To spies, David Vincenzetti is a salesman. To tyrants, he is a savior. How the Italian mogul built a hacking empire.
As the sun rose over the banks of the Seine and the medieval, half-timbered houses of Rouen, France, on July 13, 2012, Hisham Almiraat opened his inbox to find “Denunciation” in the subject line of an email. “Please do not mention my name or anything,” wrote the sender, Imane. “I do not want any trouble.”
The editor and co-founder of Mamfakinch, a pro-democracy website created in Morocco during the Arab Spring, Almiraat was one of his country’s most outspoken dissidents and someone accustomed to cryptic emails: Moroccan activists faced jail time for their views and risked their jobs, or even their lives, for speaking out against their government. From Normandy’s capital city, where Almiraat was in medical school, the bespectacled 36-year-old spent his time — in between classes and hospital shifts — mentoring, coaching, and editing more than 40 citizen journalists. The group covered the roiling unrest back in Almiraat’s homeland, where he would soon return after completing his studies. (Almiraat contributed to Foreign Policy in 2011.)
Almiraat and his colleagues also trained Mamfakinch’s writers to use encryption software, most notably the Onion Router, so that their online activities remained anonymous and shielded. Tor, as it’s widely known, masks a user’s identity and physical location. “People were relying on us to protect their…reputations, their careers, and probably also their freedoms,” Almiraat says. “All of that could be put in jeopardy if that were made public.” It was precisely this forethought that had earned Mamfakinch the Breaking Borders Award, sponsored by Google and the citizen-media group Global Voices, for its efforts “to defend and promote freedom of speech rights on the Internet.”
But on that July morning, just 11 days after receiving the award, Almiraat read the message from Imane and knew “something wasn’t right.” A website link directed him to a document labeled “Scandal,” which, once downloaded, was blank. His associates received the same note.
Suspicious, Almiraat promptly forwarded the email to an activist he knew, who then sent it to Morgan Marquis-Boire, a dreadlocked, tattooed 32-year-old digital activist who’d grown up hacking in New Zealand under the nickname “Mayhem.” A top security researcher at Google, Marquis-Boire had made waves recently as a volunteer detective for Citizen Lab, a technology research and human rights group at the University of Toronto; he and several colleagues had found evidence that suggested Bahrain was using surveillance software — a product intended for government spying on suspected criminals — against supporters of political reform.
After a month-long analysis of the Scandal file, Marquis-Boire contacted Almiraat with disturbing news: Anyone who had opened the document had been infected with highly sophisticated spyware, which had been sent from an Internet protocol address in Morocco’s capital of Rabat. Further research confirmed that the Supreme Council of National Defense, which ran Morocco’s security agencies, was behind the attack. Almiraat and his colleagues had essentially handed government spies the keys to their devices, rendering Tor, or any other encryption software, useless. Morocco’s spooks could read the Mamfakinch team’s emails, steal their passwords, log their keystrokes, turn on their webcams and microphones — and spies likely had been doing exactly those things and more since the intrusion in July.
That wasn’t all. Marquis-Boire and other experts found “a trail of bread crumbs from a surveillance company that, you’d think, would have left no bread crumbs, let alone a trail,” he recalls. Tucked in the source code of the Scandal document, a few small lines had been left behind in error. And they were the first fragments that ultimately led to the most powerful and notorious dealer in online spycraft: the Hacking Team.
The Blackwater of surveillance, the Hacking Team is among the world’s few dozen private contractors feeding a clandestine, multibillion-dollar industry that arms the world’s law enforcement and intelligence agencies with spyware. Comprised of around 40 engineers and salespeople who peddle its goods to more than 40 nations, the Hacking Team epitomizes what Reporters Without Borders, the international anti-censorship group, dubs the “era of digital mercenaries.”
The Italian company’s tools — “the hacking suite for governmental interception,” its website claims — are marketed for fighting criminals and terrorists. But there, on Marquis-Boire’s computer screen, was chilling proof that the Hacking Team’s software was also being used against dissidents. It was just the latest example of what Marquis-Boire saw as a worrying trend: corrupt regimes using surveillance companies’ wares for anti-democratic purposes.
When Citizen Lab published its findings in the October 2012 report “Backdoors are Forever: Hacking Team and the Targeting of Dissent?” the group also documented traces of the company’s spyware in a document sent to Ahmed Mansoor, a pro-democracy activist in the United Arab Emirates. Privacy advocates and human rights organizations were alarmed. “By fueling and legitimizing this global trade, we are creating a Pandora’s box,” Christopher Soghoian, the principal technologist with the American Civil Liberties Union’s Speech, Privacy, and Technology Project, told Bloomberg.
The Hacking Team, however, showed no signs of standing down. “Frankly, the evidence that the Citizen Lab report presents in this case doesn’t suggest anything inappropriately done by us,” company spokesman Eric Rabe told the Globe and Mail.
As media and activists speculated about which countries the Italian firm served, the founder and CEO of the Hacking Team, David Vincenzetti — from his sleek, white office inside an unsuspecting residential building in Milan — took the bad press in stride. He joked with his colleagues in a private email that he was responsible for the “evilest technology” in the world.
A tall, lean 48-year-old Italian with a taste for expensive steak and designer suits, Vincenzetti has transformed himself over the past decade from an under-ground hacker working out of a windowless basement into a mogul worth millions. He is nothing if not militant about what he defines as justice: Julian Assange, the embattled founder of WikiLeaks, is “a criminal who by all means should be arrested, expatriated to the United States, and judged there”; whistleblower Chelsea Manning is “another lunatic”; Edward Snowden “should go to jail, absolutely.”
“Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.”
Vincenzetti’s position has come at a high cost. Disturbing incidents have been left in his wake: a spy’s suicide, dissidents’ arrests, and countless human rights abuses. “If I had known how crazy and dangerous he is,” Guido Landi, a former employee, says, “I would never have joined the Hacking Team.”
On March 11, 2004, four commuter trains cruising through Madrid’s early-morning rush hour were hit by 10 large explosions. The bombings, which left nearly 200 people dead and 1,800 injured, marked the deadliest terrorist attack in Spain’s history. The incident was all the more frightening because the perpetrators likely were inspired by reading about al Qaeda online, and they had at their disposal an arsenal of new, cheap digital technologies — social media platforms, instant-messenger programs, video-conferencing software — that they could use to plot. Police, who lacked in-house computer-security teams at the time, were not equipped to fight back. And private contractors typically specialized in defensive technology, such as anti-virus software, not programs that could attack and decrypt criminals’ tools.
For Vincenzetti, the tragedy was a business opportunity. With only one client so far — Milan’s Polizia Postale, the local law enforcement branch that focuses on Internet crime — the budding entrepreneur set out to convince Spain’s government just how crucial his spyware could be in the fight against terrorism.
The son of a teacher and agricultural chemicals salesman, Vincenzetti was a self-taught hacker, seduced by cryptography at the age of 14. The teenager spent hours reading computer forums online. Deciphering codes reminded him of the chess tournaments in which he often competed: a complex series of offensive and defensive moves until the shrewdest player won. “A hacker is someone who passes through gaps. A hacker never breaks the front door,” Vincenzetti says. “I was a hacker,” he adds. “A good hacker.”
Shortly after Vincenzetti enrolled at the University of Milano-Bicocca in 1993, the school hired him as a network and security administrator, a job for which he should have qualified only after he received his degree. “He was very well known,” recalls former classmate Stefano Zanero, now an associate professor at the university. “He was one [of the] geeks that were beginning to understand how the Internet worked.”
Vincenzetti saw the nascent technological landscape as requiring a new kind of gamesmanship. The security industry was dominated by companies focused on defending businesses and governments against hackers. But, he wondered, what would happen if hackers were instead unleashed as a mode of security? “I was trying to foresee the future,” he says.
Between 2003 and 2004, Vincenzetti and two college friends worked in their dank, underground apartment and coded what would become the Hacking Team’s flagship software. Called the Remote Control System (RCS), it commandeers a target’s devices without detection, allowing a government to deploy malware against known enemies. (The product was later dubbed Da Vinci, then Galileo.) Think of it as a criminal dossier: A tab marked “Targets” calls up a profile photo, which a spy must snap surreptitiously using the camera inside the subject’s hacked device. Beside the picture, a menu of technologies (laptop, phone, tablet, etc.) offers an agent the ability to scroll through the person’s data, including email, Facebook, Skype, online aliases, contacts, favorite websites, and geographical location. Over time, the software enables government spooks to build a deep, sprawling portfolio of intelligence.
Installing RCS isn’t always easy. Spies must get it into technology quickly and secretly — say, in the seconds a phone passes through security at a border checkpoint. Moreover, each device a target uses must be infected separately. Yet there are myriad options for delivery: a USB, DVD, public Wi-Fi network, or even a QR code disguised as something enticing (such as an ad for an escort service).
In the early days, Vincenzetti framed the Hacking Team as important defenders of international security — a modern-day Justice League dreaming up technology that governments could use to protect their citizens. Alberto Pelliccione, the lead developer of RCS for mobile devices and a former artificial-intelligence researcher, was among those who eagerly joined Vincenzetti’s cause. “This was supposed to be used against terrorists and criminals,” Pelliccione explains. “It was very exciting to be part of this.”
For potential clients, Vincenzetti crafted an elevator pitch, boasting RCS’s security features: To guarantee anonymity, customers would only use code names when calling the Hacking Team’s product-support line, and the company’s crew would not have access to clients’ collected data. “It would be very dangerous for the people working here,” he says now.
At Vincenzetti’s start-up, days burned by as employees coded. Then, a few months after the terrorist attack in Madrid, Vincenzetti’s pitch landed. Spain’s Secret Service became the Hacking Team’s second customer. With his newest deal sealed, Vincenzetti remembers thinking to himself, “‘Hey, David, this company is going to have a future.’”
Read full article at Foreign Policy