- Redditor wants to know if he’s the a**hole for ghosting pregnant partner Thursday 8:19 PM
- How to go live on TikTok Thursday 8:08 PM
- Joey Salads suggests Democrats carried out Santa Clarita mass shooting Thursday 7:31 PM
- How influencers use TikTok to make money and launch careers Thursday 7:18 PM
- How to stream Argentina vs. Brazil live Thursday 6:51 PM
- How to watch Disney+ on a smart TV Thursday 6:28 PM
- Miss Fame calls out Justin Bieber for low music video appearance pay offer Thursday 6:19 PM
- Trump Jr. ranked No. 1 on best-seller list—after the GOP gave away copies of his book Thursday 5:45 PM
- How to get Disney+ bundle if you already subscribe to Hulu and/or ESPN+ Thursday 5:19 PM
- Mo’Nique suing Netflix for race and gender discrimination Thursday 5:09 PM
- Students outraged that professors accused of sexual misconduct are still teaching Thursday 5:00 PM
- TikTok users jokingly wear big hats to sneak snacks into movie theaters Thursday 3:59 PM
- Why today’s new facially recognition bill is being called ‘woefully’ inadequate Thursday 3:15 PM
- Facebook has given more user data to the government than ever before Thursday 2:57 PM
- How to sign up for Disney Plus Thursday 2:55 PM
Turkey paid Hacking Team $600K to spy on civilians
It’s hard to imagine this practice surviving the courts.
Turkey’s national police force paid the controversial online “security” firm Hacking Team $600,000 to spy on its own citizens—which scholars say is a likely illegal practice—for more than three years, purported hacked documents reveal.
Hacking Team, which made the nonprofit Reporters without Borders’ list of Enemies of the Internet for selling surveillance software to countries with records of human-rights abuses, was ravished Sunday night by hackers who exposed 400GB of alleged company files. Among them are documents that show that the General Directorate of Security (GDS), Turkey’s civilian police force, contracted to use with Hacking Team’s “Remote Control System” (RCS) product from June 2011 to November 2014.
The RCS, the company claims, allows users to bypass encryption, antivirus software, and firewalls. A “Client Overview List” from 2014 names an intelligence officer in the Turkish police force as a direct contact person and notes the RCS was used on 50 total targets.
But that’s a legally dubious program for the national police force to use. Traditionally, advanced signals infiltration is solely the authority of Ankara’s Telecommunications Directorate, or TIB. According to the Turkey’s Code of Police Conduct (Law 2559), GDS warrants only grant them limited power that certainly doesn’t include infiltrating a computer system or a network. And the country’s highest court recently struck down GDS use of “preventative searches warrants”—physical searches without probable cause—as illegal.
That the GDS used Hacking Team’s RCS software is clearly detailed in the documents believed to have been stolen from the company’s servers. One, “Agreement signed on June 21st, 2011,” includes an invoice from 2011, and it appears to mark the beginning of a deal between the Hacking Team and the Turkish police force. Another, “Customer_History.xlsx,” shows that Turkey paid Hacking Team €150,000 ($164,175) in 2011 and €140,000 ($153,230) in 2012 for “licence/upgrades.” Another €150,000 invoice on Nov. 4, 2013 was the last Turkish payment, according to the company’s alleged 2014 records, and the license was valid until Nov. 11, 2014.
“Client List_Renewal date.xlsx,” categorises Turkish police as an “Active” client, and it notes a “Renewal in progress (December 2014).” But that deal appears to have fallen through: A future prospects document prepared by company’s chief operating officer, Giancarlo Russo, and edited as recently as July 3, notes no expectation for earnings from Turkey in 2015. The same document lists Turkey’s total payments to the company as €440,000 ($594,718) at the date of last payment).
Traces of Hacking Team activity have been in Turkey for years, though. In 2012, Kaspersky Labs experts detected 12 cyberattacks to five separate targets in the country, attributed to the RCS tool, and a Wired article from 2013 detailed its use against an American scholar in Turkey who was critical of the moderate Islamist Gülen Movement. Later leaks of government corruption in Turkey showed that followers of Gülen have been staffed in police intelligence for a decade.
It’s not just Turkey, either. Citizen Lab’s 2014 report on the global use of Hacking Team’s tool draws a concerning map showing that the governments of Ethiopia, Morocco, and United Arab Emirates have used Hacking Team services to target human-rights activists and independent journalists. That report also lists 10 IP addresses of servers from Turkish ISPs that have the fingerprints of Hacking Team’s fake security certificates. One of the endpoints (220.127.116.11), noted by the Citizen Lab researchers as a “spyware’s government operator,” is a server owned by Turkey’s largest ISP, Türk Telekom, where the team has detected activity for a week in November 2013.
We still don’t know the exact targets of Turkish police force during the three years of its Hacking Team contract, but the cumulating evidence points to unlawful purchase of surveillance tools paid by Turkish taxpayers and targeted spying on its people by the administration of Turkey’s then-Prime Minister, and current President, Recep Tayyip Erdo?an.
Photo via 401(K) 2012 / Flickr (CC BY 2.0) | Remix by Max Fleishman
Efe Kerem Sözeri is a Turkish freelance researcher who lives in the Netherlands. After studying political science in Istanbul, he moved to Amsterdam to study migrants' political behavior. Besides his academic work, he regularly writes on internet freedom and censorship in Turkey.