EspañolOn Sunday, July 5, hackers infiltrated the Italian information-technology company Hacking Team (HT), which sells offensive intrusion and surveillance software to government clients all over the world. The data breach revealed 400 gigabytes worth of company documents, emails, and invoices — many of them billed to Latin-American governments, including Ecuador.
According to the leaked records, the National Intelligence Secretariat of Ecuador (SENAIN) has been on Hacking Team’s client list since 2013. The documents show President Rafael Correa’s government paid more than half a million dollars for the company’s Remote Control System surveillance software, which cost another US$75,000 annually for maintenance.
The software’s features, which can be adapted according to client needs, include services like the covert collection of emails, texts, and phone calls, keystroke logging, and hijacking cellphone GPS systems, among other functions.
The SENAIN’s contract with Hacking Team was set to end October 2016, and listed 10 individuals as surveillance targets.
One of the first Ecuadorian media outlets to report the breach was Gkillcity, in which Andrew Delgado explains the company’s activities and its involvement with the SENAIN.
“In coming weeks, perhaps, it will be possible to show the extent of the work performed by the SENAIN with Remote Control System. If the Intelligence Secretariat had truly outsourced operations to Hacking Team — rather than using their own trained personnel to own perform the attacks — the names of those targeted by the agency will probably become known,” Delgado wrote.
Buen día, gente solía leernos.
Los enemigos de Internet son poderosos pero no tanto como ellos creen.
— GkillCity.com (@GkillCitycom) July 9, 2015
“Good morning, readers. The enemies of the internet are powerful, but not as much as they think. We’ll be back.”
After the article was published, web administrators reported that the site had been attacked and taken offline, and that their Twitter account had been deleted.
According to their report, leaked email messages demonstrate Hacking Team entrusted employees Alex Velasco and Eduardo Pardo with overseeing negotiations with the Ecuadorian government for a new surveillance project called “Galileo.” Their middleman was Karel Coors, honorary Dutch consul in Quito.
Coors brought them together in late June to develop a monitoring system for social networks, this time on behalf of the Ministry of the Interior. Negotiations progressed, and the company, the Attorney General’s Office, and the National Police signed a confidentiality agreement.
A questionnaire shared by Plan V details the Ecuadorian government’s requirements for the Galileo Project software, including its request for simultaneous control over 500 devices or social-network users on Windows, Mac OS, Linux, Android, and iOS platforms. The questionnaire also lists the name of the public entity in charge of this project as the “Electronic Technology Research Subsystem.”
As for apps, it mentions Facebook, Twitter, Skype, WhatsApp, Line, and Telegram. All of this with the aim of establishing a National Monitoring Center. A meeting had been scheduled for Thursday, July 9, between government officials and Hacking Team to discuss progress on the project.
Meanwhile, the Milhojas Foundation published an article revealing the existence of clandestine SENAIN offices in the Ecuadorian capital
— Fundación Mil Hojas (@fmilhojas) July 8, 2015
“Hacking Team invoice for SENAIN via Robotec (Theola). Total: €610,000.”
“The Intelligence Secretariat facilities look nothing like those of the NSA, but here in Ecuador, they are second to none,” the report notes. “Located in Lumbisí on a small hill on Eloy Alfaro Avenue, surrounded by trees and the Auqui Chico brook, the facilities house information and espionage equipment for the government. It is from this location that the ministry, headed by former Lt. Colonel Rommy Vallejo Vallejo, watches over alleged ‘conspirators.'”
According to the article, this unmarked 34,000 square-meter “fort” operates 24 hours a day, housing equipment with state-of-the-art technology used to carefully analyze the huge amounts of data it receives on a daily basis. The article explains that the property was seized from businessman William Isaiah Dassum in 2008, then acquired in 2010 by the National Ministry of Science and Technology (SENACYT). It is unknown, however, how it ended up in the hands of the SENAIN.
As with Plan V and Gkillcity, the Milhojas website was attacked five minutes after their article was publicized on social-media networks. Each website suffered a DDoS attack, and remained offline for an average of 24 hours. Local Ecuadorian authorities have yet to comment on the case.
Meanwhile, Focus Ecuador published an article on July 8 regarding an email from Velasco to fellow Hacking Team employee Daniel Martínez. The email listed seven phone numbers belonging to Ecuadorian opposition leaders, including Congressman Andrés Páez, Lourdes Tibán, and Luis Fernando Torres, all presumably under surveillance by the Rafael Correa administration.
Hacking Team’s Poor Reputation
Hacking Team, based in Milan, was founded in 2003 by Alberto Ornaghi and Marco Valleri. Its current CEO is David Vincenzetti. In 2013, Reporters Without Borders formally branded the company an “enemy of the internet” for marketing their software to authoritarian regimes that violate human rights.
Hacking Team’s biggest client in the Americas was the government of Mexico, following by Chile, the United States, Panama, and Ecuador. Last March, Citizen Lab sent an open letter to Vincenzetti explaining his concern over the potential for abuse of his company’s technology to threaten the security of journalists and human-rights activists across the globe.
EspañolThis letter is meant to make clear that I regret unjustly using the word plagiarism and other disparaging expressions in my correspondence regarding José Azel's article "The Cuban Cargo Cult" on April 15. I should not have made such accusations, and I hereby retract same. On April 15, I was alarmed and distressed when I incorrectly assumed that Azel knew of my blog prior to writing his own article. Given the proximity in time between the launch of my blog “Cuba Cargo/Cult” and Azel’s article “The Cuban Cargo Cult,” I jumped to the wrong conclusion. Having assumed that Azel knew of my blog, I overreacted and rushed to defend my blog and manuscript by contacting the Institute for Cuban and Cuban American Studies and Azel’s editors at El Nuevo Herald and the PanAm Post, who had published his article, and by posting inappropriate statements in social-media forums. Azel has asked that I retract statements in correspondence I sent to Jaime Suchlicki at the ICCAS; to Myriam Marquez, editor at El Nuevo Herald; to Fergus Hodgson, editor at the PanAm Post, and also to individuals I copied in such correspondence. Some specific statements are: "Azel's indisputable recapitulation of my analysis": I retract this statement and apologize for characterizing an interpretation as indisputable recapitulation. "This is a violation of academic integrity, or at the very least a sign of sloppiness and disdain for scholarly or written practice." Again, I retract this statement and apologize for characterizing my opinion and interpretation of facts and academic practices in this way. In particular, I apologize for having used the word "disdain" in speculating on Azel's attitude to research. "At the very worst it is plagiarism, at its very lightest, extreme sloppiness and disdain for the basic rules of research, or writerly rigor." I regret making these statements, as I have noted in the first lines of this letter. It was not appropriate or correct. I retract all statements and apologize. The cargo-cult metaphor has been used in many contexts previously, including in textual references that touch on subjects like the Cuban exile imagination and the Cuban missile crisis, as Azel has noted. Although we both use the idea of an analogy between Cuba and the anthropological notion of “cargo cult,” to analyze Cuba in the present, Azel has crafted an argument that differs from my analysis. In conclusion and once again, I regret the statements retracted above and apologize for them to Azel. Ana Maria Dopico Associate professor of Spanish and Portuguese Blogger: Cuba Cargo/Cult New York University Manhattan, New York Editor's note: I appreciate this correspondence from Ana Maria Dopico, and will close the book on this matter.