comments 2

The Government doesn’t buy spyware–yea right!

The Government has denied buying spyware from hacking team, they really should have checked with me before issuing the statement.

Spying ProgramOn the 23rd of November 2015, Datuk Seri Azalina Othman Said denied that the Malaysian government had procured spyware from hacking team. In a formal response (in Parliament!!), the Minister simply stated “For your information, no such device was purchased by the Prime Minister’s Department”.

For YOUR information, dear Minister, I don’t like being lied to, and oh look there’s a flying pig by the window.Next time ask your PR guys to call me before you go setting your pants on fire.

Ok folks, here’s a step-by-step on why we can trust the hacking team leak, why there’s conclusive proof Malaysia bought this spyware, and why we should be worried about the manner in which it is being used. So let’s go.

First off, can we trust the Hacking Team revelations?

Yes, we can.

Phineas Fisher, the hacker responsible for leaking the data, didn’t just release e-mail trails, but also included brochures, invoices and the secret 0-day exploits (pronounced ZERO-DAY-EXPLOITS) in a giant 500GB download. Those 0-days are ‘proprietary’ hacking team exploits, and it’s what made their infamous RCS software possible.

If someone claimed to have hacked the Coca-Cola company, and published embarrassing e-mails of their CEO, you ‘might’ believe them. But if that same hacker released the secret recipe to Coke, that makes the case far more compelling.

At the very least the proprietary 0-day exploits released by Phineas Fisher prove that hacking team was indeed hacked, and with that in mind we can move to the next question.

OK, so Hacking team was hacked, that still doesn’t mean the e-mails are real.

Well, that’s right. It is entirely possible that Phineas Fisher ‘polluted’ the e-mail archive with fake e-mails to make our Prime Ministers Department look bad.

Only thing is that Malaysia wasn’t the only country affected, it was part of a list of 35 other countries with receipts in their name for procuring the fine spyware from hacking team. In case you’re wondering the list includes Sudan, Nigeria, Russia, Singapore, Australia, Thailand and the good ol’ USA.

And if you look microscopically at Malaysia (like I did), you find that all the information in the e-mails are consistent. Which means the context of the e-mails are correct, the names are proper Malaysian names (with IC and passport numbers to boot), the addresses are accurate Malaysian addresses and nothing (absolutely nothing!!) looks out of place in the entire 15GB of e-mail I shifted through.

And I have no reason to believe this isn’t the same for the other 34 countries, and you can shelve the idea that this was a zionist plot against Muslim countries because the countries implicated include Thailand, South Korea and even the US. So unless the Israelis have it out for just about everyone, that theory doesn’t stand.

Sure it’s still ‘possible’ that this was a forgery, but it’s FAR more reasonable to believe that Hacking team was hacked and the entire archive was released unmodified in original condition. To believe otherwise requires not just massive leaps of faith, it would require a concocted attacker that was a highly skilled hacker, presumably had lots of free time and money (since the hack didn’t result in any monetary gain) and an axe to grind with 35 seemingly unrelated countries. At some point the evidence becomes too compelling to ignore, and I believe we’re way past that.

All that’s nice Mr. Tech Evangelist, but do you have any real evidence?

Yes indeed I do.

Back in June I chose not to release certain documents for various reasons, but since the good Minister has confirmed that no purchase of spyware was made by the Government, these are probably fake anyway.

I’ve linked two TT slips detailing 2 large payments to Hacking Team from a company called Miliserv Technologies Sdn. Bhd., if the Government hasn’t procured spyware from Hacking Team, I strongly advise the Minister to investigate this local Malaysian company for making huge payments to an enemy of the internet.

TT-SLIP-No1 (38,500 EUR)

TT-SLIP-No2 (210,00 EUR–pardon the fuzziness, I had to remove some personal information of the company director)

OK. The government bought spyware. So what.

Good point.Hacking team sold its specially crafted spyware to the at least 3 agencies within the Malaysian Government. These tools are meant for spying on specific individuals and not for mass-surveillance of the population. So most of us can breathe a sigh of relief since they’re not going for the redtube members here.

Also, some agencies like the Police, or Military intelligence have a legitimate use for spyware, the same way no one should panic when the cops buy binoculars or wire-tapping equipment.

But it’s not the equipment that’s being questioned, it’s the manner in which that equipment is used that is so controversial.

Is it used with a warrant? Is it used for catching criminals, or criminalizing politicians (and their lawyers)?

So there is no need to deny buying it (this is where BN’s PR people should have called me), Datuk Seri should have just stated categorically that we did procure the spyware, but we used it specifically for on-going criminal investigations in accordance with all relevant Malaysian laws.

But did the government use it that way?

The honest truth is that I don’t know. The beauty of buying this stuff through a company like Miliserv is it puts the government at a distance, and gives them sufficient coverage from accusations.

BUT….we can gauge who they’re targeting by looking at the documents Miliserv asked to be infected. The standard operating procedure for all spyware is to embed the payload into an innocuous file (like a word document).The innocuous file acts as a carrier, and is used to entice the victim to open it. Once opened, the infection springs into action, compromising the computer and begins gathering information for home base.

The way we figure out who was being attacked, is by looking at the carrier file.Back in 2013, the document used to spread Finspy (also by the Malaysian government) was a word document entitled SENARAI CADANGAN CALON PRU KE-13 MENGIKUT NEGERI”, and in the hacking team leaks, I saw a carrier file titled “Pengundi Asing” that purported showed the use of foreign nationals to vote in the Malaysian election, and another one entitled “Dakwat Kekal”, spreading more rumours about the indelible ink used in the very same election.

Besides the fact, that the Government was essentially spreading rumours about itself, these carrier documents don’t point to ISIS terrorist or hard core gangsters. These point to the average citizens, and specifically opposition supporters.

Doesn’t exactly scream lawful usage. Does it.


Listen, I believe the police have a right to procure the spyware, and quite frankly at around 200,000 EURO, it’s basically pocket change for the Government.

But the evidence suggest that we’re not using it to catch criminals, but rather to spy on politicians.

And for a MINISTER, to straight up deny it in Parliament, is expected (if I’m being honest) and suggest there’s a lot more to hide. The manner of the denial, without even offering any explanation into the purchases makes it even more frustrating.

But not quite as frustrating as seeing so little coverage of this in the media. I was a bit tied up at work and Christmas shopping to blog about this, but local journalist (with whom I shared some of the downloaded e-mails) should have done better. Malaysians deserve better than my part time reporting, shame you guys only have me, otherwise you would have read this 1 month ago.


  1. Wondering

    Just wondering, in which part did the purchase implicate the govt is behind it. You just said the company is registered with Mof, thousands of companies registered with Mof, it does not mean its government related govt have any interest in the company

    • keith

      Thanks for the question, it’s a good one.

      Hacking Team’s company policy (which can be found in archive form online) state:
      “We provide our software only to governments or government agencies. We do not sell products to individuals or private businesses.”

      Also within the e-mail trails, and in the Hacking Team invoices, specific Government agencies are named. Hacking Team do a due diligence on their customers to ensure that they’re valid Government agencies as required by law.

      Under the Wassenaar agreement, the tools that Hacking Team sells are considered ‘weapons’ and as such if a Malaysian company has bought these ‘weapons’ but not for the Malaysian government, then there is a strong public interest to find out who exactly procured them and for what reason.


Astound us with your intelligence