Malaysian military intelligence, HackingTeam spyware and middlemen

In the face of increased scrutiny into the HackingTeam files, governments around the world has started to feel the heat. Just last week, a South Korean spy took his own life in the aftermath of the HackingTeam revelations.

While the investigation into the South Korean spy’s death continues, other customers are suffering from revelations provided by the hack. We cannot help but ask what the implications are for Malaysian intelligence agencies listed as customers of HackingTeam.

It is clear that Malaysian internet freedom has been eroding slowly in recent years while political scandals mired public consciousness. According to the Enemies of the Internet Report of 2012, in the lead-up to the 2013 elections, there was a chilling effect on internet freedom in Malaysia as new media replaced the place of the stifled traditional media outlets.

Malaysia’s new Prevention of Terrorism Act of 2015 and Security Offences (Special Measures) Act of 2012 aimed to create legal environments for legal intercepts of electronic communications. Both has been widely slammed as repressive. In addition, as DigitalNewsAsia has noted, spying of Malaysian citizens by their own government may in fact be unconstitutional.

Absent a bipartisan commission to protect Malaysian citizens from undue or politically motivated surveillance, we need to conduct deeper analysis to determine the nature of electronic surveillance spyware providers and the government.

Therefore, we explored the purchasing decisions and how local resellers worked with HackingTeam. Military intelligence in Malaysia had access to HackingTeam spyware during the 2013 election season and middlemen were seeking commission for the contract. Other findings of interest were also documented below. Screenshot 2015-07-22 11.09.52

The Malaysian clients of HackingTeam

Continue reading

The plot thickens: Malaysia’s extensive contact with Hacking Team

This post was originally posted on Medium here.

The full trove of documents from Italy’s commercial spyware provider Hacking Team is now online. From the invoices sent by the Hacking Team to Miliserv Technologies, the Shah Alam based entity that seem to be the Putrajaya’s channel, there was large investment in surveillance technology in 2013. There were concerns from civil society groups and overseas observers about the Malaysian government’s repressive stance during that period, an election year.

Perhaps this was no surprise, as The Verge wrote about Wikileak’s efforts to track spyware contractors and Malaysia was on the itinerary for Gemma International and Hacking Team. According to Wikileaks, Hacking Team visited Malaysia in December 2011 and then for a longer period in March 2013.

Hacking Team had a good reason to visit Malaysia, given that Malaysia has spent around 1.86 million Euros on their catalogue and sits as one of their top 10 customers.

Not a complete list of Hacking Team’s customers

Continue reading

Clues to Malaysia’s electronic surveillance from hacked commercial spyware provider

This post was originally posted on Medium here.

Leaked documents from Milan-based blackhat hacking company Hacking Team confirmed that the Malaysian government has been purchasing services from them. It also revealed that Hacking Team has been working with states like Sudan and Bahrain, among other countries that are known to target domestic political activists.

The Hacking Team write spyware and surveillance technology for governments, intelligence agencies and private corporations. Selling themselves as “[providing] effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities”, Hacking Team provides software solutions for governments to spy on electronic devices and their users.

The Citizen Lab, a Canadian research institute concerned with electronic surveillance, documented how spyware from the Hacking Team assisted Ethiopia’s intelligence body target journalists based outside the country. As Human Rights Watch noted, there are definitely human rights concerns for activists in other countries that purchased contracts for Hacking Team’s software.

Continue reading