- How to stream ‘Survivor’ for free 4 Years Ago
- The simple way to connect Apple TV and HomePod 4 Years Ago
- How to watch Juventus vs. Atletico Madrid online for free 4 Years Ago
- Black man films ‘Crosswalk Cathy’ yelling racist slurs at him Tuesday 6:47 PM
- Guerrilla artists turn John Oliver billboard ad into right-wing meme Tuesday 4:20 PM
- Netflix lines up unnecessarily good cast for ‘Green Eggs and Ham’ Tuesday 3:48 PM
- Netflix drops trailer for Mötley Crüe biopic ‘The Dirt’—and the cast is wild Tuesday 3:41 PM
- QAnon’s repetitive posts are alienating even his most ardent supporters Tuesday 3:36 PM
- Noah Cyrus cries on Instagram after Lil Xan’s baby announcement Tuesday 2:26 PM
- The ‘Well yes, but actually no’ meme is here to help you explain things Tuesday 12:07 PM
- Judge orders Roger Stone to appear in court after his Instagram post Tuesday 11:24 AM
- I worked with the migrant caravan—and Trump is the cause of his national emergency Tuesday 11:09 AM
- How to watch Liverpool vs. Bayern Munich online for free Tuesday 11:08 AM
- ‘Patriot Act’ volume 2 proves Hasan Minhaj is the next big star of the news-comedy genre Tuesday 11:01 AM
- ‘Friends From College’ canceled after 2 seasons at Netflix Tuesday 10:53 AM
It’s hard to imagine this practice surviving the courts.
Turkey’s national police force paid the controversial online “security” firm Hacking Team $600,000 to spy on its own citizens—which scholars say is a likely illegal practice—for more than three years, purported hacked documents reveal.
Hacking Team, which made the nonprofit Reporters without Borders’ list of Enemies of the Internet for selling surveillance software to countries with records of human-rights abuses, was ravished Sunday night by hackers who exposed 400GB of alleged company files. Among them are documents that show that the General Directorate of Security (GDS), Turkey’s civilian police force, contracted to use with Hacking Team’s “Remote Control System” (RCS) product from June 2011 to November 2014.
The RCS, the company claims, allows users to bypass encryption, antivirus software, and firewalls. A “Client Overview List” from 2014 names an intelligence officer in the Turkish police force as a direct contact person and notes the RCS was used on 50 total targets.
But that’s a legally dubious program for the national police force to use. Traditionally, advanced signals infiltration is solely the authority of Ankara’s Telecommunications Directorate, or TIB. According to the Turkey’s Code of Police Conduct (Law 2559), GDS warrants only grant them limited power that certainly doesn’t include infiltrating a computer system or a network. And the country’s highest court recently struck down GDS use of “preventative searches warrants”—physical searches without probable cause—as illegal.
That the GDS used Hacking Team’s RCS software is clearly detailed in the documents believed to have been stolen from the company’s servers. One, “Agreement signed on June 21st, 2011,” includes an invoice from 2011, and it appears to mark the beginning of a deal between the Hacking Team and the Turkish police force. Another, “Customer_History.xlsx,” shows that Turkey paid Hacking Team €150,000 ($164,175) in 2011 and €140,000 ($153,230) in 2012 for “licence/upgrades.” Another €150,000 invoice on Nov. 4, 2013 was the last Turkish payment, according to the company’s alleged 2014 records, and the license was valid until Nov. 11, 2014.
“Client List_Renewal date.xlsx,” categorises Turkish police as an “Active” client, and it notes a “Renewal in progress (December 2014).” But that deal appears to have fallen through: A future prospects document prepared by company’s chief operating officer, Giancarlo Russo, and edited as recently as July 3, notes no expectation for earnings from Turkey in 2015. The same document lists Turkey’s total payments to the company as €440,000 ($594,718) at the date of last payment).
Traces of Hacking Team activity have been in Turkey for years, though. In 2012, Kaspersky Labs experts detected 12 cyberattacks to five separate targets in the country, attributed to the RCS tool, and a Wired article from 2013 detailed its use against an American scholar in Turkey who was critical of the moderate Islamist Gülen Movement. Later leaks of government corruption in Turkey showed that followers of Gülen have been staffed in police intelligence for a decade.
It’s not just Turkey, either. Citizen Lab’s 2014 report on the global use of Hacking Team’s tool draws a concerning map showing that the governments of Ethiopia, Morocco, and United Arab Emirates have used Hacking Team services to target human-rights activists and independent journalists. That report also lists 10 IP addresses of servers from Turkish ISPs that have the fingerprints of Hacking Team’s fake security certificates. One of the endpoints (188.8.131.52), noted by the Citizen Lab researchers as a “spyware’s government operator,” is a server owned by Turkey’s largest ISP, Türk Telekom, where the team has detected activity for a week in November 2013.
We still don’t know the exact targets of Turkish police force during the three years of its Hacking Team contract, but the cumulating evidence points to unlawful purchase of surveillance tools paid by Turkish taxpayers and targeted spying on its people by the administration of Turkey’s then-Prime Minister, and current President, Recep Tayyip Erdo?an.
Photo via 401(K) 2012 / Flickr (CC BY 2.0) | Remix by Max Fleishman
Efe Kerem Sözeri is a Turkish freelance researcher who lives in the Netherlands. After studying political science in Istanbul, he moved to Amsterdam to study migrants' political behavior. Besides his academic work, he regularly writes on internet freedom and censorship in Turkey.