An official of the Ghana Gas Company has been cited in a hacked email which can be read on Wikileaks seeking to acquire a hacking device from Italian company Hacking Team for the Bureau of National Investigations (BNI). The BNI is Ghana’s secret service.
The official, Richard Attoh-Okine, who is Head of Information Technology at the Ghana National Gas Company, sent an email to Hacking Team, manufacturer of surveillance spyware whose emails were leaked in a large data dump last Sunday.
In the short initial email sent on Februray 24, 2014, which has been published by WikiLeaks, Attoh-Okine asked for the price of Hacking Team’s Remote Control System (RCS).
He wrote: “Good Afternoon
Please what is the pricing for Remote Control System (RCS)”
Richard NII Attoh-Okine
Head of Information Technology
Ghana National Gas Company Limited
This is how Hacking Team describes the RCS on its website:
“In modern digital communications, encryption is widely employed to protect users from eavesdropping. Unfortunately, encryption also prevents law enforcement and intelligence agencies from being able to monitor and prevent crimes and threats to the country security.
Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.
Cyberspace has no boundaries. Your suspect can be anywhere today, while your hands are tied as soon as he moves outside the country.
You cannot stop your targets from moving. How can you keep chasing them?
What you need is a way to bypass encryption, collect relevant data out of any device, and keep monitoring your targets wherever they are, even outside your monitoring domain.
Remote Control System does exactly that.
Take control of your targets and monitor them regardless of encryption and mobility. It doesn’t matter if you are after an Android phone or a Windows computer: you can monitor all the devices.
Remote Control System is invisible to the user, evades antivirus and firewalls, and doesn’t affect the devices’ performance or battery life.
Hack into your targets with the most advanced infection vectors available. Enter his wireless network and tackle tactical operations with ad-hoc equipment designed to operate while on the move.”
Writing for the Medium, an online news source, freelance journalist Shaun Raviv indicates that a sales representative from Hacking Team named Emad Shehata, replied to Attoh-Okine later the same day and asked him to fill out a non-disclosure agreement (NDA) so they could further the discussion and speak confidentially.
The journalist however, notes that nearly three months later, in May, it appears Attoh-Okine spoke with the Hacking Team representative over the phone. “Thanks for your calling last week,” wrote Shehata.
After the phone discussion, it seems that Shehata did not have further contact with Attoh-Okine. However, some details of their call come out in an internal Hacking Team email, written in Italian and translated here.
“I just had a call with a Ghanaian client. It’s a national petroleum company,” wrote Shehata to Hacking Team COO Giancarlo Russo and sales manager Marco Bettini. “The end client is the secret service agency, who for political-economic reasons can’t buy directly, but [instead buy] through one of their organizations.” Raviv wrote.
Hacking Team’s clients are known to be some of the world’s most repressive regimes and governments.
According to the Intercept “documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.”
Citing the documents, Intercept says internal emails and financial records show that in the past five years, Hacking Team’s Remote Control System software — which can infect a target’s computer or phone from afar and steal files, read emails, take photos and record conversations — has been sold to government agencies in Ethiopia, Bahrain, Egypt, Kazakhstan, Morocco, Russia, Saudi Arabia, Sudan, Azerbaijan and Turkey.
The hackers who attacked the Hacking Team retrieved 400 GB of data. The data consist of details about the company’s client lists, passwords and other details into its own products.
By Emmanuel K. Dogbevi