The South African government is apparently not a customer of Hacking Team, the disgraced Italian security firm that experienced a massive hack on its systems. However, this is not for lack of trying.
After the Hacking Team's enormous data breach, leaked data revealed several different South African government departments had expressed interest in the firm's surveillance and hacking technology. The breached data included over a million e-mails, which were dumped on the Wikileaks Web site.
The archives reveal other African countries expressing interest, and the firm's leaked customer list does show several paying customers on the continent.
It should come as no surprise that South African agencies were interested in Hacking Team's products: ITWeb previously reported on Gamma International, a firm offering similar capabilities. Gamma's flagship FinFisher hacking suite had been discovered to be operating in South Africa, later confirmed by a leak after Gamma was also hacked.
The same hacker, who goes by the name of "PhineasFisher", has claimed responsibility for both the Gamma and Hacking Team incidents.
Police interest
Several internal e-mails appear to confirm that despite plenty of interest dating back to 2009, numerous contacts, and meetings at trade shows, South African agencies had yet to conclude any business with the Italian firm.
For example, during 2011, Beaunard Grobler, a senior police intelligence officer, confirmed that the South African Police Service (SAPS) had evaluated Hacking Team's products and recommended purchase of the technology. That recommendation had landed on the desk of Richard Mdluli, at the time head of Police Crime Intelligence, just as he was in facing a battery of criminal charges.
Grobler was apparently vexed at the delay: "At this stage I am very frustrated due to the fact that this type of decision is a low priority by the current management. No-one can provide me an answer for the next step," he wrote. No further correspondence appears in the leaked e-mails.
In 2012 one Ben Hlongwane, claiming to represent the "South African Government" reached out to Hacking Team, from a personal MWeb e-mail account, requesting a quotation for the firm's software and services. Again, that discussion appears to dry up after a short exchange.
Two years later, Colonel AK Hoosen, the unit commander of Durban Organised Crime Unit, was separately in contact with Hacking Team in 2014, seeking advice on ways to tackle Google's hosted e-mail service Gmail. David Vincenzetti, CEO of Hacking Team, circulated a memo reading "...such a request indicates that this guy is close to clueless. HOWEVER, we could exploit his request in order to establish a commercial contact." No further conversation is archived.
After 2014's ISS law enforcement tradeshow in Johannesburg, Helgard Lombard reached out from SARS to request technical details of Hacking Team's software, and an account manager offered an on-site demo, but no further discussions appeared to take place.
Lombard was one of the SARS whistleblowers who exposed the existence of the secret "Project Sunday Evenings" team within SARS tasked with spying on the National Prosecuting Authority (NPA) while it was investigating Jackie Selebi.
Luther Lebelo, a SARS spokesman, told the Sunday Times that the agency was "highly shocked" to learn that such a conversation had taken place.
Dubious providence
Hacking Team's leaked data makes fascinating reading, but it must be noted that the authenticity cannot be verified. CEO David Vincenzetti has not denied the veracity of the leaked data, but has claimed that it is "outdated". In addition, there is the very real possibility that the hacker could have tampered with the data before leaking it.
Share