Hacking Team: A blunder of creole espionage?


The revelations of international portals about Italian company Hacking Team touched the Ecuadorian government, which is allegedly one of the customers of the controversial consultancy firm that specializes in digital espionage. The National Intelligence Secretariat (Senain, for its acronym in Spanish) posted on its website a statement saying it “has no contractual relationship with the company Hacking Team. The Secretariat’s contractual relationships are governed by the Law of Public and State Security, which regulates the specific activity of this portfolio, concordant with internal and external security activities, which are reserved and which, by express mandate of the law, cannot be disclosed without seriously jeopardizing State security”.

Original text (in Spanish):
Plan V Magazine

Senain also added that: “It is completely false that any contract entered into by Senain has been used to attack digital media or other political objectives, as has been unscrupulously claimed”. And ended by threatening to sue: “That said, the National Intelligence Secretariat reserves the legal right to act in defense of national security and the Ecuadorian government’s prestige”.

On the first week of July, after publishing information about the alleged links between Senain and Hacking Team, the portal of PLAN V Magazine and other digital media outlets suffered DDoS attacks (technical term meaning that a page is flooded with false visits until it collapses), which in the case of PLAN V caused it to be off the network for almost 24 hours. But other media outlets such as La República.ec or the portals of newspaper El Comercio and Ecuavisa TV station, had already suffered similar attacks in previous weeks.
La República.ec said it suffered DDoS attacks at least ten times as it broadcasted live the recent protests against the government in Quito. Despite the measures taken by these outlets, this kind of attack can be repeated indefinitely, although they require a certain type of infrastructure to be carried out.

According to La República, the emails leaked by Wikileaks prove that its portal was infected with a Hacking Team spyware program. When readers opened certain news articles they inadvertently installed the spyware on their computers. This program, which operates like a virus, enables the user to collect private information from infected computers and eavesdrop on social network conversations, it even provides remote access. Smart phones get infected when browsing through these pages, enabling the user to monitor Whatsapp conversations.

PLAN V is not mentioned in the emails leaked by Wikileaks, although it is in some other national pages in which Senain allegedly requests the malware to be installed.

International scandal
Although Mexico is known to be Hacking Team’s main customer worldwide, as both the Mexican federal government and its armed forces, and even state governments have bought the controversial spyware, the name of Senain appears in several of the leaked files.

The charts revealed establish that Mexico allegedly paid at least 5’808,075 euros to the company, followed by Italy with 4’000,729 euros, and other countries such as Morocco, Saudi Arabia, Chile, Hungary, Malaysia, UAE, United States, Singapore, Kazakhstan, Sudan, Uzbekistan, Panama, Ethiopia, Egypt, Luxembourg, Czech Republic, South Korea, Mongolia, Vietnam, Spain and Ecuador. An extensive portfolio that includes democracies considered as liberal, as well as theocratic and absolutist states.

According to international portals, the amount paid by Ecuador would be at least 535,000 euros, about the same as Spain, whose intelligence and police services have allegedly paid the Italian firm no less than 538,000 euros.
Mexican portals revealed that Hacking Team even made special discounts to the various agencies of the Mexican government that bought its services. In the case of Mexico, invoices and contracts, both with public entities and local brokerage firms for this kind of service, have been leaked.

The use of private entities to indirectly provide services to states could explain how Senain can emphatically assert that it has no contractual relationship with the Italian firm. According to Wikileaks, there are payment orders and invoices for the services of intermediaries based in Belize and other countries, responsible for charging for the support allegedly hired by Senain to use Hacking Team’s services. The invoices can be downloaded here.

On this matter, in Ecuador, former member of the Assembly for Pachakutik, Cléver Jiménez, announced a request for a judicial confession from Secretary of Intelligence Ronny Vallejo, so that the official can explain what he knows about this case.

Senain’s “special expenses”
Despite Senain’s statement, some questions remain about the operation of this State intelligence agency, created by Rafael Correa’s government to replace the former National Intelligence Directorate.

According to a special review of Senain by the Comptroller General carried out between September 2009 and December 2012, the Secretariat’s expenses have special protection. Article 18 of the Law of Public and State Security establishes that Senain has “a permanent fund for special expenses assigned to intelligence and counterintelligence activities for internal protection, maintenance of public order and national defense, the use of which will not be subject to the rules provided for by the law governing the national public procurement system”. According to the same article, although the amount must be included in the State Budget, expenditure allocations are “classified information”.

The Comptroller’s Office stated in 2012 that, consequently, it did had not analyzed those “special expenses” as it lacked the legal power to do so, while recording that Senain had not provided information on 166 contracts, amounting to at least USD 5 ‘107,243.

Wikileaks’ revelations
Despite Senain’s categorical denial of a possible contractual relationship with Hacking Team, email addresses, the names of officials and even a series of complaints about the service Senain allegedly received from the Italian company appear in some of the documents leaked by Wikileaks.

Wikileaks, whose director, Australian journalist Julian Assange, has been granted asylum in the Ecuadorian Embassy in London, leaked some of the files stolen from the Italian company.

Wikileaks’ page has a search engine that saves results when entering the word “Ecuador” into the system. It is this way that it has been possible to establish that there are 629 references to Senain, 1,525 references to Ecuador and 475 references to accounts with the ending “gob.ec”, which usually belong to Ecuadorian government entities.

For example, an email sent by a specialist of the Italian company to his superiors, in 2013, specifies a series of meetings with the then-Secretary of Intelligence, and says: “We meet with El Senior Ministro Pablo Romero Secretaria Nacional de Inteligencia. He is the one person that is responsible for all the intelligence investigations groups (police, special force etc: report to him).  He only reports to one boss, the president of Ecuador (sic)”.

The Italian firm’s envoy says he also met with the Ecuadorian Defense Minister, and reveals the interest of the military in some of their products: “Tomorrow we will have a meeting with El Sr. Ministero de la Defensa.  This is another Minister that Hugo has been talking to about the system and is also going to be part of a larger monitoring center.  Problem here is that they are requesting a demo of the system(sic)”.

He also states that the national electronic espionage program would start with at least 20 operators and would expand to 25: “The minister himself said that he wanted more targets and wants to have at least 20 console operators working at the same time. If you remember this project did start with the mention of having 25 seat in a complete monitoring center (sic)”.

But most of the alleged evidence of the relationship between Senain and the Italian company is contained in a series of emails sent between possible Senain official Luis Solís and the company’s technical service. During 2014, Solís allegedly contacted the Italian specialists regarding a series of requirements for the operation of the digital espionage system, through messages that were revealed by Assange’s portal. Several of the technical service’s responses to the supposed Ecuadorian operator are signed by Sergio Rodríguez-Solís y Guerrero, whose position at Hacking Team is Field Application Engineer. He responded to or channeled the questions that arrived at his email address as requests for online support made by Luis Solís.

The Italian specialists specify on several occasions that Luis Solís works for Senain:
“Luis Solis works for SENAIN in Ecuador. I think they are registered as SENAIN. I think there was a problem with maintenance and expirations, but I have no details. Please ask Daniele about it to know how should be managed. Sorry not being more helpful. Let me know if I can help you anyhow. Regards Sergio Rodríguez-Solís y Guerrero (sic)”.

Other alleged Ecuadorian officials are also mentioned in the emails: Juan G, Natalia H, Mayor Paúl L, Pablo R, José Miguel D, Rommy Vallejo, Paul L, captain Macarena E, Carla L, and Joseph V, among others.

More than 400 unnamed officials
In a communication of May 2014 the Italians specified that they had problems with their counterparts in Senain because of changes in personnel, which resulted in a total of only 24 computers and smartphones being infected with their spyware in the country, leading them to say:

“As told, I don´t think they are worried about scenarios but about if RCS is able to do what we says. Why we have to demonstrate it, we have not to, but we don´t want to loose a client or have a bad report about us shared with other countries. So question is: have we sincerely clear what are we going to do in Ecuador and which is our target? (sic)”.

In another email Rodríguez-Solís talks about having spent a week in Ecuador, meeting with Senain specialists, among whom he mentions Luis Solís and a captain he identifies as Macarena, of whom he expresses a low opinion stating the Ecuadorians believe their work consists on obtaining information through “magic buttons”:
“Captain Macarena, direct leader of the team, is, politely speaking, a very proud of her own knowledge lady that wants magic buttons and infections done as send exploit and get info in minutes (sic)”.

About Luis Solís, who he also says to have met with, he says “Main problem there, is that only one person of the team (Luis Solís) got the original training and he has not much idea, and of course has no trained the new guys that are doing their best, at least a couple of them. He was not very cooperative and was not paying attention to me and my awesome explanations (sic)”.

Does someone named Luis Solís really work at Senain? It is impossible to confirm this. The case’s overtones of creole espionage film became even more intense when, on checking the information about Senain officials contained in the “Transparency” section of the institutional portal, the following notice appeared: “By resolution No. SIN-004-2015 of 19 February 2015, the personal information of the officials and authorities of the Secretariat and information on secondments are classified as reserved information in order to ensure the integrity of the staff working at the Intelligence Secretariat”, through which the more than 400 officials who work at that State entity remain anonymous, although in November 2014 twelve employees were said to be working at the Technological Management Department, with salaries ranging between USD 622 and USD 2.546.


About Author

Comments are closed.