Media reports on the latest Wikileaks expose include references to South African government departments seeking advanced electronic eavesdropping software. This has not only raised questions about citizens’ rights but also indicates a possible counter-crime or counter-terrorist capability. defenceWeb sought to clarify the issue.
The reports have shown advanced spyware, like that manufactured by Italian company Hacking Team, can “infect” smart phones and other smart devices like Androids and tablets and is undetectable by normal anti-virus software.
defenceWeb spoke to Matthew Aid, an intelligence analyst, author and former US National Security Agency (NSA) employee about why a government would turn to private spyware manufacturers like Hacking Team. “No questions [were] asked about how the technology was to be used or who was to be targeted, which is the problem one usually runs into when you try to approach governments such as the US to sell this kind of equipment. The principal application of this sort of technology is domestic spying, not foreign intelligence. That is why you buy from Hacking Team… no questions about how the technology is going to be used. Look at the intelligence services that also contracted with Hacking Team for their technology, like the Cypriot and South Korean services, which have troubled reputations when it comes to respecting privacy rights of their citizens.”
Wikileaks has published large amounts of information on the work of Hacking Team, which shows South African government departments contacted the company. No indications, such as purchase orders or contracts, prove that Hacking Team actually sold anything to South Africa.
Another spyware company, however, apparently did sell material to South Africa. Gamma Group is known for spyware called FinFisher or FinSpy. At least two IP addresses were found in South Africa infected with this spyware, according to media reports. Aid described how this spyware could be used:
“Some spyware systems target whole blocks of IP addresses or phone numbers like a shotgun blast, hoping to catch a tidbit of intelligence from amongst hundreds, if not thousands (or tens of thousands) of targets. Other systems, like FinFisher, are used like a sniper rifle against specific, pre-programed targets because they never change and have been found over time to bear intelligence. Spyware systems that target huge blocks of numbers are used like a dragnet or for searching for targets. FinFisher is used once the target has been identified and you want to monitor everything that goes in or out of that IP address.
“My guess would be that virtually every government in Africa is engaged to one degree or another in cell phone or smartphone tapping. The Egyptians and Moroccans, for example, have been tapping cell phones using American and Russian-supplied equipment for decades. So have the Ethiopians and Nigerians. The digital eavesdropping technology is easy to come by on the open market, and the price is relatively affordable compared with the old and very expensive analogue telephone tapping systems of the Cold War era that had to be installed at telephone exchanges and required the cooperation of the major telephone companies. If you are an African government wanting to keep a close watch on your political opposition or anyone deemed a potential threat, then your security service has to have a cell phone/smartphone monitoring capability. It is one of the ‘essentials’ in the 21st Century spying business, especially in a continent as volatile as Africa.
“The availability and affordability of spyware and cell phone monitoring technology mean that virtually anyone with money can purchase this equipment. The Colombian and Mexican drug cartels are major users of cell phone tapping technology, which they purchase from corrupt cops or on the open market in places like Panama, where anything is for sale. ISIS in Iraq and the Taliban in Afghanistan have also been caught using this technology by jury-rigging commercial cell phone equipment into interception devices. Moreover, this stuff is incredibly easy to buy because you don’t need an end-user certificate to purchase this technology, which you needed back in the Cold War era. I get the clear impression that Hacking Team and companies of the same ilk don’t ask many questions.”