The Blackwater of surveillance, the Hacking Team is among the world’s few dozen private contractors feeding a clandestine, multibillion-dollar industry that arms the world’s law enforcement and intelligence agencies with spyware. Comprised of around 40 engineers and salespeople who peddle its goods to more than 40 nations, the Hacking Team epitomizes what Reporters Without Borders, the international anti-censorship group, dubs the “era of digital mercenaries.” ... The Italian company’s tools — “the hacking suite for governmental interception,” its website claims — are marketed for fighting criminals and terrorists. ... “Privacy is very important,” Vincenzetti says on a recent February morning in Milan, pausing to sip his espresso. “But national security is much more important.” ... Between 2003 and 2004, Vincenzetti and two college friends worked in their dank, underground apartment and coded what would become the Hacking Team’s flagship software. Called the Remote Control System (RCS), it commandeers a target’s devices without detection, allowing a government to deploy malware against known enemies. (The product was later dubbed Da Vinci, then Galileo.) Think of it as a criminal dossier: A tab marked “Targets” calls up a profile photo, which a spy must snap surreptitiously using the camera inside the subject’s hacked device. Beside the picture, a menu of technologies (laptop, phone, tablet, etc.) offers an agent the ability to scroll through the person’s data, including email, Facebook, Skype, online aliases, contacts, favorite websites, and geographical location. Over time, the software enables government spooks to build a deep, sprawling portfolio of intelligence. ... A hacktivist known as Phineas Fisher had hijacked the Hacking Team’s official Twitter account and posted an ominous message: “Since we have nothing to hide, we’re publishing all our emails, files, and source code.” Following the message was a link to more than 400 gigabytes of the company’s most sensitive data.
Much has been made of Israel’s status as “Startup Nation.” Not even the size of New Jersey, with a population smaller than New York City’s, Israel is home to more Nasdaq-listed companies than any country except the U.S. and China. On a per capita basis Israel boasts more venture capital, more startups and more scientists and tech professionals than any other country in the world. ... To understand these dizzying numbers, you need to understand the mysterious Unit 8200. While no one has ever disclosed how large it is, FORBES estimates the unit has, at any given time, 5,000 people assigned to it, all mandated to deploy the latest technology, often in life-or-death situations, with surprisingly little guidance. ... what’s in 8200′s special sauce? After speaking with more than two dozen 8200 veterans, we narrowed it down to five things that, taken together, provide a pretty good blueprint for Startup Nation–and a pretty powerful cheat sheet on how to launch a successful tech startup. ... Unit 8200 predates Israel’s war of independence in 1948. Starting in the British Mandate period of the 1930s, what was then known as Shin Mem 2 (an acronym of the Hebrew phrase for information service) bugged phone lines of Arab tribes to learn about planned riots. In 1948 it was renamed 515–a random number so that it could be discussed without using words. In 1956, the year of the second war between Israel and its Arab neighbors, the name was changed again, to 848. ... Unit 8200′s turning point came when Israel’s did, in 1973, after the Yom Kippur War ... That moment, which led to national soul-searching, resulted in a reboot. The unit would then be known as another random number, 8200. And it would become completely departmentalized, so that various teams in the unit wouldn’t know what other teams were doing. Each squad, like a startup, was pretty much on its own.
There was a time, a few years back, when the most sophisticated cyber-warfare tools were still developed and used exclusively by the world’s most sophisticated cyber-warfare combatants: government spy agencies, such as the ultra-secret National Security Agency and its counterparts in Israel and other developed countries and their arch-rivals in China and Russia. The surveillance and monitoring capabilities that Edward Snowden unveiled to the world in 2013 were shocking and little understood, but an ordinary citizen could at least take comfort in the belief that, if he wasn’t a criminal or a spy, it was unlikely these tools would ever be used against him. ... That was then. ... last August, came the startling confirmation from Apple itself: a genuine remote jailbreak “in the wild,” the one discovered and identified by Marczak and the Lookout researchers. To everyone’s surprise it had been out there operating secretly for years. ... By 2010 a true black market for zero days was emerging beyond the usual black market. ... In this new black market few knew exactly who the buyers were, but it was widely assumed that many were governments looking for clever new ways to spy on their own citizenry.
On average, an American office worker sends and receives roughly 120 emails per day, a number that grows with each passing year. The ubiquity and utility of email has turned it into a fine-grained record of our day-to-day lives, rich with mundane and potentially embarrassing details, stored in a perpetual archive, accessible from anywhere on earth and protected, in some cases, by nothing more than a single password. In the case of Violeta Lagunes, her email login represented a point of vulnerability, a seam where the digital walls protecting her campaign were at the mercy of her human judgment — specifically, whether she could determine if a message from an apparently reputable source was real or fake. ... Not only will a working email password yield years of intraoffice chatter, invoices, credit-card bills and confidential memos; it can often be leveraged into control of other personal accounts — Twitter, Facebook, Amazon — and even access to company servers and internet domains.
The Cyber-Cassandras said this would happen. For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world. ... Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality. ... And the blackouts weren’t just isolated attacks. They were part of a digital blitzkrieg that has pummeled Ukraine for the past three years—a sustained cyberassault unlike any the world has ever seen. A hacker army has systematically undermined practically every sector of Ukraine: media, finance, transportation, military, politics, energy. Wave after wave of intrusions have deleted data, destroyed computers, and in some cases paralyzed organizations’ most basic functions. ... In a public statement in December, Ukraine’s president, Petro Poroshenko, reported that there had been 6,500 cyberattacks on 36 Ukrainian targets in just the previous two months.