July 12, 2015

#32 The Evilest Technology On Earth :-)

by Reply All

Background show artwork for Reply All

On July 5th, a hacker leaked hundreds of gigabytes of information stolen from a company that sells surveillance software to some of the most oppressive regimes in the world. We look into what journalists have found so far. Also, a new Yes Yes No. 


The Facts
Our theme song is by Breakmaster Cylinder. Our ad music is by Build Buildings. 


Further Reading

Chris Soghoian has been tweeting extensively about The Hacking Team, and Ryan Gallagher and Kim Zetter have both written excellent articles about the leak. 


Transcript

ALEX GOLDMAN: From Gimlet, this is Reply All. I'm Alex Goldman.You’re the dictator of a small country, and you’ve decided that you want to spy on the computers and cell phones of some of your citizens. Maybe you want to put a stop to some pro-democracy protests or maybe you’re trying to stop a would-be terrorist. Until recently, the tools you’d need to do NSA-quality surveillance were too expensive. But these days, you can just go out and buy it cheap. The company that sells it, they even advertise online.

HACKING TEAM ADVERTISEMENT: You need more. You want to look through your target’s eyes. You have to hack your target.

ALEX: This is an ad for an Italian company called The Hacking Team. While you’re listening to it, imagine the accompanying image: a hooded figure slowly and ominously lifting his head to reveal a spooky goateed hacker looking dude.

HACKING TEAM ADVERTISMENT: Rely on us.

ALEX: I’d never heard about the hacking team until last week, when on Sunday, July fifth, someone released four hundred gigabytes of information they stole from the hacking team’s servers. You might have seen the headlines, but you probably didn't do what I've been doing this past week, pouring over all these crazy details, the inner workings of a private spying company. On Sunday, I called up Ryan Gallagher, a reporter for the Intercept. And he says that reporting on The Hacking team has always been slow and frustrating work. At least up until this hack.

RYAN GALLAGHER: So this came out last Sunday night and Monday morning I started going through and I didn't stop until about Thursday or Friday. I hardly even ate any food, I was just like totally engrossed in these e-mails. And I just couldn't believe, my jaw was just like, it was a jaw-dropping kind of scenario, just to actually see it there in black and white. It's just like somebody just suddenly turning the light on.

ALEX: The Hacking Team offers their clients a bunch of different services. Their most popular, off the shelf software is called Remote Control Systems or RCS. It can be installed on computers or smartphones through an innocuous looking email attachment, or by USB key. And Ryan says that once it’s on there, it gives the government complete control.

RYAN: It allows whoever's done the infection, the government agency, to steal, say you've got photographs on there, documents, all sorts of recorded audio if you're doing a Skype conversations, like you and I are now, if you're making a phone call, for them to recall the audio of the phone call to make copies of the text messages, your WhatsApp chats. They can tap the location function on your phone to basically, to see exactly where you are at any given moment.

ALEX: And what’s crazy, considering the company is just forty employees, is that their reach is massive. To say nothing of their work with the United States, the Hacking Team has made clients of countries all over the world.

RYAN: The top ones are Mexico, Italy, and Morocco in terms of the revenue. But they've also done deals with Saudi Arabia, Malaysia, the United Arab Emirates, Singapore, Kazakhstan, Sudan, Uzbekistan...

ALEX: The list goes on for a long time. And the Hacking Team says they work with these countries to help them get their bad guys. but the problem is that a lot of the places the hacking team works with have pretty terrible human rights records.

RYAN: they’re not very, shall we say conservative about who they sell to. They were trying to sell to a Bangladeshi so-called Death Squad called the "rapid action battalion," which is known for systematically torturing and executing people. You know, it doesn't get much worse, to be honest.

ALEX: Some of the fancy footwork the company uses to stay out of trouble is pretty stunning. In 2012, a prominent blogger in the United Arab Emirates named Ahmed Mansoor was beaten by authorities after they tracked him using Hacking Team’s flagship software, RCS. And in the files that were released this week, you can see their PR guy, Eric Rabe trying to come up with a plausible defence when RCS, was found on Ahmed Mansoor’s computer.

RYAN: That one is a great one because he’s caught red-handed there, that's him trying to cook up a denial and he's suggesting, that's him proposing to his colleagues internally and he's asking them, Can we think of any other software that has RCS in it? And we can say that, "Well it's no, it's commonly, you know RCS is a common acronym that's used,” like he's trying to find something else that they can, and it's just horrendous, the level of deception. I just find it so disturbing.

ALEX: In the hacking team’s internal emails, they sometimes worry that one day, all this might happen, that journalists might be able to read through their private emails. For example, the CEO of Hacking Team, David Vincenzetti, joked at one point “Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth!” He punctuated it with a smiley face. The Hacking Team also love to insult privacy advocates and human rights activists who want more insight into the company’s operations, are casually referred to as idiots and imbeciles. One Hacking Team staffer even offhandedly joked about wanted to have ACLU privacy activist Chris Soghoian killed writing, quote “If I could gather up enough Bitcoin I would use a service from the DarkNet and eliminate him. An asshole of this caliber doesn’t deserve to continue to consume oxygen.” All along, I’d been picturing the Hacking Team as a bunch of programmers sitting in front of computers, trying to find weaknesses in software that they wanted to break into. But then I talked to Kim Zetter, a reporter at Wired, and she told me that Hacking Team actually buys the work of other hackers. They had been stockpiling what are called zero day vulnerabilities, a flaw in phone or computer software that the company has spent zero days trying to fix. They don’t know about this flaw. But the hacking team does, and they use them as a backdoor into their targets' computers.

KIM ZETTER: We see in an email exchange with a company, security company called Netragard, where they're talking about selling a zero-day exploit to them and they were batting back a figure of about a hundred and five thousand dollars for that particular exploit.

ALEX: That is so much money. That is so much money.

KIM: Well, that can be on the low end. So zero days can go for anywhere from 5,000 dollars to half a million dollars or even a million dollars or more.

ALEX:Whoever is behind this hack could have made a lot of money selling these zero day exploits, rather than publishing them for public consumption. But they didn’t.

KIM: The motivation here appears to be you know, sort of as a social justice hack, a hacker who wanted to benefit from this economically would not dump these documents, they would have used the zero days for themselves or sold the zero days. So it’s clear that this was for exposing hacking team’s evasiveness and it’s lies over the years.

ALEX: No one knows who the hacker is. All we have is the name they’ve given themself, Phineas Phisher. Whoever he or she is, they weren’t available for an interview. Of course I wanted to talk to someone at Hacking Team, but private spy companies don’t just get on the phone with reporters.

ERIC RABE: Hello?

ALEX: Hi, is this Eric?

ERIC: Yes it is.

ALEX: Which is why I was so surprised when Eric Rabe picked up the phone. Eric Rabe is the the hacking team’s spokesman. Like everybody else, he’s dying to know who hacked the hacking team

ALEX: Do you know who perpetrated this hack and what their motivations were?

ERIC: I’d love to know. I’ve got the name of Phineas Fisher. I don’t think that’s a very probable real answer.

ALEX:: Who is Phineas Fisher?

ERIC: I don’t know. You know this some guy with obviously an ego the size of all outdoors. But I have no idea.

ALEX: Eric told me that he wanted to set the record straight. He says that his company, despite what reporters and human rights activists think, is actually working for the greater good. Even if from the outside, their client list suggests otherwise.

ERIC: Well let’s take Saudi Arabia. Now Saudi Arabia a lot of people would argue is a repressive regime and that their human rights record is not good and they oppress women and so on and so forth. You know the US sells F15 fighter jets to Saudi Arabia as a backbone of their air force and I think It’s generally considered to be an ally of the west and furthermore I think in a country like that you could argue that there’s a real good reason to have the capabilities that we provide because those places have issues with terrorists who are developing their networks and setting up shop and they need to be dealt with.

ALEX:But here’s the problem, the hacking team say that they’re good guys behind closed doors, but those doors have to stay closed because they’ve promised their clients secrecy.

ERIC: we guarantee in our contracts that we will not disclose who are clients are. that’s something the clients want and we agree to it.

ALEX: What this means is that if they do sever ties with a bad regime for beating up dissidents, they can’t go out in public and tell everyone about it. And that’s frustrating.

ALEX: I think the difficulty is that it’s impossible for me to verify that you operate ethically because you can't give specifics due to your confidentiality, so it reads like a dodge, even with former clients, you know what I mean?

ERIC: Yup I get it. No, I understand that and that’s a hit we’re willing to take because we feel like we have to protect the confidentiality of the legitimate users of the software who are trying to do a good job of protecting us. You know and I understand that it’s never going to be satisfactory to a humans rights activist group for me to say that and not let them come in and i don’t know what they would like maybe they'd like to sit in our operations center for a while or maybe every day but that’s not an option.

ALEX: So if you don’t want humans rights activists sitting in your control room watching who you guys work, what do you say to a bunch of journalists? Would you let us come check out what you’re doing?

ERIC: That'd be even worse. I’m being facetious, but i think if you were operating a police department you probably would want to be able to run your investigations without the oversight of human rights activists or journalists.

ALEX: Well you know you’re sort of walking a strange line, in that you're selling this very powerful software, and it seems like it would be very difficult for you to police how morally the people you are selling it to are operating.

ERIC: Well that’s right. I don’t think we’re in the business of policing it to be perfectly honest. We do our best to make sure we don’t just wantonly give it to people who are going to do bad things but at the end of the day you’re really counting on the police forces to do the right thing. So I guess you get down to a question of well can we trust authority and of course there are many people who don’t think you can but most people I think expect that you will be able to.

ALEX: In response to this leak, the Hacking Team has temporarily all of its customers to stop using its software. The Hacking Team continues to send out press releases that amount to “everything is fine,” but The Intercept’s Ryan Gallagher doesn’t buy it.

RYAN: Let's be frank about this: there's no way that they're in anything other than a complete crisis over this. I mean, their entire client list, all of their contracts, years of private, highly-revealing, candid, politically explosive e-mails have been dumped online. This thing has actually shut down their whole operation, at least temporarily.

ALEX: Chris Soghoian the ACLU activist who the Hacking Team said “doesn’t deserve to continue to consume oxygen, he says that even if the Hacking Team does go under, there’ll be more shadowy companies to replace them.

CHRIS: I suspect there will be other companies that will be quite eager to take their place because ultimately there are a lot of governments around the world now that want this software and there's money to be made from ethically flexible executives who don't mind providing this kind of technology to the governments who want it.

ALEX: If you want to search the leak yourself, Wikileaks has posted it, and it’s searchable by keyword.

PJ VOGT: Stick around after the break, we have a history breaking Yes Yes No.

BREAK

ALEX: It's time once again for Yes Yes No, the segment on this show where PJ and I pretend to have any real expertise in anything. In this case it's mostly arcane internet culture stuff. But this week even Pj doesn't quite have the expertise required and so he turned to me and Alex Blumberg. Just a warning there's quite a bit of profanity in this segment.

PJ: So I've been seeing something popping up on my internet that I don't understand and that I actually think the two of you between you have a better chance of understanding than I do.

ALEX GOLDMAN: Whoaa. Yes Yes No with PJ as the No.

ALEX BLUMBERG: The Twilight Zone version.

PJ: This is the version where suddenly like being a dad of a small child gives you access to a world of important information.

ALEX BLUMBERG: Ahh. Yes.

PJ: Okay, so do you guys know what minions are?

ALEX GOLDMAN: Yeah.

ALEX BLUMBERG: Yes.

PJ: Oh great. Okay so I got sick for a week and wasn't really on the internet and when I came back all anybody would talk about was minions. Can I read you some of these minion tweets?

ALEX BLUMBERG: Sure.

PJ: These are mostly from weird Twitter. This is from a woman named Tuff Ghost: “I want a minion to beat me to death.” This is from Katie Notopoulos, the world's greatest internet troll reporter: “My quest to fuck the minions has hit some road bumps. If you believe I will fuck the minions please send me good vibes #minionfuckquest.” And then there's a still of a minion, which is like a yellow banana with one eye, it looks like Pixar, the minions is between two fire, yellow fire hydrants and it's looking at them sort of lasciviously. And then somebody tweeted: “Holy shit, are you kidding me? The minion wants to fuck the fire hydrants? @minions.”

ALEX GOLDMAN: So what's your question?

PJ: I just don't know. I dont know what they are. I don't know why they're suddenly inescapable. And I don't know what people's primary feeling about them is.

ALEX BLUMBERG: You mind if I? I think together we can take this.

PJ: Blumberg. Why?!

ALEX GOLDMAN: I want to hear you do this.

ALEX BLUMBERG: Alright, so there was a movie called Despicable Me. Do you remember this?

PJ: No.

ALEX BLUMBERG: It was an animated feature and it starred the voice of Steve Carell as a supervillain.

ALEX GOLDMAN: Named Gru.

ALEX BLUMBERG: And he ended up caring for three children and found love inside his frozen heart and he had a secret laboratory in his house and the assistants that worked in his laboratory were these little yellow fire hydrants with one eye called minions and they speak in this adorable sort of like [ALEX SPEAKS MINION] sort of gibberish sort of thing, but now because of the age we live in, those side characters, one or two sequels later get their own movie. A la Penguins of Madagascar.

PJ: Oh man this is not getting - that reference did not help me at all. Is this what it feels like for you all the time?

ALEX BLUMBERG: Yes! Welcome to my world. Wait you've never seen Penguins of Madagascar?

ALEX GOLDMAN: That actually, that one flew right over my head too.

ALEX BLUMBERG: Oh my god. Alright so there was a movie in which the penguins of Madagascar became like, they got their own movie eventually. Anyway I saw the original Despicable Me, I did not see Despicable Me 2 and I have not seen the most recent movie but I know that it is bananas popular because, you got that information from Twitter, I got that information from my four year old son. He doesn't watch tv really, he's scared of everything, he's very terrified of cartoons and would not ever want to see a full length feature of anything, started talking to me out of the blue about minions.

PJ: And what did he say?

ALEX BLUMBERG: He was like, daddy that looks like a minion. Or that man was wearing glasses like a minion wears, or something like that. They're just like a thing that's in his world now. Sort of the very same way that they're a thing that's in your world. I don't know what his chances are, I'm pretty sure it's not social media but some how that's how powerful this movie is, it's crept into everybody.

ALEX GOLDMAN: So minions have become so popular, people have started making these nonsensical memes like totally straight face, not like the ones that you saw.

PJ: Okay.

ALEX GOLDMAN: These sort of straight face memes that they post on Facebook which is like a picture of two minions smiling and it's like, "That feeling when you get a three day weekend." But like if you look at this one, it's a sad looking minion and it says, "Keep calm and pretend it's not Monday."

PJ: Okay.

ALEX GOLDMAN: And it's like their faces have become this sort of standing for all kinds of emotions, so this has become a thing that I think aunts and uncles of the people who live in weird Twitter are doing, so weird Twitter are just taking this the like culture's love of the minion to this really sort of dadaist absurd place.

PJ: I think I have this. Can I try to explain it to you guys?

ALEX GOLDMAN: Oh my god this is such a revolutionary...

ALEX BLUMBERG: Yes.

PJ: This is definitely a first. It's weird to be on the other side. It requires like a lot more concentration. It's like a lot more doing math and a lot less telling someone a story. Okay so there was a series of children's movies starring a villain and his henchman called minions which are one-eyed banana creatures, eventually they were spun off into their own movie which has become such a massive cultural phenomenon that minions right now are like the smiley face. They're inescapable and people imprint whatever feeling they have on to them. The people in my corner of the internet are making a joke about how everyone loves minions and sexualizing it to be inappropriate.

ALEX GOLDMAN: I think you got it.

ALEX BLUMBERG: We're at Yes Yes Yes. Are you shocked, like oh you don't know about that? You are shocked that you don't know about that.

PJ: Normally I feel shocked that you don't know about these things because they feel like everybody's talking about them.

ALEX BLUMBERG: Right. Right.

PJ: But like I haven't, my cultural world does not include the minions.

ALEX BLUMBERG: That's amazing.

ALEX GOLDMAN: I feel like I have the same feeling about the vastness of the world and sort of the inescapability of me losing touch with pop culture. When I started realizing that there were incredibly popular young musicians whose music I could not pick out. I could not tell you what song Ariana Grande plays.

PJ: She does Bang Bang.

ALEX BLUMBERG: I don't even know who Ariana Grande is.

ALEX GOLDMAN: And we're back at Yes Yes No.

ALEX GOLDMAN: Reply All is hosted by Pj Vogt and me, Alex Goldman. We were produced this week by Tim Howard, Sruthi Pinnamaneni, and Phia Bennin. Production assistance by Sylvie Douglis. Matt Lieber is a new haircut that's not all messed up and weird. Are show was mixed by Rick Kwan. Special thanks this week to Emily Kennedy, our theme song is by the Mysterious Breakmaster Cylinder and our ad music is by Build Buildings. You can find more episodes at iTunes.com/replyall. Our website is replyall.limo. Thanks for listening. We'll see you next week.

PJ: And then also I would just get the diapers line one more time.

ALEX: Alright. Reply All is hosted by PJ Vogt, and me Alex Goldman. I love to sniff up diapers.

PJ: Can you do it, I don't want it to sound like an endorsement, but I want you to sound enthusiastic.

ALEX: Reply All is hosted by PJ Vogt, and me Alex Goldman. I love to sniff up diapers.

PJ: Not sleazy though. Almost like, I love a good diaper sniff.

ALEX: Right. Reply All is hosted by PJ Vogt, and me Alex Goldman. I love to sniff up diapers.

PJ: That's good.

ALEX: You don't think I oversold it?

PJ: I think you, I just want you to do one more where it's like in the moment. It's like you've been sniffing up diapers all this time and you're realizing, oh this is what I love.

ALEX: Okay I got it, I got it. Reply All is hosted by PJ Vogt, and me Alex Goldman. I love to sniff up diapers.

PJ: Okay, we keep going, we were produced this week...

ALEX: We were produced this week by Tim Howard, Sruthi Pinnamaneni, Phia Bennin and edited by Alex Blumberg.

Pj: Perfect.