Reply All - #32 The Evilest Technology On Earth :-)
Episode Date: July 13, 2015On July 5th, a hacker leaked hundreds of gigabytes of information stolen from a company that sells surveillance software to some of the most oppressive regimes in the world. We look into what journali...sts have found so far. Also, a new Yes Yes No! Don't forget to go to your local movie theater and check out Cast Party! You can see Reply All, Invisibilia, Radiolab, and more, LIVE ON STAGE! www.castparty.org Sponsors: Hover www.hover.com (offer code "discrection") Stamps.com www.stamps.com (offer code "reply") Mailchimp www.mailchimp.com Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
From Gimlet, this is Reply All. I'm Alex Goldman.
You're the dictator of a small country, and you've decided that you want to spy on the computers and cell phones of some of your citizens.
Maybe you want to put a stop to some pro-democracy protests, or maybe you're trying to stop a would-be terrorist.
Until recently, the tools you'd need to do NSA quality surveillance were too expensive.
But these days, you can just go out and buy it.
Cheap. The company that sells it, they even advertise online.
You need more.
You want to look through your target's eyes.
You have to hack your target.
This is an ad for an Italian company called The Hacking Team.
While you're listening to it, imagine the accompanying image.
A hooded figure slowly and ominously lifting his head to reveal a spooky, goate, hacker-looking dude.
Rely on us.
I'd never heard about the Hacking Team until last week.
When on Sunday, July 5th, someone released 400 gigabytes of information they stole from the
hacking team servers. You might have seen the headlines, but you probably didn't do what I've
been doing the past week, pouring over all these crazy details, the inner workings of a private
spying company. On Sunday, I called up Ryan Gallagher, a reporter for The Intercept, and he says
that reporting on the hacking team has always been slow and frustrating work, at least up until this hack.
So this came out last Sunday night, and on Monday morning I started going through, and I didn't stop
until about Thursday or Friday.
I hardly even ate any food.
I was just like totally engrossed in these emails.
And I just couldn't believe my jaw was just like,
it was a jaw-dropping kind of scenario
just to actually see it there in black and white.
It's just like someone just suddenly turning the light on.
The hacking team offers their clients a bunch of different services.
Their most popular off-the-shelf software is called
Remote Control Systems or RCS.
It can be installed on computers or smartphones,
through an innocuous-looking email attachment or by USB key.
And Ryan says that once it's on there,
it gives the government complete control.
It allows whoever's done the infection, a government agency,
to steal, say you've got photographs on there, documents,
also to record audio if you're doing a Skype conversation like you and I are now,
or if you're making a phone call for them to record the audio of the phone call,
to make copies of your text messages, your WhatsApp chat.
They can tap the location function on your phone
to see exactly where you are at any given moment.
And what's crazy, considering the company's just 40 employees,
is that their reach is massive.
To say nothing of their work with the United States,
the hacking team has made clients of countries all over the world.
The top ones are Mexico, Italy and Morocco
in terms of the revenue,
but they've also done deals with Saudi Arabia.
Arabia, Malaysia, the United Arab Emirates, Singapore, Kazakhstan.
This list goes on for a long time.
And the hacking team says that they work with these countries to help them get their bad guys.
But the problem is that a lot of these places the hacking team works with
have pretty terrible human rights records.
They're not very, shall we say, conservative about who they sell to.
They were trying to sell to a Bangladeshi so-called Death Squad called the Rapid Action Battalion,
which is known for systematically torturing and executing people,
you know, it doesn't really get much worse, to be honest.
Some of the fancy footwork the company uses to stay out of trouble was pretty stunning.
In 2012, a prominent blogger in the United Arab Emirates named Ahmed Mansour
was beaten by authorities after they tracked him using the hacking team's flagship software, RCS.
And in the files that were released this week,
you can see their PR guy, Eric Rabe, trying to come up with a plausible defense when RCS
was found on Ahmed Mansour's computer.
That one is the great one because he's caught red-handed.
That's him trying to cook up a denial,
and he's suggesting, that's him proposing to his colleagues internally,
and he's asking them, can we think of any other software that has RCS in it,
and we can say that, well, it's no, it's commonly, you know,
RCS is this common acronym that's used.
Like, he's trying to find something else that they can,
and it's just horrendous.
this, you know, this is just the level of deception.
I mean, I just find it so disturbing.
In the hacking team's internal emails,
they sometimes worry that one day, all this might happen,
that journalists might be able to read through their private emails.
For example, the CEO of the hacking team, David Vincenzetti,
joked at one point,
imagine this, a leak on WikiLeaks showing you explaining the evilest technology on earth.
He punctuated it with a smiley face.
The hacking team also loves to insult privacy advocates and human rights activists who want more insight into the company's operations.
They're casually referred to as idiots and imbeciles.
One hacking team staffer even offhandedly joked about wanting to have ACLU privacy activist Chris Zagoyan killed.
Right in quote, if I could gather up enough Bitcoin, I would use a service from the darknet and eliminate him.
An asshole of this caliber doesn't deserve to continue to consume oxygen.
All along, I'd been picturing the hacking team.
as a bunch of programmers sitting in front of computers,
trying to find weaknesses in software that they wanted to break into.
But then I talked to Kim Zetter, a reporter at Wired,
and she told me that the hacking team actually buys the work of other hackers.
They'd been stockpiling what are called zero-day vulnerabilities,
a flaw in phone or computer software that the company spent zero days trying to fix.
They don't know about this flaw, but the hacking team does.
And they use them as a back door into their targets' computers.
We see an email exchange with a company, a security company called Netrigard, where they were talking about selling a zero-day exploit to them, and they were batting back a figure of about $105,000 for that particular exploit.
That is so much money.
That is so much money.
That can be on the low end.
So zero days can go for anywhere from $5,000 to half a million dollars or even a million dollars or more.
Whoever's behind this hack could have made a lot of money selling these zero-day exploits rather than publishing them for public consumption.
but they didn't.
The motivation here appears to be, you know, sort of as a social justice hack.
A hacker who wanted to benefit from this economically would not dump these documents.
They would have used the zero days for themselves or sold the zero days.
So it's clear that this was for exposing hacking teams evasiveness and, you know, it's lies over the years.
No one knows who this hacker is.
All we have is the name they've given themselves, Phineas Fisher.
Whoever he or she is, they weren't available for an interview.
Of course, I wanted to talk to someone at the hacking team,
but private spy companies don't just get on the phone with reporters.
Hello.
Hi, is this Eric?
Yes, it is.
Which is why I was so surprised when Eric Rabe picked up the phone.
Eric Rabe is the hacking team's spokesman.
And like everyone else, he's dying to know
who hacked the hacking team.
Do you know who perpetrated this hack
and what their motivations were?
I'd love to know.
I've got the name of
Phineas Fisher.
I don't...
Who is Finneyish Fisher?
I don't know.
Obviously, the ego, the signs of all outdoors.
I've no idea.
Eric told me he wanted to set the record straight.
He says that his company,
despite what reporters and human rights activists think,
is actually working for the greater good.
even if from the outside, their client list suggests otherwise.
Let's take Saudi Arabia.
Now, Saudi Arabia, a lot of people would argue as a repressive regime
and that their human rights is not good
and they oppress women and so on and so forth.
You know, the United States sells F-15 fighter jets to Saudi Arabia
in the background of its Air Force,
and I think it's generally considered to be an ally of the West.
And furthermore,
I think in a country like that you could argue
that there's a real good reason to have the capabilities that we provide
because those places have issues with terrorists
who are developing their networks and setting up shop
and they need to be dealt with.
But here's the problem.
The hacking teams say that they're good guys behind closed doors,
but those doors have to stay closed because they've promised their client's secrecy.
We guarantee in our contracts that we will not.
disclose who our clients are.
That's something the clients want, and we've agreed to.
What this means is if they do sever ties with a bad regime for beating up dissidents,
they can't go out in public and tell everyone about it.
And that's frustrating.
I think the difficulty is that it's impossible for me to verify that you operate ethically
because you can't give specifics due to your confidentiality.
So it reads like a dodge, even with former clients.
You know what I mean?
Yeah.
I get it.
yeah now i understand that and that's a we're willing to take because we know that we've got to protect
the confidentiality of the legitimate users of the software we're trying to do a good job in protecting us
you know and i understand that it's never going to be satisfactory to you know a human rights
activist group for me to say that and not let them come in and you know i don't know what they would
like maybe they'd like to sit in our operations center for a while or maybe every day or what but
you know, that's not an option.
So if you don't want human rights activists sitting in your control room watching how you guys work,
what do you say to a bunch of journalists?
Would you let us come to check out what you do?
That'd be even worse.
Not being facetious, but I think if you were operating a police department,
you know, you probably would want to be able to conduct your investigations without the oversight of either human rights activists or journalists.
Well, you know, you're sort of walking a strange line in that there are, in that you're selling this very powerful software.
And it seems like it would be very difficult for you to police how morally the people you're selling to are operating.
Well, that's right.
I don't think we're in the business of policing it, to be perfectly honest, we do our best to make sure that we don't, you know, just want and we give it to people who are going to do bad things.
but at the end of the day, you're really counting on the police forces to do the right thing.
So I guess you get down to this question of, well, can we trust authority?
And of course, there are many people who don't think you can,
but most people, I think, expect that you will.
In response to this leak, the hacking team has temporarily asked all of its customers to stop using its software.
The hacking team continues to send out press releases that amount to it saying everything is fine,
but the intercepts Ryan Gallagher does not buy it.
Let's be frank about this.
There's no way that they're in anything other than a complete crisis over this.
I mean, their entire client list, all their contracts,
years of private, highly revealing, candid, politically explosive emails
have been dumped online.
So this is basically, this leak has shut down their whole operation, at least temporarily.
Chris Segoion, the ACLU activist who the hacking team said, quote,
doesn't deserve to continue to consume oxygen.
He says that even if the hacking team does go under,
there will be more shadowy companies to replace them.
I suspect there will be other companies that will be quite eager to take their place
because ultimately, you know, there are a lot of governments around the world now
that want this software and there's money to be made from ethically flexible executives
who don't mind providing this kind of technology to,
to the governments that want it.
If you want to search the leak yourself,
WikiLeaks has posted it,
and it's searchable by keyword.
Stick around after the break.
We have a history-making yes-yes-yes-now.
It's time once again for yes-yes-no.
The segment on this show
where PJ and I pretend to have
any real expertise in anything,
in this case, it's mostly arcane internet culture stuff.
But this week, even PJ
doesn't quite have the expertise required.
And so he turned to me,
and Alex Bloomberg.
Just a warning, there's quite a bit of profanity in this segment.
So I've been seeing something popping up on my internet that I don't understand,
and that I actually think that the two of you between you have a better chance of understanding than I do?
Oh, yes, yes, no.
With PJ as the no.
The Twilight Zone version.
This is the version where suddenly, like, being a dad of a small child gives you access to a world of important information.
Ah, yes.
Um, okay. So do you guys know what minions are?
Yeah. Yes. Oh, great. Okay. So I got sick for a week and I wasn't really on the internet. And when I came back, all anybody would talk about was minions. Um, can I reuse some of these minion tweets? Sure. These are mostly from weird Twitter. Um, this is from a woman named Tough Ghost. I want a minion to beat me to death.
This is from Katie Natobulus, the world's greatest internet troll reporter.
My quest to fuck the minions has hit some road bombs.
If you believe I will fuck the minions, please send me good vibes.
Hashtag minion fuck quest.
And then there's a still of a minion, which is like a yellow banana with one eye.
It looks like Pixar.
The minion is between two fire, yellow fire hydrants.
And it's looking at them like sort of lasciviously.
and then somebody tweeted,
holy shit, are you kidding me?
The minion wants to fuck the fire hydrants
at minions.
So what's your question?
I just don't know.
I don't know what they are.
I don't know why they're suddenly inescapable,
and I don't know what people's primary feeling is about them.
Do you mind if I...
I think together we can take this.
Why?
I want to hear you do this.
All right.
So there was a movie called Despicable Me.
Do you remember this?
No.
It was an animated feature
and it started the voice of Steve.
Steve Carell as a super villain named Gru.
And he ended up caring for three children and found love inside his frozen heart.
And he had a secret laboratory in his house.
And the assistants that worked in his laboratory were these little yellow fire hydrants with one eye called minions.
And they speak in this sort of like adorable sort of like, you know, sort of gibberish sort of thing.
But now because of the age we live in, those side characters, one or two sequels later, get their own movie.
A la the Penguins of Madagascar.
Oh, man, this is not getting...
That reference did not help me at all.
Is this what it feels like for you all the time?
Yes.
Welcome to my own world.
Wait, you never...
The Penguins of Madagascar.
That one flew right over my head, too.
Oh, my God.
All right.
So there was a movie in which the Penguins of Madagascar.
Madagascar became like the sort of like they got their own movie eventually.
Anyway, I saw the original Despicable Me, too.
I did not see Despicable Me Too.
And I have not seen the most recent movie.
But I know that it is bananas popular because you got that information from Twitter.
I got that information from my four-year-old son.
He doesn't watch TV really.
He's scared of everything.
like he's very terrified of cartoons
and would not
ever want to see a full-length feature of anything
started talking to me out of the blue about minions
and what did he say?
He was like, Daddy, that looks like a minion
or like that man was wearing glasses
like a minion wears or something like that.
Like he was just like, they're just like a thing
that's in his world now.
Sort of the very same way
that they're a thing that's in your world.
I don't know what his channels are.
I'm pretty sure it's not social media,
but somehow that's how powerful this movie is.
It is like, you know, it's crept into everybody.
So minions have become so popular.
People have started making like these sort of nonsensical memes, like totally straight-faced,
not like the ones that you saw.
Okay.
These sort of straight-faced memes that they post on Facebook, which is like a picture of two minions smiling.
And it's like that feeling when you get a three-day weekend.
But like if you look at this one, it's a sad-looking minion.
And it says keep calm and pretend it's not Monday.
Okay.
And it's like they're.
faces have become this sort of stand-in
for all kinds of emotions.
So this has become
a thing that I think that, you know, aunts and
uncles of the people who
live in Weird Twitter are doing.
So Weird Twitter are just taking this
the like culture's love
of the minion to this really
sort of Dadaist absurd place.
I think I have this.
Can I try to explain it to you guys?
Oh my God, this is such a revolutionary.
This is definitely first. It's weird
to be on the other side. It requires like a lot more
concentration.
It's like a lot more like doing math and a lot less like telling someone a story.
Okay, so there was a series of children's movies starring a villain and his henchman called
Minions, which are one-eyed banana creatures.
Eventually they were spun off into their own movie, which has become such a massive
cultural phenomenon that minions right now are like the smiley face.
They're inescapable and people imprint whatever feeling they have onto them.
The people in my corner of the internet are making a joke about how everyone loves minions
and sexualizing it to be inappropriate.
I think you got it.
Right?
Yes, yes, yes.
Are you shocked like, oh, you don't know about that?
You are shocked that you don't know about that.
Normally, I feel shocked that you don't know about these things because they feel like everybody's talking about them.
Right, right.
But, like, I haven't.
my cultural world does not include the minions.
That's amazing.
I feel like I had the same feeling about the vastness of the world
and sort of the inescapability of me losing touch with pop culture.
When I started realizing that they were incredibly popular young musicians
whose music I could not pick out.
I could not tell you what song Ariana Grande plays.
She does bang, bang.
I don't even know who Ariana Grande is.
And we're back at yes, yes, no.
Reply All is hosted by PJ Vote and me, Alex Goldman.
We were produced this week by Tim Howard, Shruthy Pinnamennany, and Fia Benin.
Production assistance by Sylvie Douglas.
Matt Lieber is a new haircut that's not all messed up and weird.
Our show is mixed by Rick Kwan.
Special thanks this week to Emily Kennedy.
Our theme song is by the mysterious breakmaster cylinder,
and our ad music is by Build Buildings.
You can find more episodes at iTunes.com slash Reply All.
Our website is replyall.
com.
Thanks for listening.
We'll see you next week.
And then also, I would just get the diapers line one more time.
All right.
Reply else hosted by PJ Vote and me, Alex Goldman.
I love to sniff up diapers.
Can you do it?
I don't want it to sound like an endorsement,
but I want you to sound enthusiastic.
Reply all's hosted by PJ Vote and me, Alex Goldman.
I love to sniff up diapers.
Not sleazy, though.
Almost like, almost like, I love a good diaper snap.
All right, great, great.
Yeah.
Reply all is hosted by PJ Vote and me, Alex Goldman.
I love to sniff up diapers.
That's good.
Okay.
You don't think I ever sold it?
I just wanted to do one more to where it's like, in the moment.
It's like you've been sniffing up diapers all this time, and you're realizing, oh, this is what I love.
Okay, I got, I got it.
Okay.
Reply all is hosted by PJ Vote and me, Alex Goldman.
I love to sniff up diapers.
Okay, we keep going.
We were produced this week.
We were produced this week by Tim Howard, Shrewthy Pinnameney, Fia Bennon, and edited by Alex Bloomberg.
Perfect.