Italian spyware company relies on US Internet servers

WASHINGTON — An Italian computer spyware firm, whose tools foreign governments allegedly have used to snoop on dissidents and journalists, relies heavily on the servers of US Internet companies, according to a new report.

At least 20 percent of the servers used by clients of Hacking Team, based in Milan, are located in the United States, effectively making the companies that own those servers key nodes in a hidden global network of spyware servers, according to a report to be released by Citizen Lab, at the University of Toronto’s Munk School of Global Affairs.

The discovery raises ethical questions for the cloud companies whose servers Hacking Team clients use to surreptitiously take control of targets’ computers and phones, turn on Web cameras, and intercept encrypted communications. And it comes amid a growing cry for export controls on such software. The United States was home to the single largest concentration of Hacking Team servers detected since May 2012, according to the researchers. Of the 555 machines identified worldwide, the researchers found that 80 belonged to Linode, an Atlanta firm, and that 40 of those were in the United States.


With Citizen Lab’s help, a human rights activist in Dubai recently discovered that his computer had been hacked using the Italian firm’s software. His e-mail was still being read even after he changed the password. In Morocco, computers belonging to a group of journalists critical of the government were hacked using the same spyware. And in December, an Ethiopian journalist in the United States was targeted, again apparently using Hacking Team software, according to Citizen Lab.

Get Talking Points in your inbox:
An afternoon recap of the day’s most important business news, delivered weekdays.
Thank you for signing up! Sign up for more newsletters here

A Linode server in Atlanta and one in London were linked to the Dubai and Morocco cases, respectively, to said the report’s lead author, Bill Marczak, a Citizen Lab research fellow.

‘‘What we’ve tried to do here is unravel Hacking Team’s labyrinthine hidden collection structure that they use to hide government spying globally,’’ said Morgan Marquis-Boire, a senior researcher at Citizen Lab.

The researchers found that the US servers linked to Hacking Team in some cases attempted to camouflage themselves as US companies and websites such as Apple and ABC News.

A spokesman for Hacking Team, which has a sales office in Annapolis, Md., did not dispute the findings on its US servers. ‘‘Much of the world’s Internet traffic transits the United States, so it is no surprise that Citizen Lab would find servers in this country carrying all manner of Internet traffic including that of various criminals and terrorists,’’ Eric Rabe, the firm’s chief communications executive, said in an e-mail.


‘‘Our clients do not use our tools to attack US systems, but rather to perform surveillance on subjects of criminal investigations. The tools are used to intercept communications from [a] particular subject’s devices, not to perform some sort of general scanning of an entire population or the traffic of a particular server.’’