DEA Also Spending Millions To Purchase Exploits And Spyware

from the all-up-in-your-everything dept

As more information leaks out into the public domain, the only difference between the NSA and the DEA seems to be the selection of letters in their acronyms. Both are now known for their bulk domestic collections and both are known for being involved in neverending wars. Now, thanks to Privacy International and Vice's Motherboard, both are known for purchasing weaponized software.

The Drug Enforcement Administration has been buying spyware produced by the controversial Italian surveillance tech company Hacking Team since 2012, Motherboard has learned.

The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.

The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal.
The problem with the DEA's purchase and deployment of this malware is that tools normally used to engage in the protection of national security -- by military and intelligence agencies -- are being handed out to US law enforcement without the slightest concern for the Fourth Amendment or privacy implications. There's a level of intrusion present here that's never been examined by the courts. Not that the DEA would ever allow details on Hacking Team's products to ever enter a courtroom in the first place. Hacking Team's spy products are one of many secret law enforcement capabilities -- something that must never be spoken of in public forums.

The capabilities detailed here far surpass anything that could be obtained with a search warrant or court order. The DEA's phone metadata collection may still fall under the Third Party Doctrine, but it's hard to believe anything obtained via the hijacking of cameras, computers and phones would be signed off on by magistrate judges.
There is unclear statutory authority authorising the deployment of spyware by US federal or law enforcement agencies, meaning that deployment of the RCS by the DEA or the Army is potentially unlawful under US law. Furthermore, because RCS is designed to be usable against targets even while they are outside of the end-user's legal jurisdiction, it raises serious legal questions concerning the ability of US agencies and the military to target individuals based outside of the United States.
Privacy International -- which has been tracking private companies in the spyware business for years -- is bringing Hacking Team's activities to the Italian government's attention.
Hacking Team has confirmed that their product has since 1st January 2015 been subject to export restrictions from the Italian government, which is the first step in ensuring that these types of technologies are not exported and used for human rights violations. This means that the Italian export authority now has to assess and approve any export of Hacking Team's products in order for a sale to go ahead.

How the Italian government now assesses any potential exports is unclear. Although EU export control regulations stipulate that in circumstances where an export is going to a military end-user the licensing authority should look at a set of criteria which contain human clauses, in practice this rule is implemented disparately across the European Union member states.
Much like many weapons are subject to export restrictions, so are certain kinds of software. Hacking Team's offerings have been sold all over the world -- and not just to the "good guys." PI says it has evidence this software has been sold to governments known for human rights abuses and has been deployed to surveil journalists and activists.

This may lead to Hacking Team spending some time discussing its product line with Italian regulators -- which could result in additional sales and export restrictions. Or this may just lead Hacking Team to find a new home -- somewhere its offerings won't be eyeballed too closely.

It seems to be leaving its location options open, just in case. In the US, it does business under the name of Cicom USA -- supposedly just a "reseller" of Hacking Team's product line.
The connection between Cicom USA and Hacking Team was confirmed to Motherboard by multiple sources with knowledge of the deal, who spoke on condition of anonymity because they were not authorized to discuss the content of the contract…

Cicom USA is based in Annapolis, MD, at the same exact address where Hacking Team’s US office is located, according to the company’s website. The phone number for Cicom USA listed in the contract with the DEA, moreover, is exactly the same one that was displayed on Hacking Team’s website until February of this year.
A few dozen empty offices around the world acting as "local distributors" could assist Hacking Team in dodging local import/export regulations.

The DEA's use of Hacking Team's product line deserves closer examination. The capabilities detailed here have yet to be uncovered in criminal prosecutions, suggesting the agency is still heavily engaged in legally dubious parallel construction.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Padpaw (profile), 21 Apr 2015 @ 3:42pm

    I wonder how much worse things will get before people start doing something about this lunacy en masse

    reply to this | link to this | view in chronology ]

    • identicon
      Nigel, 21 Apr 2015 @ 4:12pm

      Re:

      The answer to that would seem to be much, much worse.

      reply to this | link to this | view in chronology ]

    • icon
      art guerrilla (profile), 21 Apr 2015 @ 5:18pm

      Re:

      many have...
      Empire does not hear the baleful bleatings of the sheeple...
      there were *record* numbers of protests -both worldwide and domestically- *before* the iraq war, and it mattered not one whit to Empire...
      the occupy movementette, was crushed with extra-legal -and quite konspiratorial- means with hardly a *bahhh* from the sheeple...
      (of course, *part* of that is the near-absolute control of the media, and who don't report on stories embarrassing to Empire...)
      frei sprech zones, sekret executive Orders, extra-judicial executions, bribery legalized, morality compromised, and mammon our highest god, our only aspiration...
      but it is not the chains of Empire which restrain us, but the chains we imagine ourselves to be bound by...

      who will be first to step into the chasm ?
      ...and who will follow ? ? ?

      reply to this | link to this | view in chronology ]

      • icon
        Padpaw (profile), 21 Apr 2015 @ 9:24pm

        Re: Re:

        Watching what has been happening in the states makes me wish Canada would build a border wall to try and limit the breakdown of society when it happens from spilling over into us too much

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 4:10pm

    Another agency gone rogue.

    " The capabilities detailed here have yet to be uncovered in criminal prosecutions, suggesting the agency is still heavily engaged in legally dubious parallel construction. "

    The kind of things the DEA is supposed to be doing are law enforcement things that lead to criminal prosecutions. So, either they are doing things they are not supposed to be doing (i.e. domestic spying for other reasons) or they are lying about things in court. Neither possibility makes them look good.

    reply to this | link to this | view in chronology ]

  • icon
    Zgaidin (profile), 21 Apr 2015 @ 4:33pm

    Human Rights Violations

    "PI says it has evidence this software has been sold to governments known for human rights abuses..."

    You mean like the USA?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 21 Apr 2015 @ 4:51pm

    ... how do people not know that the DEA is an intelligence agency...

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 21 Apr 2015 @ 4:58pm

      Re:

      However if they are bypassing export restrictions at that company it would good if they got their legal house in order quickly.

      reply to this | link to this | view in chronology ]

  • icon
    orbitalinsertion (profile), 21 Apr 2015 @ 6:48pm

    What kills me is that as these things become apparent, I don't see any calls to patching software, fixing hardware, or or fixing standards and protocols to mitigate this type of activity. And while we get patches for some things, they certainly don't even cover the (much cheaper if the governments are interested) criminal markets for similar wares (and a lot of other innovative, if ghastly, stuff). And I don't believe for a second that major vendors couldn't get (or haven't gotten) their hands on these things or enough info to mitigate.

    Of course a lot of entry is via other tactics, social engineering, and complicity. But it's like they don't try at all.

    reply to this | link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 22 Apr 2015 @ 8:17am

      Re:

      I am having a hard time parsing your statement....

      What kills me is that as these things become apparent, I don't see any calls to patching software, fixing hardware, or or fixing standards and protocols to mitigate this type of activity.


      Like the calls for improved encryption and the calls to push buggy, vulnerable, outdated software (like java and flash) off the web by major tech companies? those calls?

      nd while we get patches for some things, they certainly don't even cover the (much cheaper if the governments are interested) criminal markets for similar wares (and a lot of other innovative, if ghastly, stuff).


      I can't seem to figure out what you are saying here. Much cheaper then what? similar to what?
      Are you refering to Security patches? no-that doesn't make any sense.
      The software being discussed in the article? how is it cheaper then itself?

      And I don't believe for a second that major vendors couldn't get (or haven't gotten) their hands on these things or enough info to mitigate.


      It would seem that the software is stuff that needs to be installed on the target system. If it obeys the computers rules, its hard to break in the OS without breaking legitimate software. Mitigation of spyware has been a war for a long time, and generally requires software designed to mitigate it. Microsoft had a great solution. Provide a free, baseline anti-malware solution to get fixes for spy- and malware out to the people as quickly as microsoft can fix them. Norton and MacAfee shut that down.

      One place I admit I have always been confused about is why the light on a laptop webcam isn't directly tied to the power system on the camera itself. No software turn on the light, but literally have the camera and led power intertwined, hardline. You can't turn on one without the other. That would fix one problem.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 22 Apr 2015 @ 1:49am

    So, the tl;dr is that the DEA are the equivlaent of the Syrian Electronic Army.

    Good to know.

    reply to this | link to this | view in chronology ]

    • icon
      GEMont (profile), 22 Apr 2015 @ 11:55pm

      Re:

      Not quite.

      Perhaps the S. E. Army with an army of foreign fascist billionaire backers, total immunity from world law enforcement consequences, and the largest arsenal of electronic hacking hard&software on earth, might be a better measure.

      I like to think of the CIAF BINSADEA as the Electronic MAFIA on Steroids.

      ---

      reply to this | link to this | view in chronology ]

  • identicon
    Linux, 22 Apr 2015 @ 6:14am

    I'm glad I don't use Windows.

    reply to this | link to this | view in chronology ]

    • icon
      James Burkhardt (profile), 22 Apr 2015 @ 8:48am

      Re:

      Too bad the RCS is also advertised to work on Linux.

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 22 Apr 2015 @ 9:22am

      Re:

      As a long-time Linux user, I feel duty bound to recommend that you don't get too complacent just because you use Linux. While there are more exploits for Windows, there are exploits aimed at Linux as well. No system is 100% secure, regardless of what OS it is running.

      reply to this | link to this | view in chronology ]

  • identicon
    America the FREE, 22 Apr 2015 @ 7:53am

    Its Just A Go*Damned Piece of Paper

    Its easy to see law enforcement agencies steadily becoming enemies of the America we all know as citizens because of policies handed down the chain of command by people who exclaim what they really think of our US Constitution.

    reply to this | link to this | view in chronology ]

    • identicon
      Inna Flash, 22 Apr 2015 @ 8:21am

      Re: Its Just A Go*Damned Piece of Paper

      We have to acknowledge Neil Young's take on it too.. In a lyric from 'Rockin in the Free World' he sings, "We got a kinder, gentler machine gun hand."

      Someone won't let us have a kindler gentler nation. And its all f*cked up now, isn't it?

      reply to this | link to this | view in chronology ]

  • identicon
    Jack, 22 Apr 2015 @ 11:13am

    John Oliver had the right idea

    You can use big and scary words to describe the absurd capabilities of the alphabet agencies but people just do not give a fuck until they find out the government can see their dick (or their significant others' dick) as John Oliver recently proved.

    Techdirt, you need to frame this as "the DEA can see your dick" and maybe, just maybe, we can have a serious conversation about privacy and the state of the 4th amendment.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.