KUALA LUMPUR, July 20 — The remote control system (RCS) spyware that Putrajaya and other governments allegedly purchased from a security vendor enables operators to steal any data from infected devices and even pinpoint the movement of individuals, according to a journalist specialising in government surveillance.
Ryan Gallagher of The Intercept told online podcast Reply All that the spyware allows The Hacking Team's clients to remotely access infected machines and gain full access to whatever data that is kept locally.
"It allows whoever's done the infection, a government agency, to steal say, you've photographs on there, documents," he said in the podcast on gimletmedia.com, posted on July 15 under the title "The Evilest Technology on Earth : - )".
"They can tap the location function on your phone to see exactly where you are at any given moment,"Gallagher said, adding that it also enables those in control of RCS to record audio from Skype or phone calls or copy text and WhatsApp chat messages.
Details of dealings between Hacking Team and the Prime Minister's Office (PMO), Malaysian Anti-Corruption Commission (MACC) and a Malaysian intelligence body by the name of MYMI surfaced after a large scale hack led to a 400GB data dump on July 5 of the online security vendor's internal documents, source codes and email communications.
Invoices contained in the released data, torrented by an as yet unidentified hacker or group of hackers who go by the name Phineas Fisher, linked the company to at least 36 countries around the world.
Aside from Malaysia, the list includes Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, the US, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, the Czech Republic, Germany, Hungary, Italy, Luxembourg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia and UAE.
Gallagher claimed in the podcast that Hacking Team has not been judicious in selecting its clients despite the extent of clandestine access its software affords users.
"They're not very, shall we say, conservative about who they sell to," he said in an interview with the show's host, Alex Goldman.
"They were trying to sell to a Bangladeshi so-called death squad called the Rapid Action Battalion which is known for systematically torturing and executing people... it doesn't get much worse, really," Gallagher claimed.
Lawyers here have said that the use of the spyware was unconstitutional as it violates the right to privacy accorded to Malaysians under Article 5 of the Federal Constitution.
