Intelligence agencies in India are seeking the ability to legally conduct phone tapping and intercept data, including on phones abroad, according to emails published by WikiLeaks.
Emails from the Hacking Team reveal that an Italian spyware company were in communication with Indian authorities to provide them with surveillance technologies.
The most startling fact that emerges from these mails is that the Indian intelligence agencies could be looking to acquire know-how not just target-specific, but the ability to throw a sweeping net of surveillance over a large number mobile phones.
While capabilities to target specific phones already exist with the agencies, the kind of capability that they seem to be now looking for is almost in line with the privacy breach that Edward Snowden leaks exposed of the US intelligence set-up.
This also means the agencies could be looking to side-step the need to get written permission of the Union home secretary before carrying out any interception. Every single case of telephone interception can be done only with the written permission of the home secretary at the Centre or his counterpart in a state. In the past, both NTRO (National Technical Research Organization) and Army intelligence kicked up huge controversies over their use of ‘off-the-air’ interceptors without legal sanction.
An email sent in April 2013 by a senior official of Hacking Team to their business partner NICE of Israel reveals the sweeping capabilities that Indian intelligence agencies planned to acquire.
Massimiliano Luppi of HT, after talking to his Singapore team on a presentation to an Indian agency, says that the gap between their capabilities and Indian demands “is the difference between client’s understanding of our solution and the reality of what our solution can do”.
He says the client, possibly R&AW (Research and Analysis Wing), brought a “non-smart phone at the demo and was surprised that we are not able to support non-smart phones”.
But it is “nothing that cannot be easily overcome during the follow up,” the Italian official says. “From operational aspect, they (Indian agency) expected the installation of our agent just by knowing the phone number. In this scenario, the chances of success are just a few and the risk of jeopardizing the whole investigation is high,” Luppi points out.
“It is the same analogy as creating an agent using the WORD exploit, send the same email to 100 people without any knowledge of their target and hope that one of them will open the email and get infected: technically possible, operationally at high risk of being spotted or having the suspect very suspicious that something strange is going on,” he points out.
The HT team specializes in creating interception capabilities that are powerful and can seriously compromise privacy of individuals.
In an email sent to Maharashtra police, one of its senior officials claims that their solution, RCS (Remote Control System), can “attack, infect and monitor target PCs and smart phones, in a stealth way. It allows you to covertly collect data from the most common desktop operating systems, such as: Windows, OS X, Linux. Furthermore, Remote Control System can monitor all the modern smart phones: Android, iOS, Blackberry, Windows phone. Once a target is infected, you can access all the information, including: Skype calls, Facebook, Twitter, WhatsApp, Line, Viber and many more– device location, files, screenshots, microphone, virtual currencies and much more.”
In a brochure for RCS, HT says, “You cannot stop your targets from moving. How can you keep chasing them? What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain. Remote Control System does exactly that. Take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices. Remote Control System is invisible to the user, evades anti-virus and firewalls, and doesn’t affect the devices’ performance or battery life.”
It says RCS will “hack into your targets with the most advanced infection vectors available, enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move”.