A close look at Hacking Team's courtship with local law enforcement

A close look at Hacking Team’s courtship with local law enforcement

The Italian malware company offered product demos to NYPD, county sheriffs, even campus cops

Written by
Edited by JPat Brown

A version of this article appeared on Motherboard

Leaked emails confirm that Hacking Team has been courting government agencies in the United States as potential customers for its spyware. As the map we published last week explores, the Italian firm’s rolodex includes state and local law enforcement alongside federal intelligence agencies.

Most of Hacking Team’s police contacts seem to be culled from law enforcement conferences. But a handful have closer ties, and have requested in-person demos of Hacking Team surveillance products. Those products include its Remote Control System Galileo spyware suite, which Hacking Team describes in a brochure as being able to “bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain.”

You might have guessed that some larger agencies, like the NYPD and the Manhattan District Attorney’s Office, would have interest in Hacking Team’s products. But then there’s also the police department at University of California, Santa Barbara, which reached out to Hacking Team for a demo in 2011. Here are the ones we’ve found so far.

Manhattan District Attorney’s Office

Staff: 975
Annual budget: $92 million

As recently as this past May, Hacking Team and an assistant district attorney with the Manhattan District Attorney’s Office emailed back and forth about a potential software “solution.” Hacking Team sales staff fielded questions about jailbreaking iPhones remotely, and discussed among themselves about how high a price to quote.

Hacking Team hosted a spyware demo in September 2013 for Manhattan district attorney staff, and again in February 2015. When the assistant DA requested a price estimate, a Hacking Team operations manager suggested a starting ask of $3 million.

“If it’s totally out of budget, we can come up with a special ‘deal’ for them and the usual accommodations,” wrote Hacking Team’s Daniele Milan on an internal email thread about discussions with the DA.

The DA’s office confirmed that it has met with Hacking Team to review their products.

“In order to keep pace with rapid developments in the private sector, we invite groups to demo various emerging technologies,” wrote Joan Vollero, Manhattan DA spokeswoman, in an emailed statement.

Vollero says that the district attorney has not entered a contract with Hacking Team, and that all technology applied by the DA’s office is subject to judicial review before its use.

New York City Police Department

Staff: 49,526
Annual budget: $4.8 billion

The NYPD arranged for a Hacking Team demonstration in July 2013. In addition, a detective with NYPD’s Cyber Intelligence Unit offered to drive down to Hacking Team’s office in Annapolis for a presentation on Thanksgiving Eve last year.

“He asked what was the soonest he can come to Annapolis to see demo,” wrote a Hacking Team account manager in a November 2014 email. “I tried to push him to next month or next year. But he was insistent.”

The detective met Hacking Team at the National Technical Investigators’ Association (NATIA) conference the year before, and wanted to see the company’s spyware in action right away.

”[....] the simple fact that they would do it, means they are serious about acquiring the system,” wrote the Hacking Team staffer.

The NYPD public information office did not respond to inquires, but Capital New York reported that the detective did not make the drive. The same detective was copied on many emails between the Manhattan District Attorney’s Office and Hacking Team.

New Jersey State Police

Staff: 3,700
Annual budget: $250 million

Hacking Team arranged a demonstration at the West Trenton office of the New Jersey State Police in November 2013. Officers from the agency’s Electronic Surveillance Unit attended the demo, and at least one seemed impressed.

“We have some technical issues that our bosses are concerned with, specifically the anonymizers but I think we are working successfully around it,” a sergeant detective wrote to the Hacking Team rep a few weeks after the meeting. “Otherwise, they are mostly excited about it’s [sic] capabilities and are interested in deploying it.”

A spokesperson confirmed that the the New Jersey State Police looked into Hacking Team products, but ultimately didn’t make the purchase.

Maryland State Police

Staff: 2,500
Annual budget: $340 million

In 2012, a sergeant from Maryland State Police’s Homeland Security and Intelligence Bureau and drug task force wrote to Hacking Team. The sergeant was enthusiastic about Da Vinci, an earlier version of Hacking Team’s Remote Control System spyware, and asked for a demo to help sell his team members on the purchase.

“One of the most difficult things I have to do is convince non-technical people this technology is worth the money,” wrote the sergeant in a September 2013 email. “I know it is, because there are no others out there that can do what your product can.”

Hacking Team gave a quote of $336,000. It was a steal, by the company’s estimation

“I had to promise that I would find more state police that would take the same offer,” the sales rep wrote back. “I have a big job ahead of me!”

The Maryland State Police replied that the sergeant “called for research purposes and was inquiring about court authorized intercepts.” A spokesperson indicated that the agency did not purchase any version of Remote Control System.

Broward County, FL Sheriff

Staff: 5,800
Annual budget: $730 million

As we reported last week, a Hacking Team engineer put on a “proof of concept” demonstration of the RCS spyware tool for the sheriff’s office in Broward County, Florida in 2013.

Within days of visiting Broward County, Hacking Team demonstrated the same system for the Colombian National Police and the United Nations Development Program, the emails show.

“The detectives that [sic] there were definitely impressed by [Remote Control System],” the engineer summarized in a debriefing email. “[M]ost of the questions were about the legal aspects, but in the end they seemed confident that the product could be used for investigations.”

Impressed as they might have been, Broward County officials indicate that the sheriff’s office did not purchase Hacking Team software following the demo.

Polk County, FL Sheriff

Staff: 1,578
Annual budget: $140 million

A detective at the Polk County Sheriff’s Office in central Florida invited Hacking Team for a demonstration in September 2014. The Bureau of Special Investigations detective had visited Hacking Team’s booth at a recent law enforcement conference.

Hacking Team came to the agency’s headquarters in the small city of Winter Haven.

“Their demo included any products that might help us successfully and legally accomplish a digital wiretap,” detailed Carrie Horstman of the PCSO’s public information office. “After the demo, we decided their products were too expensive and did not satisfy our needs.”

San Bernardino County, CA Sheriff

Staff: 1,688
Annual budget: $204 million

A detective from the San Bernardino County Sheriff’s Department attended a Hacking Team presentation during a training conference in 2012. Sales reps offered to give a full demo, which the company did in September 2013.

A spokesperson confirmed that Hacking Team put on a demo at the office of the Inland Regional Narcotics Enforcement Team (IRNET) in San Bernardino.

“After the demo it was determined that their program did not meet our needs,” said Cindy Bachman of the San Bernardino County Sheriff’s Department.

University of California, Santa Barbara Police

Staff: 103
Annual budget: unknown

After seeing a demonstration at a conference and reading up on Remote Control System, a police officer at UCSB emailed Hacking Team in February 2011.

The officer, who is now a detective in UCSB’s Problem Solving Unit, didn’t explain how his department might use the software. But he was eager to try it out, and wrote in the email that he was “trying to sell my command staff on it.”

“I was wondering if it is at all possible to get a trial copy or sample (doesn’t need to be fully functional) to show my command staff,” the officer wrote.

Hacking Team asked UCSB police to sign a nondisclosure agreement before the company would provide further information. Emails indicate that the officer signed the NDA, but struggled to email it back using PGP encryption as requested.

“The UCSB public affairs office confirmed that officer signed the NDA in 2011, but indicated that Hacking Team did not conduct a demo of RCS or other products for university police.”

MuckRock will continue to comb the Hacking Team emails using the map above. Help us find U.S. law enforcement agencies with ties to Hacking Team. Send your findings to info@muckrock.com, or by submit a records request of your own by cloning the request we submitted to the Broward County Sheriff.

Use the tag “hacking team” to help us keep track!

Image via HackingTeam.It