By Tolga Tanış,
The Turkish police paid 440,000 euros to an Italian hacker group between August 2011 and February 2015 to target certain individuals with specially designed spyware, according to leaked documents seen by daily Hürriyet.
The Organized Crime and Reporting Project (OCCRP) reported on July 8 that online hackers have released more than 400 GB of internal data, including staff emails and company documents, stolen from Hacking Team, a company in Italy that sells online spying software to governments and security services around the world. Report hurriyetdailynews
Hacking Team, which employs 40 people and has branches in the United States and Singapore, was named as a corporate “enemy of the internet” in 2013 by press-freedom advocacy group Reporters Without Borders, for selling its spy software to repressive regimes.
Although the company has been denying the reports since then, the leaked documents show that it licensed its sophisticated Remote Control System (RCS) spyware to a number of states, including Turkey.
An agreement between Hacking Team and Turkey’s Police Department was signed, and the first spyware was delivered in August 2011, according to leaked documents seen by Hürriyet. The Turkish signature belongs to Ahmet Koçak, who worked for Anti-Cyber Crime Branch of the police at the time.
Spying software, hardware, imported to Turkey
RCS is designed to remotely record every keystroke made on a target device, take control of cameras and audio records, steal all stored information and vacuum up passwords. In some instances, however, Turkish police wanted additional powers.
Documents show that Turkish officials applied on Dec. 11, 2013, to the company to send them a virus that would be “silently installed” on the computers of targeted visitors of a website, www.yuruyus.com. The company delivered it after six days.
A similar order from the police, this time involving an infected Word document titled “Mücadelem” (My Struggle) was delivered by the company in the same period in just three hours.
Beside software applications that were designed for the Turkish police, the company also delivered specially equipped hardware to Ankara, according to leaked documents.
An email dated January 2014, for instance, indicates that a 600-euro laptop computer with a “network injector” was sent from Italy, but became stuck at Turkish customs.
Contract renewed in 2015
According to the leaked documents, Turkish police decided to renew the contract with Hacking Team that would expire in November 2014. A police officer named Abdulkerim Demir sent the company an email on Feb. 11, 2015, to make a new contract.
After the company declined to prepare a new contract through its Singapore branch or extend the existing contract, Demir sent another email on Feb. 24, accepting the company’s terms.
Documents indicate that Turkish police used the spyware on 50 unspecified targets and paid 440,000 euros to Hacking Team with official invoices.
Ankara’s war on former ally, Gülenists
One curious aspect of the leaked documents is that the Turkish police used various Gmail accounts, instead of official email addresses, while contacting Hacking Team. All accounts have the same three letters at the beginning of the addresses: TNP, a reference to (T)urkish (N)ational (P)olice.
Notably, the police changed the Gmail address immediately after the Dec. 17, 2013, corruption investigation in Turkey, which created a rift between the Turkish government and its ally-turned-nemesis, the movement of the U.S.-based Islamic cleric Fethullah Gülen.
Labelling the investigation targeting several government figures as a coup attempt, Ankara responded by launching espionage investigations and engaging in a major reshuffle to uproot the alleged followers of Gülen within security and judicial institutions.
Leaked documents show that the correspondence between the Turkish police and Hacking Team intensified before the Dec. 17 investigation, but the deal between the two sides continued into this year, albeit via new contacts.