DEA Also Spending Millions To Purchase Exploits And Spyware

from the all-up-in-your-everything dept

As more information leaks out into the public domain, the only difference between the NSA and the DEA seems to be the selection of letters in their acronyms. Both are now known for their bulk domestic collections and both are known for being involved in neverending wars. Now, thanks to Privacy International and Vice's Motherboard, both are known for purchasing weaponized software.

The Drug Enforcement Administration has been buying spyware produced by the controversial Italian surveillance tech company Hacking Team since 2012, Motherboard has learned.

The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.

The DEA originally placed an order for the software in August of 2012, according to both public records and sources with knowledge of the deal.
The problem with the DEA's purchase and deployment of this malware is that tools normally used to engage in the protection of national security -- by military and intelligence agencies -- are being handed out to US law enforcement without the slightest concern for the Fourth Amendment or privacy implications. There's a level of intrusion present here that's never been examined by the courts. Not that the DEA would ever allow details on Hacking Team's products to ever enter a courtroom in the first place. Hacking Team's spy products are one of many secret law enforcement capabilities -- something that must never be spoken of in public forums.

The capabilities detailed here far surpass anything that could be obtained with a search warrant or court order. The DEA's phone metadata collection may still fall under the Third Party Doctrine, but it's hard to believe anything obtained via the hijacking of cameras, computers and phones would be signed off on by magistrate judges.
There is unclear statutory authority authorising the deployment of spyware by US federal or law enforcement agencies, meaning that deployment of the RCS by the DEA or the Army is potentially unlawful under US law. Furthermore, because RCS is designed to be usable against targets even while they are outside of the end-user's legal jurisdiction, it raises serious legal questions concerning the ability of US agencies and the military to target individuals based outside of the United States.
Privacy International -- which has been tracking private companies in the spyware business for years -- is bringing Hacking Team's activities to the Italian government's attention.
Hacking Team has confirmed that their product has since 1st January 2015 been subject to export restrictions from the Italian government, which is the first step in ensuring that these types of technologies are not exported and used for human rights violations. This means that the Italian export authority now has to assess and approve any export of Hacking Team's products in order for a sale to go ahead.

How the Italian government now assesses any potential exports is unclear. Although EU export control regulations stipulate that in circumstances where an export is going to a military end-user the licensing authority should look at a set of criteria which contain human clauses, in practice this rule is implemented disparately across the European Union member states.
Much like many weapons are subject to export restrictions, so are certain kinds of software. Hacking Team's offerings have been sold all over the world -- and not just to the "good guys." PI says it has evidence this software has been sold to governments known for human rights abuses and has been deployed to surveil journalists and activists.

This may lead to Hacking Team spending some time discussing its product line with Italian regulators -- which could result in additional sales and export restrictions. Or this may just lead Hacking Team to find a new home -- somewhere its offerings won't be eyeballed too closely.

It seems to be leaving its location options open, just in case. In the US, it does business under the name of Cicom USA -- supposedly just a "reseller" of Hacking Team's product line.
The connection between Cicom USA and Hacking Team was confirmed to Motherboard by multiple sources with knowledge of the deal, who spoke on condition of anonymity because they were not authorized to discuss the content of the contract…

Cicom USA is based in Annapolis, MD, at the same exact address where Hacking Team’s US office is located, according to the company’s website. The phone number for Cicom USA listed in the contract with the DEA, moreover, is exactly the same one that was displayed on Hacking Team’s website until February of this year.
A few dozen empty offices around the world acting as "local distributors" could assist Hacking Team in dodging local import/export regulations.

The DEA's use of Hacking Team's product line deserves closer examination. The capabilities detailed here have yet to be uncovered in criminal prosecutions, suggesting the agency is still heavily engaged in legally dubious parallel construction.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: 4th amendment, dea, exploits, hacking tools, spyware
Companies: hacking team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Padpaw (profile), 21 Apr 2015 @ 3:42pm

    I wonder how much worse things will get before people start doing something about this lunacy en masse

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 21 Apr 2015 @ 4:10pm

    Another agency gone rogue.

    " The capabilities detailed here have yet to be uncovered in criminal prosecutions, suggesting the agency is still heavily engaged in legally dubious parallel construction. "

    The kind of things the DEA is supposed to be doing are law enforcement things that lead to criminal prosecutions. So, either they are doing things they are not supposed to be doing (i.e. domestic spying for other reasons) or they are lying about things in court. Neither possibility makes them look good.

    link to this | view in thread ]

  3. identicon
    Nigel, 21 Apr 2015 @ 4:12pm

    Re:

    The answer to that would seem to be much, much worse.

    link to this | view in thread ]

  4. icon
    Zgaidin (profile), 21 Apr 2015 @ 4:33pm

    Human Rights Violations

    "PI says it has evidence this software has been sold to governments known for human rights abuses..."

    You mean like the USA?

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 21 Apr 2015 @ 4:51pm

    ... how do people not know that the DEA is an intelligence agency...

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 21 Apr 2015 @ 4:58pm

    Re:

    However if they are bypassing export restrictions at that company it would good if they got their legal house in order quickly.

    link to this | view in thread ]

  7. icon
    art guerrilla (profile), 21 Apr 2015 @ 5:18pm

    Re:

    many have...
    Empire does not hear the baleful bleatings of the sheeple...
    there were *record* numbers of protests -both worldwide and domestically- *before* the iraq war, and it mattered not one whit to Empire...
    the occupy movementette, was crushed with extra-legal -and quite konspiratorial- means with hardly a *bahhh* from the sheeple...
    (of course, *part* of that is the near-absolute control of the media, and who don't report on stories embarrassing to Empire...)
    frei sprech zones, sekret executive Orders, extra-judicial executions, bribery legalized, morality compromised, and mammon our highest god, our only aspiration...
    but it is not the chains of Empire which restrain us, but the chains we imagine ourselves to be bound by...

    who will be first to step into the chasm ?
    ...and who will follow ? ? ?

    link to this | view in thread ]

  8. icon
    orbitalinsertion (profile), 21 Apr 2015 @ 6:48pm

    What kills me is that as these things become apparent, I don't see any calls to patching software, fixing hardware, or or fixing standards and protocols to mitigate this type of activity. And while we get patches for some things, they certainly don't even cover the (much cheaper if the governments are interested) criminal markets for similar wares (and a lot of other innovative, if ghastly, stuff). And I don't believe for a second that major vendors couldn't get (or haven't gotten) their hands on these things or enough info to mitigate.

    Of course a lot of entry is via other tactics, social engineering, and complicity. But it's like they don't try at all.

    link to this | view in thread ]

  9. icon
    Padpaw (profile), 21 Apr 2015 @ 9:24pm

    Re: Re:

    Watching what has been happening in the states makes me wish Canada would build a border wall to try and limit the breakdown of society when it happens from spilling over into us too much

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 22 Apr 2015 @ 1:49am

    So, the tl;dr is that the DEA are the equivlaent of the Syrian Electronic Army.

    Good to know.

    link to this | view in thread ]

  11. identicon
    Linux, 22 Apr 2015 @ 6:14am

    I'm glad I don't use Windows.

    link to this | view in thread ]

  12. identicon
    America the FREE, 22 Apr 2015 @ 7:53am

    Its Just A Go*Damned Piece of Paper

    Its easy to see law enforcement agencies steadily becoming enemies of the America we all know as citizens because of policies handed down the chain of command by people who exclaim what they really think of our US Constitution.

    link to this | view in thread ]

  13. icon
    James Burkhardt (profile), 22 Apr 2015 @ 8:17am

    Re:

    I am having a hard time parsing your statement....

    What kills me is that as these things become apparent, I don't see any calls to patching software, fixing hardware, or or fixing standards and protocols to mitigate this type of activity.


    Like the calls for improved encryption and the calls to push buggy, vulnerable, outdated software (like java and flash) off the web by major tech companies? those calls?

    nd while we get patches for some things, they certainly don't even cover the (much cheaper if the governments are interested) criminal markets for similar wares (and a lot of other innovative, if ghastly, stuff).


    I can't seem to figure out what you are saying here. Much cheaper then what? similar to what?
    Are you refering to Security patches? no-that doesn't make any sense.
    The software being discussed in the article? how is it cheaper then itself?

    And I don't believe for a second that major vendors couldn't get (or haven't gotten) their hands on these things or enough info to mitigate.


    It would seem that the software is stuff that needs to be installed on the target system. If it obeys the computers rules, its hard to break in the OS without breaking legitimate software. Mitigation of spyware has been a war for a long time, and generally requires software designed to mitigate it. Microsoft had a great solution. Provide a free, baseline anti-malware solution to get fixes for spy- and malware out to the people as quickly as microsoft can fix them. Norton and MacAfee shut that down.

    One place I admit I have always been confused about is why the light on a laptop webcam isn't directly tied to the power system on the camera itself. No software turn on the light, but literally have the camera and led power intertwined, hardline. You can't turn on one without the other. That would fix one problem.

    link to this | view in thread ]

  14. identicon
    Inna Flash, 22 Apr 2015 @ 8:21am

    Re: Its Just A Go*Damned Piece of Paper

    We have to acknowledge Neil Young's take on it too.. In a lyric from 'Rockin in the Free World' he sings, "We got a kinder, gentler machine gun hand."

    Someone won't let us have a kindler gentler nation. And its all f*cked up now, isn't it?

    link to this | view in thread ]

  15. icon
    James Burkhardt (profile), 22 Apr 2015 @ 8:48am

    Re:

    Too bad the RCS is also advertised to work on Linux.

    link to this | view in thread ]

  16. icon
    John Fenderson (profile), 22 Apr 2015 @ 9:22am

    Re:

    As a long-time Linux user, I feel duty bound to recommend that you don't get too complacent just because you use Linux. While there are more exploits for Windows, there are exploits aimed at Linux as well. No system is 100% secure, regardless of what OS it is running.

    link to this | view in thread ]

  17. identicon
    Jack, 22 Apr 2015 @ 11:13am

    John Oliver had the right idea

    You can use big and scary words to describe the absurd capabilities of the alphabet agencies but people just do not give a fuck until they find out the government can see their dick (or their significant others' dick) as John Oliver recently proved.

    Techdirt, you need to frame this as "the DEA can see your dick" and maybe, just maybe, we can have a serious conversation about privacy and the state of the 4th amendment.

    link to this | view in thread ]

  18. icon
    GEMont (profile), 22 Apr 2015 @ 11:55pm

    Re:

    Not quite.

    Perhaps the S. E. Army with an army of foreign fascist billionaire backers, total immunity from world law enforcement consequences, and the largest arsenal of electronic hacking hard&software on earth, might be a better measure.

    I like to think of the CIAF BINSADEA as the Electronic MAFIA on Steroids.

    ---

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.