Latin America

Leaks reveal Mexican government’s spy contracts with cybersecurity firm

Milan-based Hacking Team also purportedly did business with Spain and other countries

Hacking Team's website.
Hacking Team's website.

Hacking Team, the international cybersecurity firm whose systems reportedly came under a massive attack on Sunday night, has held dozens of spying and software contracts with different Mexican agencies, leaked documents show.

Among the Milan-based company’s clients are the Federal Police, the defense department, the CISEN intelligence service and various state governments, according to information that was published on Hacking Team’s own Twitter account by the attackers, who called themselves “Hacked Team.”

The authenticity of the data could not be immediately corroborated, and Hacking Team immediately changed its Twitter account.

Mexico is the country that has spent the most on purchasing the firm’s software to spy on its citizens, says one group

But the internet rights activist group, R3D, which republished the leaked information, said Mexico was the country that had spent the most on purchasing software from Hacking Team to spy on citizens.

In a Twitter post, R3D charged that Hacking Team had sold its Da Vinci spying software to Mexican institutions and agencies through the private firm SYM Servicios Integrales S.A. de C.V. of Mexico City.

In what appears to be a case of the hunter becoming the hunted, the cybersecurity firm saw 400Gb of private data, including its lists of clients, made public on its own Twitter account.

R3D said that at least 14 Mexican government agencies and public institutions had – directly or through third parties – contracted services and products from Hacking Team. Other client countries include Spain, Germany, the United States, Colombia, the Czech Republic, Chile and Panama.

The information leaked by the attackers did not specify what other types of products Mexican government authorities have purchased.

The firm has always denied that it had business dealings with shady governments

Nevertheless, the data shows that Hacking Team purportedly held contracts with some countries whose human rights records have been called into question.

The firm has always denied that it has business dealings with unscrupulous governments, and one Hacking Team employee announced on Twitter that the information that had reportedly been leaked was false.

For years, various human rights organizations have accused Hacking Team of dealing with authoritarian regimes. In 2013, Reporters without Borders described Hacking Team and other similar firms as “digital era mercenaries” and “corporate enemies of the internet” because they sell software to help authoritarian governments spy on its citizens and steal passwords from working journalists.

In a statement, the firm explained that it did not do business with any nation on any of the blacklists compiled by the United States, European Union or any international human rights organization, The Guardian reported.

More information
UN special rapporteur says practice of torture is “generalized” in Mexico
Spain asks its hackers for help
Why 95% of cybercrimes committed in Spain are going unpunished
Wanted hacker becomes talk of town

But the data released on Sunday night mentions Azerbaijan, Russia, Saudi Arabia, United Arab Emirates and, most strikingly, Sudan as some of the nations that have purchased products from Hacking Team and whose human rights records have come under scrutiny.

In June 2012, Hacking Team reportedly signed a €480,000-contract with Sudan. But this year, the company told a United Nations representative that it had never had any business ties with that country.

Privacy International, one of the most prestigious organizations defending human rights on the internet, said in a statement that Hacking Team was “one of the most aggressive companies currently supplying governments with hacking tools.”

“Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics, time after time. Since surveillance companies continue to ignore their role in repression, democratic states must step in to halt their damaging business practices,” said Eric King, Privacy International’s deputy director.

Translation by Martin Delfin.

Recomendaciones EL PAÍS
Recomendaciones EL PAÍS