A few months ago, The Diplomat wrote a piece about surveillance practices and programs in Central Asia. Working from an in-depth report from Privacy International, it didn’t take much digging to find Western companies – including U.S.-based Verint Systems and the Israel-based NICE Systems – guilty of selling Central Asian regimes programs to track citizens, opposition, and dissidents.
Now, we have further information about how these organizations funnel their wares to repressive Central Asian governments – as well as how much they’re paid in return. A massive hack earlier this month into the inner workings of Hacking Team, an Italy-based surveillance software manufacturer, pried some 400GB worth of data, including, according to Wired, “directories, audio recordings, emails and source code.” Prior to the leak Hacking Team’s proclivities had grown so pronounced that Reporters Without Borders placed the company on its Enemies of the Internet Index. Rumors of Hacking Team’s alleged improprieties have swirled for years, led most notably by Citizen Lab, which determined the company had sold its Remote Control Systems (RCS) to Uzbekistan and Kazakhstan.
With the latest breach, however, we have a far fuller picture of how Hacking Team hawked its wares to Central Asian (and other) autocrats. Among the clients leaked are Ethiopia, Sudan, Azerbaijan, Morocco, Singapore, South Korea, Vietnam, Thailand, and Russia, in addition to confirmation of sales to Uzbekistan and Kazakhstan. Kazakhstan spent nearly $1 million on Hacking Team’s surveillance mechanisms, while Uzbekistan outlaid more than $860,000 on programs to monitor its citizenry. Likewise, the leak showed that NICE Systems, already outed for working with Central Asian regimes, “is a reseller for Hacking Team,” according to Privacy International. The leak also appears to have confirmed that NICE Systems sold RCS to the dictatorship in Azerbaijan.
That’s not all. Earlier this week, the Organization Crime and Corruption Reporting Project revealed leaked emails showing that Hacking Team “gave permission for its spyware to be ‘presented and promoted’ to the secret police of Turkmenistan.” Hacking Team, per the emails, gave a “green light” to allow the Turkmenistani authorities to examine the program. It remains unclear whether a sale was finalized. (Two years ago, NICE Systems also attempted to sell Hacking Team material to Turkmenistani authorities, thought it appears that sale fell through.) FinFisher, another digital surveillance company, has already seen its programs used in Turkmenistan.
The fallout from Hacking Team’s breach has only just begun, but helps shine a light on the opaque transactions between oppressive regimes in Central Asia and Western companies willing to abet their monitoring.