Freshly leaked e-mails from the hack on Hacking Team shows that the surveillance company was in communication with a member of the former South African Revenue Service (SARS) rogue spy unit.
Towards the end of 2014, the Sunday Times outed a secret intelligence unit inside SARS which the paper said “became a law unto itself”.
Later, during May 2015, the Sunday Times went on to report that two former members of the rogue unit, Helgard Lombard and Johan de Waal, submitted affidavits to Hawks investigators admitting to spying on the National Prosecuting Authority.
Among the details revealed in affidavits given by SARS employees was that the former Directorate of Special Operations, better known as the Scorpions, paid Lombard sums of R900,000 and R250,000 to buy surveillance equipment.
This money was used to buy “overt and concealed cameras with digital video recorders and microphones” that could be activated remotely and “remote viewing software to be used with cellular telephones”.
It has now emerged in e-mails published on WikiLeaks that Lombard was in contact with Hacking Team last year (24 June 2014) to request information about “smartphone infections”.
The e-mail leak comes courtesy of a hacker who goes by “Phineas Fisher”, or @GammaGroupPR on Twitter, who hacked Gamma International and did a similar tell-all in 2014.
Gamma International is also linked to the rogue SARS spying unit, as Carte Blanche reported in February 2015 that it used surveillance software called FinFisher to spy on the computer activities of its targets.
FinFisher and Gamma’s links to South Africa are well documented, with earlier WikiLeaks releases and a report from Citizen Lab indicating that the software was in use on the ADSL network.
These new revelations from Phineas Fisher’s latest hack shows that SARS’ covert intelligence unit was looking to extend its capabilities as recently as last year.
Lombard was responding to an e-mail from the Hacking Team informing him that the company would be at the Intelligence Support Systems conference in Johannesburg:
I will appreciate it if you could send me information regarding the smartphone infections. The information must be as comprehensive as possible, e.g. is it necessary to “Root” Android smartphones, can the infection be concealed in a MMS, etc. I would also want to know what the minimum quantity licenses would be that we have to acquire and what the annual maintenance fee word be for updates, etc.
Thank you in anticipation.
Manager : Technical Physical Security
Anti Corruption and Security
(Technical Investigations Operational Support)l
South African Revenue Service
He received the following response from Massimiliano Luppi, an account manager at Hacking Team:
thank you for your mail.
Please consider that all this information are usually shared with you during a meeting at your premises.
During such meeting we’ll be able to demonstrate you all our solution features and capabilities, both with a live demo and also on your devices.
Attached to this email you’ll find a mutual Non-Disclosure Agreement that I kindly ask you to sign due to the nature of the information we are going to share.
I would be more than happy to evaluate with you the possibility to meet in South Africa for a live demo as mentioned above.
Key Account Manager
Milan Singapore Washington DC
SARS was asked whether it bought software from Hacking Team or Gamma International, and whether it has retained its surveillance capabilities.
No spokesperson for SARS responded to our requests for comment.