The secretive surveillance technology industry does its best to fly under the radar. But the shadowy companies selling controversial spy tools to governments are being exposed to public scrutiny whether they like it or not, thanks to a new WikiLeaks project.
On Wednesday, the whistleblower organization published a new trove of documents that reveal the surveillance equipment being sold by more than 90 firms to authorities across the world as part of a burgeoning clandestine market in electronic spying. The documents shed light on the growing catalog of surveillance devices being offered to governments, ranging from portable transceivers that can sweep up thousands of phone calls to Trojan spyware designed to help police and intelligence agencies hack into computers and mobile phones to monitor chats and emails.
Dubbed the “SpyFiles” by WikiLeaks, the release builds on a previous surveillance industry exposé by the group in 2011, and comes amid unprecedented international discussion about government spying tactics disclosed in June by former National Security Agency contractor Edward Snowden.
Particularly significant in the latest SpyFiles cache is a series of contract documents that appear to show how the international arm of British surveillance company Gamma Group was involved in a project with Switzerland-based Dreamlab to install Internet surveillance equipment in Oman, an autocratic country with a record of cracking down on free expression and pro-democracy activists. Other documents show that Gamma, well-known for its contentious Trojan spyware, is also offering governments portable “massive intercept” tools that it boasts can record almost 40,000 cellphone conversations every hour. Gamma is selling portable Internet surveillance equipment that it says can covertly intercept the “complete traffic” of a target, too. But the company is not dealing in digital espionage only: One marketing document dated 2011 shows off long-distance microphones that it says government spies can conceal in a car tire and use to hone in on particular conversations between targets meeting face-to-face in busy public places.
Gamma did not respond to a request for comment. The company’s spokesman Martin Muench has previously told me that Gamma cooperates with export control laws and “simply does not discuss its client base, its exports, or any of the operations which its clients may or may not be undertaking.”
Of course, not revealing customers is standard practice in the surveillance business, where confidentiality agreements are commonly used to enforce a strict code of secrecy. However, another notable part of the SpyFiles released Wednesday involves the launch of what WikiLeaks is calling its “counter intelligence unit”—aimed at shedding light on the countries (often authoritarian) that spy tech companies are dealing with. Though it has not disclosed its sources and methods, the group claims it has been “tracking the trackers” by collecting location data on the movements of key employees for some of the largest surveillance tech firms.
It is unclear exactly how the location data was obtained or whether it was collected by the group lawfully. Either way, it has certainly turned up some interesting details. The location data WikiLeaks says is linked to staff of Italian spy Trojan vendor Hacking Team, for instance, shows the employees visiting Morocco on two separate occasions between 2011 and 2013. Hacking Team’s spy software is designed to infiltrate computers and monitor communications and is supposed to be used to target criminals and terrorists. But the technology was linked to an attack on an award-winning group of citizen journalists in Morocco in 2012, as I reported here last year.
The WikiLeaks data also purports to show Hacking Team employees visiting United Arab Emirates on several occasions between 2012 and 2013. Security researchers said in a report published in October 2012 that they had turned up evidence suggesting a pro-democracy activist in the UAE was targeted with what that they believed was Hacking Team technology. Previously, Hacking Team has played down these reports in response to my questions, while refusing to say if it has sold its Trojans to Moroccan or UAE authorities. But the company will have a hard time distancing itself from these countries now, if the WikiLeaks data are anything to go by.
WikiLeaks said in a statement Wednesday that the release is part of an ongoing commitment to pulling back the curtain on the practices of surveillance companies. It’s forming what is in essence a public library of documents chronicling the burgeoning market in spy tools that will likely help fuel the movement for reform of the outdated laws regulating the use and sale of increasingly advanced tools used to eavesdrop on communications across the world.