An unknown team of hackers released a bundle of files on Sunday revealing that the Defense Ministry has an active contract with a notorious Italian surveillance company.
The Milan-based Hacking Team sells intrusion and surveillance tools to governments and law enforcement agencies worldwide. The 400GB Torrent file released by the unidentified assailaints included internal documents, source codes, email communications and a list of the firm’s clients and renewal dates, which confirmed long-standing suspicions that the company was working with the Egyptian government.
Reporters Without Borders lists the firm on its Enemies of the Internet index, namely for its involvement in Morocco and the United Arab Emirates, and its use of the “Remote Control System” called DaVinci, a program that breaks encryption on emails, files and internet telephony protocols.
The leaked documents include a 2012 invoice for 58,000 euros to the Egypt-based company GNSE Group. According to its website, GNSE was founded in 2001 as part of the privately owned Mansour Group to “enable e-businesses.” Ramy Raoof, a digital rights and security researcher, told Mada Masr that most governments in the Middle East don’t interact directly with surveillance companies, but rather rely on a middleman to sign such contracts.
Governments are typically wary of a ministry’s name appearing on any bank records in case a scandal should erupt, Raoof explained. But the hacked client list released on Sunday shows that in addition to the GNSE Group, the Hacking Team also lists the Defense Ministry as its original contractor in Egypt.
Egypt has employed well-known companies as mediators with surveillance firms over the past five or six years, according to Raoof. However, the Central Bank of Egypt limits wire transfers between private companies, and such a large sum would have required security approval. Security bodies therefore facilitated the transaction, Raoof said.
“The company makes the deal, but the product never actually ends up in the company’s hands,” Raoof claimed. “The middleman only handles the paper work and transactions.”
Even prior to Sunday’s hack, a 2014 report from the University of Toronto-based Citizen Lab already suggested that Egypt had contracted the Hacking Team. Raoof claimed that “we knew that this program was used in Egypt since 2012, but we had no legal proof” until the release of the pirated documents.
The researcher lamented the lack of rigorous guidelines for the export and import of surveillance tools in developing countries, pointing out that human rights groups have long called for stricter regulations.
In January, the European Parliament adopted a resolution calling for an EU-wide ban on the export of intrusion and surveillance technologies to Egypt “which could be used to spy on and repress citizens [… or] that could be used in the suppression of peaceful protest or against the EU’s strategic and security interests.”