast

Milan oceand then spent the rest of

gence researcher, was among those who

Asian Nations. To help Vincenzetti review

his waking hours in a nonstop whirlwind

eagerly joined Vincenzettis cause. This

clients in advance of sales, he says he hired

of deal-making and coding.

was supposed to be used against terror-

Bird & Bird, an international law rm head-

ists and criminals, Pelliccione explains.

quartered in London.

By 2013, Vincenzetti counted around 40

governments, including the United States,

FOREIGNPOLICY.COM

33

among his clients, each of which spent

wore white plastic masks with wide smiles,

between $50,000 to over $2 million a year

rosy cheeks, and Van Dykesthe guise of

Darfur conict is of interest to the Panel.

Last December, the panel presented the

for the Hacking Teams software. In August

Anonymous, the international collective

U.N. Security Council with a report accus-

2012, the Drug Enforcement Administra-

of activists and hackers.

ing the Hacking Team of failing to coop-

tion (DEA) sunk $2.4 million into RCS in

According to Vincenzetti, who was in

erate with its inquiry, saying it found it

order to spy on 17 foreign-based drug traf-

Rome at the time, the intruders stole what-

dicult obtaining accurate information

ckers and money launderers, accord-

ever they could grabpapers, notes, per-

from the rm. The Hacking Team cer-

ing to its contract, which the government

sonal itemswhile lming their invasion,

tainly obstructed the work with the panel

agency released to the website Mother-

which they later posted online. It was a

by consistently and deliberately failing to

board this February.

full assault, he says. (No one was injured.)

provide the specic information at its dis-

Vincenzetti was jet-setting around the

Three days later, when the CEO returned

posal as requested by the panel, accord-

world, entertaining international digni-

to Milan, he got into his gray Smart car to

ing to an unpublished U.N. report leaked

taries, and sharing his companys wealth

nd its battery exposed and the fuel cap

to FOREIGN POLICYs senior diplomatic

AND THE FUEL CAP MISSING. IT WAS A WARNING, HE INSISTS. VINCENZETTIS RISE HAD NOT COME WITHOUT
with his trusted team. The Hacking Team

missing. It was a warning, he insists.

reporter Colum Lynch in April. The U.N.

did not publicly disclose its earnings,

Vincenzettis rise had not come without

has not taken any action against the Hack-

but when I wanted more money, Landi,

a growing opposition, wishing and work-

ing Team. Vincenzetti, though, says he

a former employee, recalls, he always

ing for his fall.

ended the companys contract with Khar-

said OK.

In June 2014, the Hacking Team received

toum in November 2014.

In the wake of Citizen Labs explosive

a fax from the U.N.s Security Council Com-

Looking back, Vincenzetti claims that

report in October 2012, some members

mittee, referencing another Citizen Lab

had he been more informed about Sudan,

of Vincenzettis sta began questioning

report released earlier that year. Inter-

he would have never sold to them. But

whether the people we are selling to are

national sanctions prohibited the sale of

he will not say he regrets the deal. We

using [the software] in the right way, within

arms...including military equipment,

didnt break any law, he goes on, non-

the boundaries of law or not, explains Pel-

wrote Lipika Majumdar Roy Choudhury,

plussed about the experience. It just

liccione. The RCS developer was not part

coordinator of the U.N.s panel of experts

happened. In other words, the com-

of Vincenzettis customer-review process.

on Sudan. The companys dealings with

pany made an error in judgmentnothing

But when Pelliccione posed this query to

that country may have constituted a vio-

more. But even that wouldnt be tolerated

his superiors, he says he was reassured that

lation of this ban.

for much longer.

they were checking everyone to make sure

there were no abuses.
OUTSIDE CRITICS WERE

Vincenzettis team pushed back.

Alessandra Tarissi De Jacobis, a lawyer

ITALY IMPLEMENTED THE Wassenaar Arrange-

from Cocuzza & Associati Studio Legale

ment, a multinational pact that controls the

anything but san-

who advised Vincenzetti on the mat-

export of dual-use goods, on Jan. 1, 2015.

guine. The companys notoriety grew,

ter, informed him in an email that sell-

The arrangement, originally created in

particularly among privacy advocates.

ing RCS to Sudan was akin to hawking

1996, had been amended to include sur-

In March 2013, Reporters Without Bor-

it Tortas de Milanesa. If one sells sand-

veillance software, which meant the Italian

ders included Vincenzettis operation

wiches to Sudan, he is not subject, as far

government would now vet the Hacking

in its annual Enemies of the Internet

as my knowledge goes, to the law, she

Teams clients. After previous run-ins over

report, warning that online surveillance

wrote. HT should be treated like a sand-

what he calls his inecient informa-

posed a growing danger for journalists,

wich vendor. The U.N. had a dierent

tion on customers, Vincenzetti considered

bloggers, citizen-journalists, and human

opinion: The view of the panel is that as

the Wassenaar a relief. Now they tell me

rights defenders. That autumn, about 20

such software is ideally suited to support

exactly what is allowed and what is not

activists stormed their way past the Hack-

military electronic intelligence (ELINT)

allowed, he explains, and Im very happy

ing Teams frosted glass door in Milan.

operations it may potentially fall under

about that.

One protester shouted through a micro-

the category of militaryequipment or

Behind the scenes, however, Vincen-

phone, while others waved iers with slo-

assistance related to prohibited items,

zetti had attempted to work around the

gans like, United We Stand and #Stop

Choudhury wrote. Thus its potential use

rules before they even came into eect.

Watching Us. Many of the demonstrators

in targeting any of the belligerents in the

In late 2013, according to leaked emails,

34

MAY | JUNE 2016

the businessman was negotiating with the

it wasnt new information. In other words,

Saudi Arabian government to sell the king-

as Landi and others had already believed,

dom a majority stake in the Hacking Team,

Hacking Team employees were under sur-

which would give the Saudis controlling

veillance too. We accepted this, Pellicci-

interests. Though Vincenzetti wont con-

one says. They know where you are and

rm or deny the talks, part of the appeal,

where you go. But Rabe, the Hacking

it seems, was to set up shop beyond the

Team spokesman, rebuts this claim: No

Wassenaars scope. The newco should be

surveillance of Hacking Team employees

away from countries adhering to the new,

has occurred.

forthcoming export regulations on oen-

Angered by the rising tide against him,

sive technologies which will [be] dictated

and frustrated by Citizen Labs reports

by the recent Wassenaar Arrangement,

condemning the Hacking Team, Vincen-

Vincenzetti wrote to his contact in Saudi

zetti publicly defended his company. In

A GROWING OPPOSITION, WISHING AND WORKING FOR HIS FALL. IN JUNE 2014, THE HACKING TEAM RECEIVE
Arabia. We would like the newco to be in

a November 2014 letter to the Intercept,

a country which will not impair the export

which had published Marquis-Boires

of our technology. (Vincenzetti says he

analysis of the Hacking Teams tech-

does not recall the correspondence or this

nology, Vincenzetti dismissed his foe as

particular comment.)

a tireless wolf-crier on the issue of pri-

The negotiations fell apart for unknown

vacy as he denes itapparently requir-

reasons. Vincenzetti insists only that his

ing anyone to be allowed to do anything

company has taken an unfair beating

without fear of detection. (In an email,

about other dealings in Saudi Arabia,

Marquis-Boire described his reaction to

which Citizen Lab disclosed in its 2014

Vincenzettis words as one of amuse-

report. We have clients in Saudi Arabia,

ment?.) Reporter Brian Donohue red

he says. Is Saudi Arabia a democracy?

o a response on the security blog Threat

No, its a kingdom. You can approve or

Post, which read, Interestingly, Vincen-

not approve this. I am not the judge of

zetti does not directly say in his letter

this. Still, there is something which is very

that his company does not sell products

clear: There is al Qaeda in the Arabian

to despots.

Peninsula. It is very strong, very orga-

Privately, Vincenzetti dialed back his

nized, very active...and invariably strikes

cavalier attitude. Later that November, a

in Saudi. These terrorists can be fought

client asked in an email whether it would

over there. He would not comment on

be possible to record a Hacking Team

Riyadhs human rights record.

training for later use. Denitely NOT!!!

Yet the discussions with Saudi Ara-

Vincenzetti responded. Imagine this: a

bia telegraphed to many Hacking Team

leak on WikiLeaks showing YOU explain-

employees that the company might be

ing the evilest technology on earth! :-) You

a sinking ship, Landi says. They were

would be demonized by our dearest friends

trying to sell the company so there was

the activists, and normal people would

not much attention on making a good

point their ngers at you. Yet he couldnt

product. Pelliccione agrees: The com-

help but continue to savor his companys

pany became more and more opaque,

reputation. Denitely, we are notorious,

he says. I decided I dont need to do this

probably the most notorious name in the

for a living.

oensive security market, he emailed

Pelliccione quit in February 2014, fol-

Daniele Milan, his operations manager

lowed by Landi and others. Landi claims

in May 2015. And that, Vincenzetti added,

that when he gave notice, Vincenzetti said

is great.

FOREIGNPOLICY.COM

35

ONE EARLY MORNING

in July 2015, Vincen-

years: The leadership was dismissive over

zetti was mid-pushup when his operations

human rights and privacy, which [Vincen-

manager called his cell phone. Weve been

zetti] saw as negative to their business

attacked, Vincenzetti recalls Milan saying.

interests. Marquis-Boire was also sur-

A hacktivist known as Phineas Fisher

prised to nd surveillance photographs

had hijacked the Hacking Teams ocial

of himself in the Hacking Team les, taken

Twitter account and posted an ominous

when he was giving a lecture in Italy.

message: Since we have nothing to hide,

Vincenzetti saw things very dierently.

were publishing all our emails, les, and

The leak potentially foiled countless hours

source code. Following the message was

and millions of dollars his customers had

a link to more than 400 gigabytes of the

spent gathering intelligence. Dangerous tar-

companys most sensitive data. (A year

getsterrorists, murderers, and kingpins

WEBS OF SURVEILLANCE LAID BARE. THE HACKING TEAMS TECHNOLOGY HAD BEEN RENDERED USELESS: THE

36

MAY | JUNE 2016

prior, Phineas Fisher had attacked Hacking

could learn that they were under watch and

Team competitor Gamma Group, leaking

slip into hiding or, worse, retaliate.

40 gigabytes of marketing and technical

Vincenzetti says some clients told him

information on the companys surveillance

their investigations ground to a halt; oth-

software, FinFisher, which was then being

ers reported that they had to move in on

used in Turkey, Oman, and elsewhere.)

targets early, using whatever limited evi-

In the coming hours, spies around the

dence they had collected. Last August, Ita-

world awoke to nd their webs of surveil-

lys Chief of National Police Alessandro

lance laid bare. The Hacking Teams tech-

Pansa testied at a government intelli-

nology had been rendered useless: The leak

gence hearing about the leaks aftermath.

had made some 80 percent of the com-

Italian law enforcement was forced to stop

panys source code visible online, mean-

its activity, he said, causing great dam-

ing antivirus companies would soon get to

ages to many critical investigations, espe-

work patching xes. It will become dead,

cially regarding terrorism.

Vincenzetti told his sta. The code that he

Much of this government panic hap-

had built on invisibility now glowed in the

pened behind closed doors, but a scandal

dark. Writing in the IB Times, security ana-

in South Korea provided a rare, public por-

lyst John McAfee described the hack as a

tal into the leaks fallout. South Koreas main

uniquely monumental event that threat-

intelligence agency, the National Intelli-

ens to bring down a well-known name in

gence Service (NIS), had been under re

the mass surveillance industry.

since September 2014, when a Seoul court

The leak exposed a trove of customer

found a former intelligence chief, Won Sei-

invoices conrming links to repressive

hoon, guilty of using agents to post 1.2 mil-

regimes, including Ethiopia, Bahrain,

lion negative messages online in an eort to

Egypt, Kazakhstan, Saudi Arabia, Russia,

destroy the 2012 presidential campaign of an

and Azerbaijan. After years of claiming

opposing political party. The Hacking Team

it evaluated customers, it became glar-

breach fanned these ames by conrming

ingly clear that the Hacking Team either

that South Korea had purchased spyware,

did not care about human rights abuses or

which activists worried was being used to

had been negligent in assessing them. As

keep tabs on government opponents.

Bruce Schneier, a leading security analyst,

Less than two weeks after the hack, an

wrote on his blog shortly after the leak, the

NIS spywhom police identied only by

sleazy companyhas been lying.

the last name Limwas found dead of car-

For Marquis-Boire, the breach was val-

bon monoxide poisoning in his car, which

idation of what he had been arguing for

was parked on a mountainside road out-

side Seoul. On his passenger seat, he left a

In addition to the latest RCS, he has three

Mamfakinch. In the months that followed

three-page suicide note written on yellow

new tools. He wont discuss two of them

that July day, when Almiraat rst knew

paper in which he took responsibility for

in great detail; however, when pressed,

something had gone terribly wrong, volun-

buying the Hacking Teams technology

he hints at whats to come with one of the

teers, the lifeblood of his group, dwindled

but vowed that it had been used only to

tools, saying, If you can get close to a Wi-Fi

from 30 to ve. By showing they can vio-

spy on North Korea. It was a mistake on

device, irrespective of the protection of the

late the privacy of our work, he says of the

my part, he wrote. But there is nothing to

network, we can extract a lot of information

Hacking Team, they sent a chilling eect

be worried about over any of my actions.

from it. Then, in what may be Vincenzettis

over the whole business of online dissent.

Subsequent reporting revealed that, in

boldest, most controversial claim to date,

Morocco remains a Hacking Team cli-

a closed-door meeting, the NIS admitted

he says his company can now decrypt Tor.

ent. Vincenzetti says his company law-

to using the spyware more than 200 times

No longer will his clients have to bait a Tor

fully engaged with a government that, he

to track North Koreas illegal arms trade, as

user in order to circumvent the anonymity

notes in an email, is an ally of the U.S. and

LEAK HAD MADE SOME 80 PERCENT OF THE COMPANYS SOURCE CODE VISIBLE ONLINE, MEANING ANTIVIRU
well as Pyongyangs spooks in South Korea.

softwareas Morocco did with the Scandal

a partner in the ght against terrorism.

The NIS also claimed to have arrested Chi-

le it sent to Mamfakinch. Now, Vincenzetti

Morocco is also an ally of most European

nese drug dealers thanks to intelligence

boasts, his software can break Tor. I can

nations, and Moroccan intelligence agen-

gleaned with the technology. In response,

put a box in this room which will decode all

cies recently provided France with essen-

the editorial board of the English-lan-

your encrypted trac on the y, he tells

tial information to locate the terrorists in

guage JoongAng Daily wrote in support

me. Logins, passwords, locations, real user

Paris and in Bruxelles.

of the governments deal with the Hack-

name, real site names.... Its black magic.

What lessons, if any, he takes from

ing Team. Intelligence gathering, surveil-

This kind of decryption would not

instances in which his clients have com-

lance and cyber activities through hacking

only transform law enforcement, but also

mitted abuses is not clear. Perhaps he is not

techniques are necessary for a state spy

threaten to destroy the protection that pri-

concerned with learning any. Having the

agency in todays world, the board wrote.

vate citizens, namely political dissidents,

tools to ght terrorism in states where ter-

Cyberskills and technology are crucial to

have come to expect online. Je Moss, a

rorists may operate, he writes in his email

ght North Korea and criminal groups that

security analyst and founder of the Def Con

about Rabat, protects innocent people

are getting more and more sophisticated.

hacker conference, is dubious of Vincen-

there and elsewhere.

PHINEAS FISHERS IDENTITY

is unknown,

but Vincenzetti has said the hack was an

zettis claimbut if true, he says, it would

These days, Vincenzetti is busy travel-

be a severity 10 bug that the Tor commu-

ing the world to recruit new customers, fol-

nity would have to race to x.

lowing a schedule resembling his earliest,

inside job. (Italian authorities have not yet

This device, Vincenzetti insists, is in

frenetic Hacking Team days. As with his big

brought charges against anyone.) What-

use already. He cannot say who, exactly,

break after the Madrid attacks, he sees an

ever the case may be, the attack hurt the

is employing it: Once he sells his tools to

increasingly urgent demand to hack and

companys bottom line. Vincenzetti says

agencies, he does not know which spies are

track criminalsfrom San Bernardino to

the Hacking Team lost around 20 percent

using them, where, or why. I dont even

Paris to Brussels to Istanbul.

of its customers in the months after the

have their phone numbers most of the

leak, including the United States; in 2015,

time, he says. They have mine.

the company reported $14 million in rev-

He may have lost business in last summers breach, but as much as the incident hit
his company, it may also have hyped it; hes

enue. I respect the clients who decide to

WHILE VINCENZETTIS TEAM touts its updated

gained four new contracts in the past year.

stop working with us, he says.

RCS, Almiraat is still feeling the eects of

So is he indebted to Phineas Fisher for forc-

That his private emails were exposed

the companys older version. The activist is

ing the Hacking Team to improve its wares?

does not faze him. If you want to read it,

awaiting trial for threatening the internal

read it, Vincenzetti says. I dont care.

security of the state, in the words of the

Im myself. Of much more concern has

Moroccan penal code, a crime that carries

been xing his companys goods. For three

a ve-year sentence. Four other Mamfak-

DAVID KUSHNER (@davidkushner) is author

months after the breach, the Hacking Team

inch contributors now face similar charges.

of Masters of Doom and Alligator Candy,

rewrote its spyware from scratch into what

This is just the latest fallout of Moroc-

and a Ferris professor of journalism at

Vincenzetti calls a much better product.

cos use of Hacking Team software against

Vincenzetti smiles sheepishly. For him,

the answer is easy.

Q

Princeton University.

FOREIGNPOLICY.COM

37

Copyright of Foreign Policy is the property of Foreign Policy and its content may not be
copied or emailed to multiple sites or posted to a listserv without the copyright holder's
express written permission. However, users may print, download, or email articles for
individual use.