Skip to content

Emails show the VPD looked to buy cellphone spyware from Hacking Team

November 27, 2015
hacking-team-tootkit-vpd

The VPD took a keen interest in the Galileo RCS suite made by Hacking Team.

On July 10, 2013, a sales team from the notorious Italian surveillance malware vendor Hacking Team was in Vancouver, B.C., at the invitation of the Vancouver Police Department. The purpose of the two person team’s visit was to meet with at least one officer from the VPD’s Tactical Support Section and demonstrate Hacking Team’s clandestine computer/cellphone surveillance software.

Details of the meeting come from a handful of the one million-plus emails made public as part of last summer’s massive unauthorized release onto the Internet of internal Hacking Team documents. Especially handy for journalists and others, has been the searchable WikiLeaks database of Hacking Team emails!

The emails show that Hacking Team demonstrated its intrusion and surveillance software to several interested Canadian police services between 2011 and 2014, including the RCMP in 2011, the Vancouver Police Department in 2013 and the Calgary Police Service in 2014.

The Hacking Team’s principal product was its remote control service (RCS) software, aka, “Galileo” — essentially a piece of malware meant to be secretly installed on a device, whether a computer or a mobile phone, by law enforcement.

The RCS software is capable of intercepting phone calls, text messages, passwords and application data from compromised computers and phones, and can even stealthily turn on a target’s webcam and microphone.

Known customers that have purchased the Galileo RCS software and other spyware made by Hacking Team include two U.S. federal agencies: the Drug Enforcement Administration (DEA), according to Motherboard, and the FBI, according to Wired magazine — not to mention a number of repressive governments known for human rights violations, including Sudan, Morocco, Bahrain and Saudi Arabia.

There is no evidence in the cache of leaked Hacking Team emails that any sales of the RCS software resulted from  demonstrations to Canadian police services.

Though the emails do show that the demonstrations of Hacking Team’s ware were very enthusiastically received.

According to Motherboard, the RCMP was interested in everything that Hacking Team offered, including its notorious arsenal of “black hat” hacking tools, such as zero day exploits.

And in an email to Hacking Team, a Vancouver Police officer says of the 2013 demonstration of the RCS software in Vancouver : “The product is MORE than what I had imagined.  I think it is just what we need.”

The email trail of Hacking Team’s pitch to the VPD

March 14, 2013 — Special Constable David Ainsworth of the VPD’s Tactical Support Section sends an email reply to David Vincenzetti, Hacking Team CEO:

“Hello Mr. Vincenzetti, I really enjoy the articles that you send out. I attended the ISS Word conference in Washington, DC  last October and one of my colleagues, Kyle Hearfield, attended a couple of years back. We recently ran into a problem that we thought your product could help us.  We need to collect iMessages from an iPhone and to our knowledge, even if we could collect the IP data stream, the messages are not readable.  We understand that your product could possibly help us.  Could you have one of your sales representatives contact me at this email address?  I would be interested in knowing what the minimal capability of your product and the cost associated with it. Thanks very much,

David Ainsworth, S/Cst. 2012
Vancouver Police Department
Tactical Support Section
3585 Graveley Street,
Vancouver, BC  V5K 5J5
604-717-3621
604-790-2712″

March 17, 2013 — Alex Velasco, Key Account Manager for Hacking Team, emails the VPD’s David Ainsworth to introduce himself:

“I would be happy to call you on Monday morning, your time to answer any questions you have.  Can I call you @ 10:30AM Vancouver, BC time?  Or please suggest a better time to suit your schedule.
Looking forward to speaking with you…”

April 26, 2013 — Hacking Team’s Alex Velasco emails a colleague about the VPD’s interest in a product demonstration:

“Hello Daniele,
Vancouver PD has asked that we visit them for a live demo of the system.  No dates have been set yet.
Please consider this possible meeting next time we have an FAE available for US visits.
Thanks,”

July 9, 2013 — Alex Velasco emails David Ainsworth as he arrives in Vancouver, a day ahead of his meeting with the VPD at Ainsworth’s office at Tactical Support, 3585 Graveley Street:

“Hello David,
Just getting into Vancouver.  Nice day here!
I will do as you mention below.
The only person with me is Alessandro Scarafile, who is an engineer assisting me with the demo.
See you tomorrow at 10, your office.”

July 11, 2013 — Alex Velasco emails details of his meeting with the VPD to four of his Hacking Team colleagues:

“Hello Team,
Just a quick note about our meeting with Vancouver PD.  We presented to the Cyber Crime team and the intelligence group.  In our pre demo meeting with the groups I asked what the main concerns were and why they though of us.  Their first concern was iMessages with iPhone.  I confirmed and agreed with Alessandro that we were able to capture the data, then announce to the groups that we will be seeing that function.  They asked to hold off on that demo till the Captain was able to join us.
We proceed with the demo, infecting the target via TNI YouTube.  The infection was flawless and we had a great demo.  We got word that the captain was not going to be available.  We infected the iPhone and were able to demo it with collection of iMessage.  We also demo’ed the the BB and Android as well.  Impressed with the demo they asked for price.  It seems that the system is something they can purchase if the price remains in the low 300K upper 200K.
Someone from their group will be at ISS DC and will attend the Demo we will be giving there as well.  If the captain is attending and available they will ask for a private demo at the show.
Over all the demo was a success and I beleve they are serious about acquiring the system.
Off to NYC”

July 11, 2013 — The VPD’s David Ainsworth emails Alex Velasco to fairly gush over Hacking Team’s demonstration:

“Hi Alex,  It was great to meet you and Alessandro yesterday.  The product is MORE than what I had imagined.  I think it is just what we need. Can I get two quotes from you:  one for a system with 15 licenses and another quote for a system with 10 licenses?  I will need a fallback position.  Also, I will need the shopping list of hardware so that I can prepare my submission to the Equipment Committee.  It’s summer and I’m not sure when the Equipment Committee will meet again.  It may not be until September summer but I will know soon. If I didn’t say it often enough yesterday, I appreciate you making the trip to Vancouver to meet with us and demonstrate your product. Thanks again, Dave”

July 11,2013 — Alex Velasco follows up with David Ainsworth the day after the meeting/demonstration:

“I will get your proposals together, no problem, but I need to know if you are interested in just a couple of Operating Systems or all.  Most first proposals start with Windows and the most popular smartphones that you have in your area.  I remember you mentioned that BB is the least favorite, (in Canada of all places!).  You can add an OS at any time once the system is installed.
Thank you & looking forward to our Partnership,”

July 11, 2013 — The last email found between the VPD and Hacking Team is the reply from David Ainsworth to Alex Velasco’s email, listing the four operating systems that the VPD wants to be able to target:

“Please include Windows, IOS, Android and BB.  It may be our least favourite but we do see them often enough.”

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: