Infecting computers and smartphones and collecting different information from them such as Skype traffic, various chat applications (Facebook, WhatsApp, Line, Viber, etc.); recording keyboards; localization of the target, files, screenshots; tapping microphones and cameras, and the many other possibilities of Galileo – the last product of Hacking Team – have impressed the boss of the State Agency “Technical Operations” (DATO), Tsvetan Kitov. In 2013, he visited the stand of the Italian company at a specialized exhibition and left his contact details. At that time Kitov was still Deputy Chairman of Bulgaria’s State Agency for National Security (DANS/SANS). What followed was a proposal for a meeting and presentation of the software, as revealed by the hacked correspondence of Hacking Team, already available in the search engine of WikiLeaks.
Kitov, himself, did not maintain the correspondence with the Italians since at the end of October 2013 he became chief of DATO, but his colleagues from DANS continued the contact through June 2014. Miroslav Tsvetkov and Assen Kumanov arranged with Hacking Team a live demonstration in Sofia in November 2014.
“We are primarily interested in targeting PCs running Windows and smartphones with Android and iOS. We would like to get better acquaintance with Galileo capabilities, starting from infection, going through data collection, system remote control and ending with destruction of the infection,” Bulgaria’s own spies wrote to the hacker company which is considered an enemy of information by Reporters Without Borders.
Hacking Team has sold such technology to authoritarian regimes that have used it for hunting and crackdown on dissidents, the leaked correspondence reveals. Bulgaria, however, was not able to obtain it until now, the correspondence with DANS reveals.
The spies from DANS invited the Italians to make a demonstration with real devices and agreed that to happen on November 26 and 27, 2014. During the demonstration itself the technical team sent infected Word files and Exploit for Android. Our readers are advised not to open attachments just in case!
After the demonstration, DANS received an offer from Hacking Team, but unfortunately the files with the specific financial parameters have not survived during the exporting of the emails.
Several reminders by Hacking Team followed, until April 3, 2015, when Milko Milenov replied that unfortunately budgetary constraints did not allow the Agency to buy the software. He wrote to Massimiliano Luppi that he sincerely hoped to have a good occasion to correspond next year.
DANS was not able to deal with the PGP keys and exchanged secrets in an encrypted RAR file
The correspondence between DANS and Hacking Team includes some funny moments. Bulgarian counterintelligence officers do not seem able to deal with keys for asymmetric PGP encryption and gave the Italians instructions on how to send them encrypted messages – the text files and images are archived with WinRar or 7zip and there is an agreed in advance password.
This post is also available in: Bulgarian