Malaysian military intelligence, HackingTeam spyware and middlemen

In the face of increased scrutiny into the HackingTeam files, governments around the world has started to feel the heat. Just last week, a South Korean spy took his own life in the aftermath of the HackingTeam revelations.

While the investigation into the South Korean spy’s death continues, other customers are suffering from revelations provided by the hack. We cannot help but ask what the implications are for Malaysian intelligence agencies listed as customers of HackingTeam.

It is clear that Malaysian internet freedom has been eroding slowly in recent years while political scandals mired public consciousness. According to the Enemies of the Internet Report of 2012, in the lead-up to the 2013 elections, there was a chilling effect on internet freedom in Malaysia as new media replaced the place of the stifled traditional media outlets.

Malaysia’s new Prevention of Terrorism Act of 2015 and Security Offences (Special Measures) Act of 2012 aimed to create legal environments for legal intercepts of electronic communications. Both has been widely slammed as repressive. In addition, as DigitalNewsAsia has noted, spying of Malaysian citizens by their own government may in fact be unconstitutional.

Absent a bipartisan commission to protect Malaysian citizens from undue or politically motivated surveillance, we need to conduct deeper analysis to determine the nature of electronic surveillance spyware providers and the government.

Therefore, we explored the purchasing decisions and how local resellers worked with HackingTeam. Military intelligence in Malaysia had access to HackingTeam spyware during the 2013 election season and middlemen were seeking commission for the contract. Other findings of interest were also documented below. Screenshot 2015-07-22 11.09.52

The Malaysian clients of HackingTeam

****

HackingTeam’s Other Malaysian Reseller

Questions remain on how many Malaysian governmental agencies had purchased spyware from HackingTeam. However, we managed to confirm as suspected in earlier posts on the matter, MIMY or Malaysia Intelligene (sic) listed in HackingTeam client list was in fact Malaysian military intelligence.
Screenshot 2015-07-07 15.59.42 Given the amount of money spent by Malaysian military intelligence agencies on HackingTeam software, we have to consider how and for what purposes were the spyware purchased. All other Malaysian state buyers had used Miliserv Technologies as their channel, even though HackingTeam’s executives generally do not have good things to say about Miliserv’s effectiveness in building their Malaysian customer base. HackingTeam has a second agent, referred to as K, in Malaysia who seem to deal with Police and Military agencies in the government. Screenshot 2015-07-22 15.21.48

An email from a HackingTeam employee 23 November 2012 stating clearly that business relationship between HackingTeam, Mr K and Malaysian military intelligence.

Mr K was acting an agent and reseller for HackingTeam in Malaysia, employing his contacts in the intelligence and security industry across Southeast Asia to find buyers. He was also linked to the following companies, Charmco (Hong Kong), G Track Tech (Malaysia) and Expert Intelligence (Singapore).

Screenshot 2015-07-23 12.08.46

Singapore’s Expert Intelligence Pte Ltd seems to have ceased operations.Screenshot 2015-07-23 12.03.01

The Malaysian company G Track Technology liaised between HackingTeam and Malaysian military intelligence until it was replaced by Hong Kong’s Charmco Enterprises Ltd .

****

Charmco and Payments

Screenshot 2015-07-23 11.55.13

A search of the Hong Kong company registry brings up 3 possible Charmco Enterprises Ltd

It was Mr K’s Hong Kong company, Charmco Enterprises Limited, that acted as the channel for military and police purchasing of spyware from HackingTeam. This differs to Miliserv’s customer base, which is largely limited to the bureaucratic and political sphere, such as the Malaysian Anti-Corruption Commission and the Prime Minister’s Department.

For example, in 2012 a demonstration of HackingTeam’s software for Malaysian Customs was requested from K and not from Miliserv. Although it seems that Customs the deal had fallen through, the fact that Customs was interested in spyware is instructive of the ease of availability and justifications for government agencies interested in deploying electronic surveillance. Screenshot 2015-07-22 11.19.28

An invoice for Charmco Enterprises Limited issued by HackingTeam

We analysed Malaysia military intelligence’s first major contract from HackingTeam in late 2012 to find out the procurement process. Purchasing through Hong Kong based Charmco Enterprises Ltd, the Malaysian Ministry of Defence Intelligence Unit spent at least 460,000 Euros on HackingTeam’s software.

Screenshot 2015-07-23 12.36.11

Charmco Enterprises Ltd shares the same physical location as Tony’s Services, a virtual office provider. 

Charmco Enterprises Ltd, listed on HackingTeam’s invoices as having a Hong Kong address, is likely just a shell. It was used for invoices issued to Malaysian military intelligence and other agencies purchasing HackingTeam’s software via the middleman.

In fact, the invoices were never sent to that address but instead to the Malaysian middleman. Payments were then sent from the purchasing Malaysian government agencies to Charmco Enterprises Ltd and its HSBC Hong Kong account before then being used to pay HackingTeam in Italy. Screenshot 2015-07-22 14.06.49

Inovices issued to Charmco Enterprises Ltd from the HackingTeam were delivered to HackingTeam’s Singapore-based employee, Daniel Maglietta, instead of their Hong Kong delivery address.Screenshot 2015-07-22 14.59.18Payment advice from HSBC Hong Kong from Charmco Enterprises Ltd to HackingTeam in Italy

One question that comes to mind then is why is there a need to involve a shell company in Hong Kong? Perhaps there was a need to keep military surveillance capacities secret? We found that there may in fact be a more prosaic reason.

****

Commissions and the ElectionsScreenshot 2015-07-22 15.38.22

Working on commission to be added to a HackingTeam invoice, an email dated 25 May 2012 from the agent to HackingTeam. Details of the military intelligence buyer removed.

In the November/December 2012 contract, an attempt was made to add an extraordinary amount of commission. To quote the email sent by the middleman to his HackingTeam partners, “to include everybody (sic) interest on my side please add on Euro 300,000.00 for me.” This sum includes an agent rebate, which sellers add to to invoices as a way for agents to be paid.

To be fair, agent rebates are not unheard of nor uncommon in Malaysia. However the HackingTeam seem to have a policy of between 20 to 25% of a contract for their agent rebates. To this request, HackingTeam’s Sales Manager Marco Bettini replied on the same day, shocked. It is worth quoting in part his response:

I think 300.000 Euros to add for you are (sic) too much for two reasons:We risk to go out of market, our policy doesn’t allow us to pay back more than 20%/25% of the sales.If you need this amount for any reason, we must sell through your company, not directly.

Screenshot 2015-07-22 15.43.18

The reply with names removed.

If this deal that was to go ahead at such high rate of agent rebates, HackingTeam could not have their name on the transaction as it will raise too many questions and concerns of financial irregularities. Considering that the negotiation then was for a 350,000 Euro package, that was an extremely high figure to ask for.

How much of the 460,000 Euros paid in the November/December 2012 contract was rebates for the agent and whoever s/he cared to share it with?

A 5 November 2012 email from the agent to the HackingTeam makes it clear that an overseas company Charmco Enterprises Ltd in Hong Kong will conduct the transaction. With Charmco as the middle man in transactions, we cannot know how much Malaysian military intelligence paid but it seems like they were in a hurry to purchase and deploy the software.

Screenshot 2015-07-23 14.57.17

The reasons for that? They had to finish their financial year’s budget before 15 December, a common enough bureaucratic problem. However, an email between two HackingTeam employees also makes it clear that Malaysian military intelligence would like to use the spyware during the election season. As they discussed, “[…] MI would like to use our solution during the elections that will take place anytime from now onwards.”Screenshot 2015-07-22 14.10.03

Malaysian military intelligence wanted use HackingTeam’s software solutions for the 2013 Malaysian elections.

Screenshot 2015-07-22 12.06.16Email from Malaysian agent to HackingTeam discussing competition dated 21 May 2012

In that period leading up to the elections, there was also serious competition between spyware providers for Malaysian government business.  As Mr K notes, there are at least another three electronic surveillance providers actively promoting their products in Malaysia: Gamma Group International, Shoghi Communications Ltd (sic) and IOS@IOX, possibly from CISCO Systems.

Gamma Group and its FinFisher software is well-known and well-documented to have been actively deployed during the Malaysian elections. There was distribution of spyware infected Bahasa Malaysia Word documents disguised as election material. Digital security experts Citizen Lab, described the file as likely having a state provenance. The New York Times also wrote about FinFisher’s servers in Malaysia on 13 March 2013, suggesting that there was politically motivated electronic surveillance in Malaysia.

The Malaysian Insider reported the story from the New York Times and received a strong response and investigation from Malaysian internet regulator the Malaysian Communications and Multimedia Commission (MCMC) who writes,

MCMC is investigating the news report issued by local online news portal, The Malaysian Insider, at around 3:00 pm today with the headline stating “Malaysia Uses Spyware against Own Citizens, NYT Reports”. MCMC would like to state that this report is speculative and ill-researched. The online portal appears to have failed to verify the veracity of the report from the New York Times, nor checked the facts which are available online and had made its own conclusions on the matter.

The MCMC based its response on the fact that having spyware servers based in the country does not necessary mean that Malaysia is using spyware, as this was part of a concealment strategy. The MCMC also quotes a disclaimer from the Citizen Lab report which was the basis of the New York Times and Malaysian Insider reporting:

“Please note: we are not able to determine whether they’re actually being used by any government agency, if they are operated by local people or if they are completely unrelated at all: they are simply the results of an active fingerprinting of a unique behavior associated with what is believed to be the FinFisher infrastructure. Our guess is that part of the identified C&Cs are acting as proxies.”

However, the above email between the Malaysian agent K and HackingTeam dated 21 May 2012 suggest that there was an existing competition between suppliers of electronic surveillance in Malaysia. Taken in whole, this raises serious questions about the breadth and depth of electronic surveillance in the country, along with why military intelligence should be interested in deploying electronic surveillance during the elections.

****

Linking up with Other Departments and Agencies Screenshot 2015-07-22 12.18.33

The Prime Minister’s Department had also been looking into spyware and had been in contact with middlemen for the HackingTeam. This confirmed our suspicions from earlier articles, that the Prime Minister’s Department was looking into procuring spyware for the Research Division. The 2 July 2012 email above sees Mr K trying to set HackingTeam up with the Research Division. Screenshot 2015-07-22 12.20.01 A same day reply makes it clear that the PMO has negotiated with HackingTeam for a while now. In fact, the contract with a PMO will take multiple years to complete, a matter that we will explore in our next article. Charmco was also used as the reseller entity for other departments such as by issuing this purchase order on behalf of the Malaysian Police of Commercial Crime also appeared on December 2013.

It is not yet known if the Malaysian police had purchased the spyware. Malaysian Customs had also known about HackingTeam’s software solutions. It is not yet known what electronic surveillance capabilities they sought. Perhaps further investigations into the HackingTeam files will uncover police purchases at a later date. Screenshot 2015-07-22 11.38.04

Charmco’s Purchase Order for HackingTeam’s Da Vinci remote control system spyware

Charmco’s work also involved working and reselling HackingTeam’s products to other intelligence agencies in other countries, from as close as Singapore, Phillipines and Thailand to the Middle East, such as Qatar’s intelligence agencies and the Emirates airline (which HackingTeam rejected working with, due to its status as a private company).

****

Conclusion

Of interest from looking at the purchasing decisions of the Malaysian military intelligence, we can see that they sought out spyware solutions to use during the 2013 election seasons in Malaysia. Unfortunately, it is hard to uncover where and how the spyware was used. However, the consistent silence from all the parties involved suggest a comfortable position remaining in the darkness, hidden behind national security arguments.

Exploring the trove of emails suggests that multiple government agencies in Malaysia were investigating integrating electronic surveillance into their arsenal. Many agencies that expressed interest were ostentatiously concerned with domestic security, which leaves one with many questions about governmental power in Malaysia.

Used to not explaining their actions to the public, it is doubtful that any of the agencies and ministries involved will answer and illuminate what limits they have with regards to electronic surveillance. Thus it is unlikely that Malaysians will find out what has occurred under the guise of security.

What is perhaps more concerning to Malaysians is not the spying or electronic surveillance, but that purchases of high-end spyware is just another excuse to defraud the public purse. In the shadow of the enormous 1MDB scandal, all other unwieldy and suspect purchasing decisions has paled and pushed to the background as side-notes.

Perhaps it cannot be known if electronic surveillance exist in Malaysia but government corruption and lack of accountability definitely do. Without increasing government accountability in Putrajaya, the limits of electronic surveillance cannot discussed and questioned.

Screenshot 2015-07-07 15.44.25As noted above, HackingTeam is but one company among many that seek to arm governments with the means to subject their citizens to scrutiny. The Malaysian government, not used to scrutiny itself, makes for a very attractive customer. So attractive, it was HackingTeam’s seventh best customer.

Advertisements

One thought on “Malaysian military intelligence, HackingTeam spyware and middlemen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s