It was revealed after a scandal over Hacking Team hack that Belarus's Operational and Analytical Centre (OAC) planned to buy DaVinci spyware.
Reports about the scandal over Milan-based Hacking Team appeared in media at the beginning of July. The company develops and sells spyware to governments all over the world.
The company's servers were hacked by anonymous persons, and 400 gigabytes of letters, documents and source code were revealed. Salidarnasts news agency examined the archives and found a number of curious things regarding Belarus.
Hacking Team and its super product
Found in 2003, Hacking Team with a staff of 50 people has headquarters in Milan. The company specialises in tools to hack and control computers and smartphones (Android, BlackBerry, Windows Phone). The Italian team uses hacking methods in its work – zero-day vulnerabilities, viruses, bugs and different methods of penetrating computer systems.
Their most popular product is Remote Control System, also known as Galileo and DaVinci. In June 2014, Kaspersky Lab and Citizen Lab independently published reports on Hacking Team, revealing details about its RCS tool. It is a sort of a Trojan that penetrates the targeted computer and sends all information to the hacker. RCS is able to intercept data of any type before they are encrypted: text, images, tables, Skype conversations, email, chat messages. It is impossible to trace where and whom the programme sends the collected information.
Belarusian contacts with Hacking Team
We examined Hacking Team email correspondence to figure out if the company has contacts with Belarus.
OAC and Ministry of Internal Affairs
According to the revealed report by Hacking Team, the Italian company presented its product Galileo (DaVinci) to representatives of the Operational and Analytical Centre under the aegis of Lukashenka in October 2014 at Milipol-2014 military exhibition in Doha (Qatar). A man named Alyaksey Tsymbalay is named as a customer.
“Very interested, they made a lot of questions,” the report says.
“The Prospect confirms to be impressed by our solution” and “They will evaluate to proceed with the Sales Department to arrange a dedicated meeting at your premises” – these are extracts from another report.
Hacking Team's emails show that company's representatives had meetings with the Dutch police and Belarusian interior ministry. “During Milipol, we got another contact from Belarus Government (Mr. Tsimur Luksha - firstname.lastname@example.org),” Hacking Team's Marco Bettini wrote. The email email@example.com belongs to the international cooperation department of the Ministry of Internal Affairs.
Massimiliano Luppi, a key account manager, wrote to Mr. Tsymbalay in November 2014 to thank him for visiting the company's stand in Qatar and showing interest in hacking Team's products. He also sent detailed information about the latest version of Galileo.
“Galileo is designed to attack, infect and monitor target PCs and Smartphones, in a stealth way. It allows you to covertly collect data from the most common desktop operating systems, such as: Windows, OS X and Linux. Furthermore, Remote Control System can monitor all the modern smartphones: Android, iOS, Blackberry and Windows Phone. Once a target is infected, you can access all the information, including: Skype calls, Facebook, Twitter, WhatsApp, Line, Viber and many more, device location, files, screenshots, microphone and much more,” Luppi wrote.
It is unclear from the documents and emails whether the correspondence ended with a deal. However, the Belarusian secret services are not included in the list of Hacking Team's customers.
To Belarus through Ukraine and Germany
Belarus is mentioned in Hacking Team's documents several times. Relying on the leaked documents, the Italian company has been working in the Belarusian direction several years.
In March 2011, representatives of Ukrainian security systems developer ALTRON, which is on WikiLeaks list of companies selling spyware to governmental agencies, wrote in a letter to Hacking Teams about a meeting with representatives of the Belarusian police in their Kharkiv office. “Today we are meeting in the Altron's office in Kharkov guests from Belarus. They are Belorussian police. And they are very interesting in the solution with such capabilities and features that your system have. Such solution is so needed for them, so they saying that ready to pay money,” Vitaly Kiktiov from the Ukrainian company wrote.
Correspondence between ALTRON and Hacking Team continued a few months later. Kiktiov wrote to Marco Bettini, whom he met recently at a conference in the Brazilian capital, that the Belarusian customer wanted a commercial offer. “They need to know the specification for the system (number of licenses (what license gives?), list of software that comes with the system, price for the system and for the components.”
Bettini replied: “The license for 10 concurrent targets, all platforms is around Euro 370K. It includes: 5 users, 2 anonymizers, injection proxy (wireless/LAN), RMI (for mobile), 1st year maintenance (update&support), installation&training (5 days). If you want to add 50 targets the price will be increased of Euro 120K. The price doesn't include HW and it is for Altron; you have to add your markup.”
Three months later, Bettini, with a link to his “Ukrainian partner”, asked his colleagues from the sales department to prepare a demo suite for an unnamed customer that already saw the demo but wanted to test the product before the purchase. He adds that the company already did the same for its (Ukrainian partner's) another customer from Belarus.
In summer 2011, Hacking Team's key account manager Mostapha Maanna answered to a representative of German company Intech Solutions (which is mentioned in the leaked documents as a mediator in delivering Hacking Team's spyware to third persons) about “new opportunities in Azerbaijan and Belarus”: “I can give you the green light to go on in Azerbaijan. While I have to know the name of the agency in Belarus because we are already in contact with some of them.”