U.S. service providers used to “launder” spyware, say Canadian researchers

The United States is proud of its leadership in information technology. So perhaps it is no surprise that a company that apparently helps governments in their digital spying chose U.S. service providers to launder their applications.

The University of Toronto’s Citizen Lab said in a report this week that an Italian company called Hacking Team, also known as HT S.r.l., which sells a so-called “remote monitoring implants” only to government agencies, runs some of its operations through U.S. based data centres.

Hacking Team’s flagship Remote Control System (RCS)product, is called “the hacking suite for governmental interception” by the company,  according to the report.

Citizen Lab has traced RCS proxy chains and says the U.S. servers appear to assist the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.

“The extensive and deliberate use of dedicated U.S. hosting companies by foreign countries’ wiretapping activities raises a number of pressing legal and policy concerns,” says the report. “These include whether RCS client countries violate U.S. law and longstanding international legal principles on sovereignty and nonintervention through use of this spyware.

“Moreover, RCS client countries, by exposing wiretap data to U.S. and other jurisdictions, may have violated internal laws governing the safeguarding of wiretapped material.

RCS can record Skype calls, copy passwords, e-mails, files and instant messages, and turn on a computer or phone’s webcam and microphone to spy on nearby activity, says the report.

Click here to read the full report

There are news reports suggesting evidence that RCS has been used to target journalists in Morocco, activists in the UAE and a U.S.-based critic of Turkish charter schools, says the report.

The Washington Post carried this news story on the report, which also quoted spokesman for Hacking Team, who noted much of the world’s Internet traffic flows through the U.S. He also said  that the company’s clients use its tools to watch communications of people under criminal investigation.

What bothers Citizen Lab in party is that RCS traffic going through the U.S. “not normal routing incident to benign electronic communications, but the purposeful use of U.S. servers for the surreptitious transmission of wiretapped data to foreign governments.” However, it acknowledges that it isn’t clear if it violates U.S. law.

“Hacking Team’s use of U.S.-based services as part of its spyware also creates liabilities for the companies providing such service,” the report adds. “As a matter of corporate social responsibility, these companies certainly would want to ensure that their services are not used for purposes potentially in violation of U.S. and international law and inimical to the enjoyment of basic human rights. We suspect Hacking Team does not inform its US-based service providers of the nature of the data it transmits, and question what representations Hacking Team has in fact made to these companies.”

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web