DEA Also Spending Millions To Purchase Exploits And Spyware
from the all-up-in-your-everything dept
As more information leaks out into the public domain, the only difference between the NSA and the DEA seems to be the selection of letters in their acronyms. Both are now known for their bulk domestic collections and both are known for being involved in neverending wars. Now, thanks to Privacy International and Vice’s Motherboard, both are known for purchasing weaponized software.
The Drug Enforcement Administration has been buying spyware produced by the controversial Italian surveillance tech company Hacking Team since 2012, Motherboard has learned.
The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.
The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal.
The problem with the DEA’s purchase and deployment of this malware is that tools normally used to engage in the protection of national security — by military and intelligence agencies — are being handed out to US law enforcement without the slightest concern for the Fourth Amendment or privacy implications. There’s a level of intrusion present here that’s never been examined by the courts. Not that the DEA would ever allow details on Hacking Team’s products to ever enter a courtroom in the first place. Hacking Team’s spy products are one of many secret law enforcement capabilities — something that must never be spoken of in public forums.
The capabilities detailed here far surpass anything that could be obtained with a search warrant or court order. The DEA’s phone metadata collection may still fall under the Third Party Doctrine, but it’s hard to believe anything obtained via the hijacking of cameras, computers and phones would be signed off on by magistrate judges.
There is unclear statutory authority authorising the deployment of spyware by US federal or law enforcement agencies, meaning that deployment of the RCS by the DEA or the Army is potentially unlawful under US law. Furthermore, because RCS is designed to be usable against targets even while they are outside of the end-user’s legal jurisdiction, it raises serious legal questions concerning the ability of US agencies and the military to target individuals based outside of the United States.
Privacy International — which has been tracking private companies in the spyware business for years — is bringing Hacking Team’s activities to the Italian government’s attention.
Hacking Team has confirmed that their product has since 1st January 2015 been subject to export restrictions from the Italian government, which is the first step in ensuring that these types of technologies are not exported and used for human rights violations. This means that the Italian export authority now has to assess and approve any export of Hacking Team’s products in order for a sale to go ahead.
How the Italian government now assesses any potential exports is unclear. Although EU export control regulations stipulate that in circumstances where an export is going to a military end-user the licensing authority should look at a set of criteria which contain human clauses, in practice this rule is implemented disparately across the European Union member states.
Much like many weapons are subject to export restrictions, so are certain kinds of software. Hacking Team’s offerings have been sold all over the world — and not just to the “good guys.” PI says it has evidence this software has been sold to governments known for human rights abuses and has been deployed to surveil journalists and activists.
This may lead to Hacking Team spending some time discussing its product line with Italian regulators — which could result in additional sales and export restrictions. Or this may just lead Hacking Team to find a new home — somewhere its offerings won’t be eyeballed too closely.
It seems to be leaving its location options open, just in case. In the US, it does business under the name of Cicom USA — supposedly just a “reseller” of Hacking Team’s product line.
The connection between Cicom USA and Hacking Team was confirmed to Motherboard by multiple sources with knowledge of the deal, who spoke on condition of anonymity because they were not authorized to discuss the content of the contract…
Cicom USA is based in Annapolis, MD, at the same exact address where Hacking Team’s US office is located, according to the company’s website. The phone number for Cicom USA listed in the contract with the DEA, moreover, is exactly the same one that was displayed on Hacking Team’s website until February of this year.
A few dozen empty offices around the world acting as “local distributors” could assist Hacking Team in dodging local import/export regulations.
The DEA’s use of Hacking Team’s product line deserves closer examination. The capabilities detailed here have yet to be uncovered in criminal prosecutions, suggesting the agency is still heavily engaged in legally dubious parallel construction.
Filed Under: 4th amendment, dea, exploits, hacking tools, spyware
Companies: hacking team
Comments on “DEA Also Spending Millions To Purchase Exploits And Spyware”
I wonder how much worse things will get before people start doing something about this lunacy en masse
Re: Re:
The answer to that would seem to be much, much worse.
Re: Re:
many have…
Empire does not hear the baleful bleatings of the sheeple…
there were record numbers of protests -both worldwide and domestically- before the iraq war, and it mattered not one whit to Empire…
the occupy movementette, was crushed with extra-legal -and quite konspiratorial- means with hardly a bahhh from the sheeple…
(of course, part of that is the near-absolute control of the media, and who don’t report on stories embarrassing to Empire…)
frei sprech zones, sekret executive Orders, extra-judicial executions, bribery legalized, morality compromised, and mammon our highest god, our only aspiration…
but it is not the chains of Empire which restrain us, but the chains we imagine ourselves to be bound by…
who will be first to step into the chasm ?
…and who will follow ? ? ?
Re: Re: Re:
Watching what has been happening in the states makes me wish Canada would build a border wall to try and limit the breakdown of society when it happens from spilling over into us too much
Another agency gone rogue.
” The capabilities detailed here have yet to be uncovered in criminal prosecutions, suggesting the agency is still heavily engaged in legally dubious parallel construction. “
The kind of things the DEA is supposed to be doing are law enforcement things that lead to criminal prosecutions. So, either they are doing things they are not supposed to be doing (i.e. domestic spying for other reasons) or they are lying about things in court. Neither possibility makes them look good.
Human Rights Violations
“PI says it has evidence this software has been sold to governments known for human rights abuses…”
You mean like the USA?
… how do people not know that the DEA is an intelligence agency…
Re: Re:
However if they are bypassing export restrictions at that company it would good if they got their legal house in order quickly.
What kills me is that as these things become apparent, I don’t see any calls to patching software, fixing hardware, or or fixing standards and protocols to mitigate this type of activity. And while we get patches for some things, they certainly don’t even cover the (much cheaper if the governments are interested) criminal markets for similar wares (and a lot of other innovative, if ghastly, stuff). And I don’t believe for a second that major vendors couldn’t get (or haven’t gotten) their hands on these things or enough info to mitigate.
Of course a lot of entry is via other tactics, social engineering, and complicity. But it’s like they don’t try at all.
Re: Re:
I am having a hard time parsing your statement….
Like the calls for improved encryption and the calls to push buggy, vulnerable, outdated software (like java and flash) off the web by major tech companies? those calls?
I can’t seem to figure out what you are saying here. Much cheaper then what? similar to what?
Are you refering to Security patches? no-that doesn’t make any sense.
The software being discussed in the article? how is it cheaper then itself?
It would seem that the software is stuff that needs to be installed on the target system. If it obeys the computers rules, its hard to break in the OS without breaking legitimate software. Mitigation of spyware has been a war for a long time, and generally requires software designed to mitigate it. Microsoft had a great solution. Provide a free, baseline anti-malware solution to get fixes for spy- and malware out to the people as quickly as microsoft can fix them. Norton and MacAfee shut that down.
One place I admit I have always been confused about is why the light on a laptop webcam isn’t directly tied to the power system on the camera itself. No software turn on the light, but literally have the camera and led power intertwined, hardline. You can’t turn on one without the other. That would fix one problem.
So, the tl;dr is that the DEA are the equivlaent of the Syrian Electronic Army.
Good to know.
Re: Re:
Not quite.
Perhaps the S. E. Army with an army of foreign fascist billionaire backers, total immunity from world law enforcement consequences, and the largest arsenal of electronic hacking hard&software on earth, might be a better measure.
I like to think of the CIAF BINSADEA as the Electronic MAFIA on Steroids.
—
I’m glad I don’t use Windows.
Re: Re:
Too bad the RCS is also advertised to work on Linux.
Re: Re:
As a long-time Linux user, I feel duty bound to recommend that you don’t get too complacent just because you use Linux. While there are more exploits for Windows, there are exploits aimed at Linux as well. No system is 100% secure, regardless of what OS it is running.
Its Just A Go*Damned Piece of Paper
Its easy to see law enforcement agencies steadily becoming enemies of the America we all know as citizens because of policies handed down the chain of command by people who exclaim what they really think of our US Constitution.
Re: Its Just A Go*Damned Piece of Paper
We have to acknowledge Neil Young’s take on it too.. In a lyric from ‘Rockin in the Free World’ he sings, “We got a kinder, gentler machine gun hand.”
Someone won’t let us have a kindler gentler nation. And its all f*cked up now, isn’t it?
John Oliver had the right idea
You can use big and scary words to describe the absurd capabilities of the alphabet agencies but people just do not give a fuck until they find out the government can see their dick (or their significant others’ dick) as John Oliver recently proved.
Techdirt, you need to frame this as “the DEA can see your dick” and maybe, just maybe, we can have a serious conversation about privacy and the state of the 4th amendment.