Journal d'investigation en ligne et d'information‑hacking
par Antoine Champagne - kitetoa

Ethiopie/Hacking Team : et que croyez-vous qu'il arriva ?

Vous nous direz, à la suite de la lecture de notre précédent article, que peut-être, bénéfice du doute oblige, Hacking Team a décidé de rompre sa relation avec l’Éthiopie... Au risque de perdre de l'argent. Oui, mais non. Voici ce qui s'est passé. Une nouvelle proposition a été faite à ce pays. Une sorte de proposition que l'on ne peut pas refuser, mais qui permet de continuer à engranger des revenus, parce que ça, c'est quand même plus important que les Droits de l'Homme.

Vous nous direz, à la suite de la lecture de notre précédent article, que peut-être, bénéfice du doute oblige, Hacking Team a décidé de rompre sa relation avec l’Éthiopie... Au risque de perdre de l'argent.

Oui, mais non.

Voici ce qui s'est passé.

Une nouvelle proposition a été faite à ce pays. Une sorte de proposition que l'on ne peut pas refuser, mais qui permet de continuer à engranger des revenus, parce que ça, c'est quand même plus important que les Droits de l'Homme.

"L'incident" qui a révélé l'usage des produits de Hacking Team a donc eu deux conséquences pour l’Éthiopie. Premier point, l'outil a cessé de fonctionner. L'agence (INSA) en charge de l'usage des armes numériques dans ce pays n'a pas aimé. En parallèle, Hacking Team a fait une nouvelle proposition sur mesure à l’Éthiopie. OK pour relancer les activités, mais il faudra passer par une formation et un encadrement technique approfondis. Ce qui aura un coût.

Voici quelques échanges de mails :

jeudi 16 avril 2015 16:58

Ciao Max,

My opinion: in case the Company decides to move forward with Ethiopia, that means that INSA would have accepted as well to play under different rules that we need to decide and put in writings in the agreement.

In other words (and that’s the reason why I’m copying Daniele as well), INSA could be a good opportunity to roll-out the IP (Intimacy Plan) by structuring the contract around: Advanced Training and Best Practices workshops (paid in full) Social Engineering Training (provided by one of our partner) On-Site Assistance (several months paid in full with T&Es) More expensive services for the Exploit Delivery Services (with a limited number of exploits)… Payment of RiTe Scnearios that we run for them Creation of a Lab where they will test first all attacks M&S payment in advance Prohibition to attack devices in the US and xx (other countries)

Items #1 to #5 are example of a list of Professional Services Packages that we discussed with Daniele and Alessandro to propose systematically to all our existing customers…in order to increase our existing customers revenues.

Ethiopia should commit to at least that to resume our relationship.

Giancarlo and David will be the ones deciding if we move forward or not. They have more background than me. I’m just putting together some ideas of requests that we should demand them.

What are the revenues (independently of the ones described above) that you are expecting from Ethiopia? Could you share the figure ?

Thanks

Philippe

-- Philippe Vinci VP Business Development

/////////

mercredi 25 mars 2015 17:04

Hello David,

the meeting with Biniam is over. Despite the way we are used to know him, let me say this time was very collaborative. He understood the consequences of the actual  situation and why we had to react the way we did. We explained him that we are facing issues with all our customers.

With reference to its specific case, we agreed the following: - wait of the input from our government. - if feedback is positive, he "promised" to comply to any security features/requests we may require. - We'll quote some additional training and certifications related to the security measures and practices that have to be followed in order to reduce the future risk of new issues.

Massimiliano

-----Original Message----- From: David Vincenzetti [mailto:d.vincenzetti@hackingteam.com] Sent: martedì 24 marzo 2015 18:46 To: Massimiliano Luppi Cc: Giancarlo Russo; Daniele Milan; rsales@hackingteam.it Subject: Re: INSA Ethiopia - next steps

Please enjoy tomorrow’s meeting. I am sorry I will be in Rome an unable to warmly greet such an estimated guest.

However, we have a plan, that is, a proposal in order to continue our business relationship. Perhaps it’s a proposal hard to deal with. Giancarlo will brief you beforehand.

See you on Thursday or on Friday at the latest.

Cheers,

David

David Vincenzetti CEO

Hacking Team Milan Singapore Washington DC www.hackingteam.com

email: d.vincenzetti@hackingteam.com mobile: +39 3494403823 phone: +39 0229060603

On Mar 24, 2015, at 6:38 PM, Massimiliano Luppi <m.luppi@hackingteam.com> wrote: Giancarlo ciao, Will you attend tomorrow's meeting with Biniam?

Which are our intentions with the customer?

Massimiliano Luppi Key Account Manager Sent from my mobile.

/////////

dimanche 17 mai 2015 19:59

We are on the same line, Giancarlo.

David

David Vincenzetti CEO

Hacking Team Milan Singapore Washington DC www.hackingteam.com

email: d.vincenzetti@hackingteam.com mobile: +39 3494403823 phone: +39 0229060603

On May 17, 2015, at 7:07 PM, <g.russo@hackingteam.com> <g.russo@hackingteam.com> wrote:

He is simply going back to his arrogant attitude, hoping everything should be fine in days. We should simply: 1) resending the offer 2) restate that previous servers are not available abymore and technically we can not resume that.

As a consequence, if they are willing to continue on the new basis we will be happy. Otherwise, we can terminate the agreement, Giancarlo

-- Giancarlo Russo COO Da: David Vincenzetti Inviato: domenica 17 maggio 2015 18:42 A: Daniele Milan Cc: rsales Oggetto: Re: Restoration

I agree with you, Daniele.

If he does not accept our comprehensive proposal (which includes, but is not limited to, many months of training combined to our continuous on-site presence  — in order to assist them, teach them, and supervise their investigative activities —  and, last but not least, the faculty to indefinitely extend our on-site presence until we decide that they have reached the right skills to security operate our system), then we can simply drop them.

David

David Vincenzetti CEO

Hacking Team Milan Singapore Washington DC www.hackingteam.com

email: d.vincenzetti@hackingteam.com mobile: +39 3494403823 phone: +39 0229060603

On May 17, 2015, at 6:35 PM, Daniele Milan <d.milan@hackingteam.com> wrote:

David,

I would send over the offer tomorrow repeating again the motivations that prevent us from saving their current agents. If he still refuses, we can end the deal.

What do you think?

Daniele

-- Daniele Milan Operations Manager

HackingTeam Milan Singapore WashingtonDC www.hackingteam.com

email: d.milan@hackingteam.com mobile: + 39 334 6221194 phone:  +39 02 29060603

On 17 May 2015, at 12:20, David Vincenzetti <vince@hackingteam.it> wrote:

Giancarlo,

This is on the same line of Fabrizio’s Israeli account. Both Mr. Biniam and that Israeli vendor are ignoring our replies.

We have sent Mr. Biniam a detailed proposal IN ORDER TO RESUME our cooperation. Without accepting such proposal, Ethiopia is a no-go.

Mr. Biniam plays his tricks and we have drafted a serious proposal safeguarding the integrity of our system. The acceptance of such a  proposal is conditio sine qua non to moving forward with him.

David

David Vincenzetti CEO

Hacking Team Milan Singapore Washington DC www.hackingteam.com

email: d.vincenzetti@hackingteam.com mobile: +39 3494403823 phone: +39 0229060603

On May 17, 2015, at 12:04 PM, Biniam Tewolde <biniamtewolde@yahoo.com> wrote:

Dear Danielle Milan,

Thank you for the information u provided us.

  1. I do not understand this statement. We are not asking to continue the operation as it is , we are asking some period(one or two days) to transfer it to another servers.

Moreover, resuming the operations poses significant security risks to you and all our clients. You can understand that this is unacceptable for us.

2.  We want HT to respect the contract and we want to start conducting new operations with new hosting servers(our own) within the next week.

3.   At this current moment with this situation , we can not sign the new contract , we have postponed it until september.

Tnx Waiting

On Saturday, May 16, 2015 3:18 PM, Daniele Milan <d.milan@hackingteam.com> wrote:

Dear Biniam,

we have worked both internally here at HT and with the VPS provider to consider all possible options to resolve this situation, but at this point it is not feasible to resume the operations.

The VPS provider will not recover the systems, and they are recycling the IP addresses; they have been very clear that this situation was a violation of the contract and they are not tolerating this.

Moreover, resuming the operations poses significant security risks to you and all our clients. You can understand that this is unacceptable for us.  Clearly the security of each of our clients comes first.

Kind regards, Daniele

-- Daniele Milan Operations Manager

HackingTeam Milan Singapore WashingtonDC www.hackingteam.com

email: d.milan@hackingteam.com mobile: + 39 334 6221194 phone:  +39 02 29060603

On 06 May 2015, at 15:00, Biniam Tewolde <biniamtewolde@yahoo.com> wrote:

Dear HT,

This is unbelievable. HT has to do its best to handle this situation , this is something we have been waiting for almost 2 month. Its consequence  on us will be severe and unbearable. I am waiting for the final positive response

Waiting

On Wednesday, May 6, 2015 7:19 PM, Daniele Milan <d.milan@hackingteam.com> wrote:

That was the plan, but unfortunately the vps providers changed their mind and it seems they won’t be giving us access anymore to the systems.

Daniele

-- Daniele Milan Operations Manager

HackingTeam Milan Singapore WashingtonDC www.hackingteam.com

email: d.milan@hackingteam.com mobile: + 39 334 6221194 phone:  +39 02 29060603

On 06 May 2015, at 11:06, Biniam Tewolde <biniamtewolde@yahoo.com> wrote:

Dear Daniele,

I do not understand. U have told Seble , you will allocate enginners for the restoration and I have already reported to my Boss.

The response should be positive.

Meet u soon,

On Wednesday, May 6, 2015 5:00 PM, Daniele Milan <d.milan@hackingteam.com> wrote:

Dear Biniam,

sorry for the late reply but I’m currently traveling. I’ll be back to you later today with an update on the matter, however I must anticipate that I won’t be bringing good news...

Kind regards, Daniele

-- Daniele Milan Operations Manager

HackingTeam Milan Singapore WashingtonDC www.hackingteam.com

email: d.milan@hackingteam.com mobile: + 39 334 6221194 phone:  +39 02 29060603

On 04 May 2015, at 01:15, Biniam Tewolde <biniamtewolde@yahoo.com> wrote:

Dear Daniele Milan,

Wishing you you are enjoying life.

It has been one month and 10 days since we met in Milan. We are waiting for the restoration of the operation for the last two months. Can u update us on the situation? I am having a lot of pressure.

Waiting

//////////////////

From: Eric Rabe [mailto:ericrabe@me.com] Sent: Monday, March 16, 2015 01:50 PM To: David Vincenzetti Cc: Philippe Antoine Vinci; Daniele Milan; Giancarlo Russo Subject: Re: Urgent

The issue is their incompetent use of HT tools.  They can argue about whether their target was a justified target or not, but their use of the tool several times from the same email address, and in repeatedly targeting and failing to get access is what caused the exposure of our technology.

Whether or not the target is justified, he was still in the USA not Ethiopia, and that poses many extra risks that were apparently not considered by the operator.

Eric

//////////////////

L'avis du patron de HAcking Team sur son client Ethiopien est assez intéressant :

//////////////////

Let’s meet this truly remarkable person. I won’t join the meeting, I’ll be in Rome on Wednesday (after tomorrow), please be sure that Philippe (copied to this mail) will join the meeting.

To Philippe: it will be quite a trill, Mr. Binbiam is unique, to use an euphemism — Trust me: it will be instructive.

To Daniele: a chance to keep working with them actually exists. An intractable solution maybe, but it exists. Giancarlo can elaborate it further.

David

David Vincenzetti CEO

Hacking Team Milan Singapore Washington DC www.hackingteam.com

0 Commentaires
Une info, un document ? Contactez-nous de façon sécurisée