The Blackwater of surveillance, the Hacking Team is among the world’s few dozen private contractors feeding a clandestine, multibillion-dollar industry that arms the world’s law enforcement and intelligence agencies with spyware. Comprised of around 40 engineers and salespeople who peddle its goods to more than 40 nations, the Hacking Team epitomizes what Reporters Without Borders, the international anti-censorship group, dubs the “era of digital mercenaries.” ... The Italian company’s tools — “the hacking suite for governmental interception,” its website claims — are marketed for fighting criminals and terrorists. ... “Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.” ... Between 2003 and 2004, Vincenzetti and two college friends worked in their dank, underground apartment and coded what would become the Hacking Team’s flagship software. Called the Remote Control System (RCS), it commandeers a target’s devices without detection, allowing a government to deploy malware against known enemies. (The product was later dubbed Da Vinci, then Galileo.) Think of it as a criminal dossier: A tab marked “Targets” calls up a profile photo, which a spy must snap surreptitiously using the camera inside the subject’s hacked device. Beside the picture, a menu of technologies (laptop, phone, tablet, etc.) offers an agent the ability to scroll through the person’s data, including email, Facebook, Skype, online aliases, contacts, favorite websites, and geographical location. Over time, the software enables government spooks to build a deep, sprawling portfolio of intelligence. ... A hacktivist known as Phineas Fisher had hijacked the Hacking Team’s official Twitter account and posted an ominous message: “Since we have nothing to hide, we’re publishing all our emails, files, and source code.” Following the message was a link to more than 400 gigabytes of the company’s most sensitive data.
On average, an American office worker sends and receives roughly 120 emails per day, a number that grows with each passing year. The ubiquity and utility of email has turned it into a fine-grained record of our day-to-day lives, rich with mundane and potentially embarrassing details, stored in a perpetual archive, accessible from anywhere on earth and protected, in some cases, by nothing more than a single password. In the case of Violeta Lagunes, her email login represented a point of vulnerability, a seam where the digital walls protecting her campaign were at the mercy of her human judgment — specifically, whether she could determine if a message from an apparently reputable source was real or fake. ... Not only will a working email password yield years of intraoffice chatter, invoices, credit-card bills and confidential memos; it can often be leveraged into control of other personal accounts — Twitter, Facebook, Amazon — and even access to company servers and internet domains.