All language subtitles for cyberwar.s01e03.720p.hdtv.x264-w4f_Track02

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
ceb Cebuano
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
my Myanmar (Burmese)
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish Download
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,402 --> 00:00:03,369 BEN: Spyware is secretly used by governments 2 00:00:03,404 --> 00:00:05,270 to track criminal activity. 3 00:00:05,306 --> 00:00:08,707 This is about surveilling the activities of somebody 4 00:00:08,743 --> 00:00:10,242 who is either thinking about breaking the law 5 00:00:10,277 --> 00:00:11,877 or has actually broken it. 6 00:00:11,912 --> 00:00:13,712 It's also deployed by repressive regimes 7 00:00:13,748 --> 00:00:15,581 to spy on their opposition. 8 00:00:15,616 --> 00:00:18,050 A government is a surveillance machine. 9 00:00:18,085 --> 00:00:20,919 Journalists and dissidents are targeted for surveillance. 10 00:00:20,955 --> 00:00:22,421 Whenever you speak against the government, 11 00:00:22,456 --> 00:00:23,989 you are a terrorist. 12 00:00:24,025 --> 00:00:27,726 Cyber weapons markets jeopardize lives in the name of profit. 13 00:00:27,762 --> 00:00:29,395 We don't have official laws 14 00:00:29,430 --> 00:00:32,064 that provide for transparency and accountability. 15 00:00:32,099 --> 00:00:34,233 Should cyber mercenaries be held responsible? 16 00:00:35,236 --> 00:00:45,244 ♪ 17 00:00:56,857 --> 00:00:58,590 I'm going to meet someone who believes he's a victim 18 00:00:58,626 --> 00:01:01,460 of cyber mercenary surveillance. 19 00:01:01,495 --> 00:01:03,595 Mesay Mekonnen is a journalist for ESAT, 20 00:01:03,631 --> 00:01:05,097 an Ethiopian news network. 21 00:01:07,334 --> 00:01:09,401 From this nondescript office, Mesay and his team 22 00:01:09,437 --> 00:01:11,837 can influence a country of more than 99 million. 23 00:01:19,046 --> 00:01:21,480 So why don't you explain to me what ESAT is? 24 00:01:23,317 --> 00:01:26,685 ESAT is an independent media organization. 25 00:01:26,720 --> 00:01:30,989 It's established by Ethiopians, journalists who have been... 26 00:01:31,025 --> 00:01:36,128 fled from Ethiopia because of the situation in Ethiopia. 27 00:01:36,163 --> 00:01:39,298 We are working for the people of Ethiopia, 28 00:01:39,333 --> 00:01:41,033 the voice for the voiceless, 29 00:01:41,068 --> 00:01:43,702 so we are giving platform to the opposition. 30 00:01:43,737 --> 00:01:45,704 And you're all journalists in exile? 31 00:01:45,739 --> 00:01:47,272 Yeah, all. 32 00:01:47,308 --> 00:01:52,377 The last 10 years, more than 100 journalists now have fled. 33 00:01:52,413 --> 00:01:55,180 Why are the government going after journalists? 34 00:01:55,216 --> 00:01:57,983 Media is their first enemy. 35 00:01:58,018 --> 00:02:00,152 There's no free media in Ethiopia. 36 00:02:00,187 --> 00:02:01,987 People working as free media, 37 00:02:02,022 --> 00:02:03,889 they think that they are against the government. 38 00:02:03,924 --> 00:02:05,991 And whenever you speak against the government, 39 00:02:06,026 --> 00:02:07,526 you are a terrorist. 40 00:02:09,130 --> 00:02:11,230 The Ethiopian government has been consistently singled out 41 00:02:11,265 --> 00:02:13,899 by the UN and Human Rights Watch for instances 42 00:02:13,934 --> 00:02:17,002 of targeting journalists for doing their work. 43 00:02:17,037 --> 00:02:18,737 The Ethiopian government 44 00:02:18,772 --> 00:02:21,573 continued harassing opposition members. 45 00:02:21,609 --> 00:02:25,544 Several coalition members in Oromia and southern Ethiopia 46 00:02:25,579 --> 00:02:28,914 are also intimidated, detained and tortured 47 00:02:28,949 --> 00:02:31,183 for their involvement in politics. 48 00:02:32,286 --> 00:02:34,686 In December 2013, ESAT employees 49 00:02:34,722 --> 00:02:37,890 were targeted with a series of malware attacks through Skype. 50 00:02:37,925 --> 00:02:40,726 I got this friend request, and the logo, 51 00:02:40,761 --> 00:02:46,064 the person who sent me a friend request is ESAT's logo. 52 00:02:46,100 --> 00:02:50,202 So I thought that it is a friend and not a bad guy, 53 00:02:50,271 --> 00:02:51,770 so let me accept him. 54 00:02:51,805 --> 00:02:54,606 When I accept him, he sent me immediately a PDF file, 55 00:02:54,642 --> 00:02:57,042 and I tried to open. 56 00:02:57,077 --> 00:03:00,078 There is... My computer, full of broken words, 57 00:03:00,114 --> 00:03:01,480 and I got shocked. 58 00:03:03,017 --> 00:03:05,250 To find out who was behind the attack and how they did it, 59 00:03:05,286 --> 00:03:08,220 I traveled to San Francisco to speak with Bill Marczak 60 00:03:08,255 --> 00:03:10,956 of Citizen Lab, a cyber surveillance watchdog. 61 00:03:12,426 --> 00:03:15,561 When he came across the ESAT file Mesay received, 62 00:03:15,596 --> 00:03:18,230 he got in contact with Mesay and examined the malware 63 00:03:18,265 --> 00:03:19,898 that had infected his computer. 64 00:03:22,136 --> 00:03:24,136 What did you discover? 65 00:03:24,171 --> 00:03:28,173 So what we did was we looked at the server which the spyware 66 00:03:28,209 --> 00:03:30,776 was communicating with to see if we could figure out any clues 67 00:03:30,811 --> 00:03:32,578 about the spyware's origin. 68 00:03:32,613 --> 00:03:35,080 The reason why spyware communicates with a server 69 00:03:35,115 --> 00:03:37,349 is because it steals information off of your computer, 70 00:03:37,384 --> 00:03:40,085 and it needs to send it to the attacker somewhere. 71 00:03:40,120 --> 00:03:42,588 And one of the things we noticed is that 72 00:03:42,623 --> 00:03:45,857 the server actually returned an SSL certificate that said, 73 00:03:45,893 --> 00:03:48,760 "Issued by HTSRL." 74 00:03:48,796 --> 00:03:52,164 An SSL certificate is a digital certificate used to authenticate 75 00:03:52,199 --> 00:03:56,501 and create a secure link between a website and an end user. 76 00:03:56,537 --> 00:03:58,770 And it also contained in the description, 77 00:03:58,806 --> 00:04:03,275 "RCS Certification Authority," and RCS being the acronym for 78 00:04:03,310 --> 00:04:05,110 Remote Control System, which is a product 79 00:04:05,145 --> 00:04:07,379 of an Italian company known as Hacking Team. 80 00:04:07,414 --> 00:04:09,314 Based in Italy, Hacking Team 81 00:04:09,350 --> 00:04:12,150 has branded itself a global supplier of spyware, 82 00:04:12,186 --> 00:04:15,454 with ads like this, featuring a shady black hat hacker 83 00:04:15,489 --> 00:04:18,190 to hawk their tools and support services. 84 00:04:18,225 --> 00:04:19,958 VOICE: Rely on us. 85 00:04:21,662 --> 00:04:23,462 BEN: But they're not the only game in town. 86 00:04:23,497 --> 00:04:26,131 Companies like FinFisher, CYBERBIT and Trovicor 87 00:04:26,166 --> 00:04:28,667 also sell surveillance software. 88 00:04:28,702 --> 00:04:30,802 Their spyware can surveil cell phones, 89 00:04:30,838 --> 00:04:33,171 monitor your computer's camera and microphone, 90 00:04:33,207 --> 00:04:36,041 and steal emails, passwords, contacts and files. 91 00:04:37,378 --> 00:04:39,478 So we issued this report through Citizen Lab, 92 00:04:39,513 --> 00:04:42,080 and immediately Hacking Team issued their denials. 93 00:04:42,116 --> 00:04:45,817 But interestingly, we were monitoring the command 94 00:04:45,853 --> 00:04:48,487 and control server which the spyware had communicated with, 95 00:04:48,522 --> 00:04:51,023 and we noticed that it was very quickly pulled offline. 96 00:04:51,058 --> 00:04:53,558 And then the hacks came back. 97 00:04:53,594 --> 00:04:55,494 The hacks came back, yes. 98 00:04:55,529 --> 00:04:58,764 In 2014, there were several instances where members of ESAT 99 00:04:58,799 --> 00:05:01,166 received emails containing Hacking Team spyware. 100 00:05:01,201 --> 00:05:02,734 Who was targeting them? 101 00:05:02,770 --> 00:05:06,338 When we traced this spyware to this endpoint, 102 00:05:06,373 --> 00:05:08,240 there was an internet address registered 103 00:05:08,275 --> 00:05:10,842 to a satellite company which provides services across 104 00:05:10,878 --> 00:05:13,512 all of Africa, the Middle East, and some places in Europe. 105 00:05:13,547 --> 00:05:16,448 And we queried this range of IP addresses, and we found that 106 00:05:16,483 --> 00:05:19,918 one of them had identified itself as INSA PC. 107 00:05:19,953 --> 00:05:21,853 I was like, "Okay, Google, what is INSA?" 108 00:05:21,889 --> 00:05:23,255 And the first hit was 109 00:05:23,290 --> 00:05:26,458 Ethiopian Information Network Security Administration, 110 00:05:26,493 --> 00:05:28,093 government of Ethiopia. 111 00:05:28,128 --> 00:05:29,594 I was like okay, this is it. 112 00:05:31,498 --> 00:05:33,065 Citizen Lab caught the Ethiopian government 113 00:05:33,100 --> 00:05:35,200 trying to spy on journalists. 114 00:05:35,235 --> 00:05:38,203 And the spyware they used was supplied by Hacking Team. 115 00:05:38,238 --> 00:05:41,139 The one guy who could really explain the bigger picture 116 00:05:41,175 --> 00:05:43,975 was Citizen Lab's director, Ron Deibert. 117 00:05:44,011 --> 00:05:45,544 You've taken a particular interest 118 00:05:45,579 --> 00:05:46,878 in digital surveillance tools. 119 00:05:46,914 --> 00:05:48,313 Why is that? 120 00:05:48,349 --> 00:05:50,982 There is a huge market for surveillance technologies, 121 00:05:51,018 --> 00:05:54,720 and what we found is that that market extends to 122 00:05:54,755 --> 00:05:58,156 some of the world's most notorious autocratic regimes 123 00:05:58,192 --> 00:06:00,225 and human rights abusing countries. 124 00:06:00,260 --> 00:06:03,261 And that's a problem from a human rights perspective. 125 00:06:03,297 --> 00:06:05,797 Surveillance in and of itself is not a bad thing. 126 00:06:07,434 --> 00:06:11,937 It is, I think, naive to expect we'd ever go back 127 00:06:11,972 --> 00:06:15,640 to any sort of pristine time where there is no surveillance. 128 00:06:15,676 --> 00:06:18,677 It's just part of human nature. 129 00:06:18,712 --> 00:06:21,079 A government is a surveillance machine. 130 00:06:21,115 --> 00:06:24,750 From the 15th century to today, it's the same. 131 00:06:26,220 --> 00:06:29,688 The question is: what is that surveillance for, 132 00:06:29,723 --> 00:06:33,091 and are there proper checks and balances around it? 133 00:06:33,127 --> 00:06:35,460 That applies to what Citizen Lab does, 134 00:06:35,496 --> 00:06:37,028 it applies to what Google does, 135 00:06:37,064 --> 00:06:39,431 it applies to what the United States does. 136 00:06:39,466 --> 00:06:40,599 Or Ethiopia. 137 00:06:40,634 --> 00:06:42,067 Or Ethiopia, yeah. 138 00:06:44,138 --> 00:06:46,271 How do you feel that there's a company in Italy, 139 00:06:46,306 --> 00:06:48,340 that's a free country, 140 00:06:48,375 --> 00:06:52,611 selling cyber surveillance tools to your country? 141 00:06:52,646 --> 00:06:55,881 It's very, very unfortunate to, you know... 142 00:06:55,916 --> 00:06:59,384 learn that these democratic countries, you know... 143 00:06:59,420 --> 00:07:02,821 helping dictatorship in Africa. 144 00:07:02,856 --> 00:07:05,023 Hacking Team had been caught red-handed, 145 00:07:05,058 --> 00:07:07,592 so I wanted them to explain why they knowingly armed 146 00:07:07,628 --> 00:07:10,395 an authoritarian regime with their surveillance tools. 147 00:07:14,668 --> 00:07:18,136 BEN: In 2013 and 2014, the Ethiopian government targeted 148 00:07:18,172 --> 00:07:21,173 journalists with spyware supplied and supported 149 00:07:21,208 --> 00:07:23,842 by an Italian company called Hacking Team. 150 00:07:23,877 --> 00:07:27,846 I think the view that we need 100% privacy 151 00:07:27,881 --> 00:07:31,416 and anything else comes second is a shortsighted view, 152 00:07:31,452 --> 00:07:34,820 and doesn't recognize the realities of the digital world. 153 00:07:34,855 --> 00:07:36,421 Eric Rabe is Hacking Team's 154 00:07:36,457 --> 00:07:38,423 Chief Marketing and Communications Officer. 155 00:07:38,459 --> 00:07:39,991 We met in New York. 156 00:07:40,027 --> 00:07:41,660 How about the case of Ethiopia? 157 00:07:41,695 --> 00:07:45,664 Yeah, Ethiopia is a country that we became convinced 158 00:07:45,699 --> 00:07:48,133 was using the software in an inappropriate way against 159 00:07:48,168 --> 00:07:52,170 a person here in the US, a purported journalist. 160 00:07:53,540 --> 00:07:55,774 The Ethiopian government frankly argued that that person 161 00:07:55,809 --> 00:07:59,744 was also a member of a... an organization 162 00:07:59,780 --> 00:08:02,047 that was actively trying to overthrow the government, 163 00:08:02,082 --> 00:08:04,616 and that's why they wanted to surveil him. 164 00:08:04,651 --> 00:08:09,354 So it was a legitimate sale to a customer who seemed to need it 165 00:08:09,389 --> 00:08:12,290 and seemed to be willing to use it in an appropriate way. 166 00:08:12,326 --> 00:08:14,059 We found out differently. 167 00:08:14,094 --> 00:08:16,595 We suspended business with Ethiopia, 168 00:08:16,630 --> 00:08:18,563 and they're not a client anymore. 169 00:08:18,599 --> 00:08:20,532 These are some pretty powerful tools that you're selling. 170 00:08:20,567 --> 00:08:22,100 What do they do exactly? 171 00:08:22,135 --> 00:08:26,137 Well, they allow surveillance of activity in the digital space. 172 00:08:26,173 --> 00:08:28,373 You know, with everything encrypted from end to end, 173 00:08:28,408 --> 00:08:32,043 phone calls and internet communications 174 00:08:32,079 --> 00:08:35,814 and email messages, the only way an investigator 175 00:08:35,849 --> 00:08:38,116 can actually tell what somebody is doing 176 00:08:38,151 --> 00:08:41,386 in that digital space is by accessing those tools 177 00:08:41,421 --> 00:08:44,723 either before they're encrypted or after they're decrypted. 178 00:08:44,758 --> 00:08:46,658 And that happens only in one place, 179 00:08:46,693 --> 00:08:48,260 and that's on the device itself. 180 00:08:48,295 --> 00:08:51,563 So this software allows observation 181 00:08:51,598 --> 00:08:53,965 of that activity on the device. 182 00:08:54,001 --> 00:08:55,934 So are these legitimate tools, do you think? 183 00:08:55,969 --> 00:08:57,569 I think they are legitimate tools, 184 00:08:57,604 --> 00:08:59,738 and I think they're really necessary for law enforcement. 185 00:08:59,773 --> 00:09:01,439 This is not about, you know, 186 00:09:01,475 --> 00:09:03,508 listening in on your cell phone conversation. 187 00:09:03,544 --> 00:09:06,344 This is about surveilling the activities of somebody 188 00:09:06,380 --> 00:09:08,079 who's either thinking about breaking the law 189 00:09:08,115 --> 00:09:09,581 or who's actually broken it. 190 00:09:09,616 --> 00:09:11,850 Although he has no direct evidence, 191 00:09:11,885 --> 00:09:14,019 Mesay believes that the data gathered by 192 00:09:14,054 --> 00:09:16,922 the Ethiopian government through Hacking Team's software 193 00:09:16,957 --> 00:09:19,658 had devastating consequences for his colleagues. 194 00:09:19,693 --> 00:09:21,092 Did any of the people that you were contacting 195 00:09:21,128 --> 00:09:22,761 go to jail because of that hack? 196 00:09:22,796 --> 00:09:23,929 Yeah! 197 00:09:23,964 --> 00:09:26,798 Three of our contacts are now in jail. 198 00:09:26,833 --> 00:09:30,769 So Hacking Team malware 199 00:09:30,804 --> 00:09:34,773 essentially helped put Ethiopians in jail? 200 00:09:34,808 --> 00:09:36,174 Definitely. 201 00:09:37,844 --> 00:09:39,811 So you're talking about privacy, security. 202 00:09:39,846 --> 00:09:41,112 What about human rights? 203 00:09:41,148 --> 00:09:42,981 I don't think Hacking Team is the principle 204 00:09:43,016 --> 00:09:45,116 human rights enforcement agency for the world. 205 00:09:45,152 --> 00:09:47,886 We're a software company that serves law enforcement. 206 00:09:47,921 --> 00:09:49,554 That's what we do. 207 00:09:49,590 --> 00:09:51,122 We're not embarrassed about it. 208 00:09:51,158 --> 00:09:52,691 We think it's important. 209 00:09:52,726 --> 00:09:56,328 We spoke to people at ESAT who were the targets of Ethiopian 210 00:09:56,363 --> 00:10:00,465 hackers, and they wondered why Hacking Team would sell 211 00:10:00,500 --> 00:10:04,235 to a country who has obvious human rights violations. 212 00:10:04,271 --> 00:10:06,905 Ethiopia was not on anybody's blacklist. 213 00:10:06,940 --> 00:10:09,841 There was no prohibition that any country 214 00:10:09,876 --> 00:10:12,844 - the US, the EU, NATO or anybody else - 215 00:10:12,879 --> 00:10:16,014 had against Ethiopia at the time that software was sold. 216 00:10:16,049 --> 00:10:19,884 That said, it doesn't take a global affairs PHD to know 217 00:10:19,920 --> 00:10:22,988 that they've violated some really basic human rights. 218 00:10:23,023 --> 00:10:26,024 Well, then I would suggest that 219 00:10:26,059 --> 00:10:30,028 the appropriate... channel is for Italy, for example, 220 00:10:30,063 --> 00:10:34,833 to refuse to allow us to sell there, or for the UN to act. 221 00:10:34,868 --> 00:10:36,568 But then who's responsible 222 00:10:36,603 --> 00:10:39,104 for what happens in the fallout of using these tools? 223 00:10:39,139 --> 00:10:41,406 Does Hacking Team absolve themselves of that, or...? 224 00:10:41,441 --> 00:10:43,508 No, I don't think so, but I think the human rights 225 00:10:43,543 --> 00:10:45,844 organizations are unable to get to the countries involved 226 00:10:45,879 --> 00:10:48,179 who are really responsible for the human rights abuses. 227 00:10:48,215 --> 00:10:51,516 So they turn to, you know, those that they can reach, 228 00:10:51,551 --> 00:10:53,952 that is companies like Hacking Team. 229 00:10:53,987 --> 00:10:58,089 It's not an unreasonable political tactic to use, 230 00:10:58,125 --> 00:10:59,858 but I don't think it's reasonable to say that 231 00:10:59,893 --> 00:11:02,027 Hacking Team is responsible for human rights abuses. 232 00:11:03,463 --> 00:11:05,096 But not everyone agrees. 233 00:11:05,132 --> 00:11:09,067 On July 5th 2015, an infamous hacker known as Phineas Fisher 234 00:11:09,102 --> 00:11:11,970 breached the Hacking Team's servers, exfiltrating 235 00:11:12,005 --> 00:11:14,305 over 400 gigabytes of documents 236 00:11:14,341 --> 00:11:16,775 and posting them online for anyone to see. 237 00:11:16,810 --> 00:11:18,543 Security experts around the world 238 00:11:18,578 --> 00:11:20,478 celebrated the leak on Twitter. 239 00:11:20,514 --> 00:11:23,782 All of Hacking Team's dirty laundry spilt onto the internet, 240 00:11:23,817 --> 00:11:26,718 exposing price lists and software source code. 241 00:11:26,753 --> 00:11:32,057 Client lists showed sales to the FBI, DEA and US Army. 242 00:11:32,092 --> 00:11:35,293 Even an officer with the Campus Police Force at UC Santa Barbara 243 00:11:35,328 --> 00:11:37,762 was interested in buying its malware. 244 00:11:37,798 --> 00:11:39,964 It also showed that Hacking Team was selling 245 00:11:40,000 --> 00:11:42,667 to governments notorious for human rights abuses, 246 00:11:42,703 --> 00:11:45,837 places like Kazakhstan, Bahrain and Sudan. 247 00:11:45,872 --> 00:11:47,939 Maybe the hack was a good thing, it was a kick in the ass. 248 00:11:47,974 --> 00:11:49,674 I don't think it was a good thing! 249 00:11:49,710 --> 00:11:51,843 (Laughing) It was a... 250 00:11:51,878 --> 00:11:53,578 You know, it was a criminal act. 251 00:11:53,613 --> 00:11:54,746 It was. 252 00:11:54,781 --> 00:11:56,281 I mean, there's sort of something about, 253 00:11:56,316 --> 00:11:57,816 "Oh, we hacked into a company. 254 00:11:57,851 --> 00:11:59,751 It's kinda cool, it's sort of Robin Hood, blah blah blah." 255 00:11:59,786 --> 00:12:01,119 No, it's not Robin Hood. 256 00:12:01,154 --> 00:12:02,287 It's Al Capone. 257 00:12:02,355 --> 00:12:03,655 This is illegal. 258 00:12:03,690 --> 00:12:05,924 You can't, just because you disagree with somebody, 259 00:12:05,959 --> 00:12:08,626 you know, destroy them or attempt to destroy them. 260 00:12:08,662 --> 00:12:10,628 And what about the hacker who hacked you guys? 261 00:12:10,664 --> 00:12:12,263 Phineas Fisher? 262 00:12:12,299 --> 00:12:13,865 I would love to meet him! (Laughing) 263 00:12:15,068 --> 00:12:17,635 I wanted to meet the legendary Phineas Fisher too, 264 00:12:17,671 --> 00:12:19,671 but that would prove to be pretty complicated. 265 00:12:19,706 --> 00:12:21,906 Because after the leak, like any skillful hacker, 266 00:12:21,942 --> 00:12:23,808 Phineas Fisher kept a low profile. 267 00:12:28,648 --> 00:12:30,515 BEN: A black hat hacker had hacked Hacking Team's servers, 268 00:12:30,550 --> 00:12:33,151 stealing hundreds of gigabytes of data. 269 00:12:33,186 --> 00:12:34,819 After leaking it online, 270 00:12:34,855 --> 00:12:37,489 Phineas Fisher all but disappeared. 271 00:12:37,557 --> 00:12:39,023 But with an assist from my colleague at 272 00:12:39,059 --> 00:12:41,426 VICE's tech and science site, Motherboard, 273 00:12:41,461 --> 00:12:43,828 we finally negotiated interview terms. 274 00:12:43,864 --> 00:12:46,030 Since we wouldn't be able to show his face, 275 00:12:46,066 --> 00:12:48,933 the hacker had a strange request: he would only 276 00:12:48,969 --> 00:12:51,669 do the interview if he was represented by a puppet. 277 00:13:00,180 --> 00:13:03,214 These are the exact words from our live text exchange, 278 00:13:03,250 --> 00:13:05,183 voiced by one of my colleagues. 279 00:13:05,218 --> 00:13:07,185 What was the goal on hacking the Hacking Team data? 280 00:13:07,220 --> 00:13:08,686 Were you trying to stop them? 281 00:13:08,722 --> 00:13:10,522 Well, for the lulz. 282 00:13:10,557 --> 00:13:13,057 I don't really expect leaking data to stop a company, 283 00:13:13,093 --> 00:13:16,060 but hopefully it can at least set them back a bit 284 00:13:16,096 --> 00:13:17,462 and give some breathing room 285 00:13:17,497 --> 00:13:19,397 to the people being targeted with their software. 286 00:13:19,432 --> 00:13:21,900 We spoke to some Ethiopian journalists who were targeted 287 00:13:21,935 --> 00:13:23,701 by their government using Hacking Team's software, 288 00:13:23,737 --> 00:13:25,370 and they wanted to thank you. 289 00:13:25,405 --> 00:13:27,639 (Chuckling) Cool. 290 00:13:27,674 --> 00:13:31,209 Kinda weird seeing my hacking addiction - I mean, hobby - 291 00:13:31,244 --> 00:13:34,512 actually affecting people in the real world in a positive way. 292 00:13:34,548 --> 00:13:37,148 What do you think of surveillance companies, 293 00:13:37,184 --> 00:13:39,551 and Hacking Team specifically? 294 00:13:39,586 --> 00:13:42,253 I would say they're people with no morals going where 295 00:13:42,289 --> 00:13:45,390 the money is, but that's maybe not entirely true. 296 00:13:45,425 --> 00:13:47,592 I imagine I'm not all that different 297 00:13:47,627 --> 00:13:49,060 from Hacking Team employees. 298 00:13:49,095 --> 00:13:51,729 The same addiction to that electronic pulse 299 00:13:51,765 --> 00:13:53,598 and the beauty of the baud. 300 00:13:53,633 --> 00:13:55,600 I imagine if you come from a background 301 00:13:55,635 --> 00:13:58,736 where you see police as largely a force for good, 302 00:13:58,772 --> 00:14:01,339 then writing hacking tools for them makes some sense. 303 00:14:01,374 --> 00:14:04,509 But then Citizen Lab provides clear evidence it's being used 304 00:14:04,544 --> 00:14:07,745 mostly for comic book villain level of evil. 305 00:14:07,781 --> 00:14:10,215 In all, the FinFisher and Hacking Team customers 306 00:14:10,250 --> 00:14:13,084 where targets of the spying have been identified in Bahrain, 307 00:14:13,119 --> 00:14:18,723 Ecuador, Mexico, Ethiopia, it's all investigative journalists, 308 00:14:18,758 --> 00:14:21,793 dissidents, political opposition, etc. being targeted. 309 00:14:21,828 --> 00:14:24,462 Not real crime, but threats to those in power. 310 00:14:25,765 --> 00:14:27,432 While Hacking Team was selling spyware 311 00:14:27,467 --> 00:14:30,268 to law enforcement agencies tasked with catching criminals, 312 00:14:30,303 --> 00:14:33,271 they also sold to authoritarian regimes who use their wares 313 00:14:33,306 --> 00:14:34,806 to crack down on dissent. 314 00:14:36,810 --> 00:14:39,377 Other details revealed through the Hacking Team data dump 315 00:14:39,412 --> 00:14:42,447 was information about companies that were supplying Hacking Team 316 00:14:42,482 --> 00:14:44,916 with the technology to build their spy tools. 317 00:14:46,953 --> 00:14:49,254 Security firm Netragard was singled out for selling them 318 00:14:49,289 --> 00:14:52,123 a zero-day; that is, an undiscovered security flaw 319 00:14:52,158 --> 00:14:55,460 in software that can be exploited to penetrate a system. 320 00:14:55,495 --> 00:14:59,063 Buying and selling zero-days is legal, but covert. 321 00:14:59,099 --> 00:15:01,132 While they can be used to test and improve 322 00:15:01,167 --> 00:15:04,402 a company's network security, zero-days can also be used 323 00:15:04,437 --> 00:15:07,138 to inject malicious software into a computer. 324 00:15:07,173 --> 00:15:09,307 A piece of technology that I created... 325 00:15:09,342 --> 00:15:11,643 Well, brokered really, 'cause I didn't really create it. 326 00:15:11,678 --> 00:15:13,411 But a piece of technology that I brokered, a deal that 327 00:15:13,446 --> 00:15:16,614 I was involved with, potentially armed these rogue nations 328 00:15:16,650 --> 00:15:19,284 with a tool that let them break into these other systems? 329 00:15:19,319 --> 00:15:21,119 I didn't want any part of that. 330 00:15:21,154 --> 00:15:24,422 Adriel Desautels admitted to selling a zero-day exploit 331 00:15:24,457 --> 00:15:27,358 to Hacking Team after the ESAT hack. 332 00:15:27,394 --> 00:15:30,662 I think that it should be your responsibility 333 00:15:30,697 --> 00:15:33,164 to make sure that you are not selling to somebody 334 00:15:33,199 --> 00:15:35,800 that you believe will do anything malicious. 335 00:15:35,835 --> 00:15:39,437 That said, Netragard - respected, above-board company - 336 00:15:39,472 --> 00:15:41,005 you sold to Hacking Team. 337 00:15:41,041 --> 00:15:42,340 I know. 338 00:15:42,375 --> 00:15:45,677 When you misuse a zero-day, who's more at fault: 339 00:15:45,712 --> 00:15:48,313 the broker or the end user? 340 00:15:48,348 --> 00:15:51,015 When you misuse a zero-day, the end user, absolutely. 341 00:15:51,051 --> 00:15:53,151 I mean, if I sell... 342 00:15:53,186 --> 00:15:55,386 You know, I'm Nike, and I sell shoes to some guy, 343 00:15:55,422 --> 00:15:58,122 and he runs down a woman and rapes the woman. 344 00:15:58,158 --> 00:16:00,325 Is it Nike's fault for selling the sneakers? 345 00:16:00,360 --> 00:16:02,026 Or what about Microsoft? 346 00:16:02,062 --> 00:16:03,861 How many people have been hacked by somebody 347 00:16:03,897 --> 00:16:06,197 using Microsoft's operating system? 348 00:16:06,232 --> 00:16:08,800 Microsoft's not accountable for that, right? 349 00:16:08,835 --> 00:16:12,203 The ethics of it and the responsibility of it 350 00:16:12,238 --> 00:16:16,040 are up to the actor or the team responsible 351 00:16:16,076 --> 00:16:18,509 for executing that specific operation. 352 00:16:18,545 --> 00:16:21,546 Adriel's moral dilemma seemed hard to avoid in the grey market 353 00:16:21,581 --> 00:16:23,881 where zero-days are bought and sold, 354 00:16:23,917 --> 00:16:26,985 a market fuelled by a booming cyber arms trade. 355 00:16:27,020 --> 00:16:29,887 So I went to London to meet Edin Omanovic, 356 00:16:29,923 --> 00:16:32,890 a cyber surveillance researcher for Privacy International. 357 00:16:32,926 --> 00:16:34,592 So have you always been interested in the arms trade? 358 00:16:34,627 --> 00:16:36,327 Yeah. 359 00:16:36,363 --> 00:16:38,863 Just, you know, coming from Bosnia I've being interested in 360 00:16:38,898 --> 00:16:42,734 conflict and the arms trade and foreign policy and so on. 361 00:16:42,769 --> 00:16:44,435 Right, how the weapons gets where-- 362 00:16:44,471 --> 00:16:45,870 Yeah, exactly, yeah. 363 00:16:45,905 --> 00:16:47,872 Does this surveillance market... 364 00:16:47,907 --> 00:16:50,541 does it mirror at all the conventional weapons market? 365 00:16:50,577 --> 00:16:54,746 What you've got in the arms market is a system whereby 366 00:16:54,781 --> 00:16:59,250 governments have some kind of control over the exports. 367 00:16:59,285 --> 00:17:02,420 So they would be able to say to this company, 368 00:17:02,455 --> 00:17:04,088 "You're selling this. 369 00:17:04,124 --> 00:17:07,091 We wanna be able to control who you're selling that to." 370 00:17:07,127 --> 00:17:09,627 At the moment, that doesn't exist for 371 00:17:09,662 --> 00:17:12,430 the surveillance market, because much of the technology is new. 372 00:17:12,465 --> 00:17:16,300 Governments need to step in and say that if a product is being 373 00:17:16,336 --> 00:17:20,238 sold from their country to a regime where it's gonna be used 374 00:17:20,273 --> 00:17:23,775 for human rights abuses, they need to be able to stop that. 375 00:17:23,810 --> 00:17:25,643 And who are the major players in it 376 00:17:25,678 --> 00:17:27,445 who are buying these technologies? 377 00:17:27,480 --> 00:17:29,380 It would be countries without their own capability 378 00:17:29,416 --> 00:17:31,115 to develop these kind of tools, 379 00:17:31,151 --> 00:17:34,452 which oftentimes tend to be authoritarian countries. 380 00:17:34,487 --> 00:17:36,788 Where are these companies based that are selling them? 381 00:17:36,823 --> 00:17:40,224 Generally they tend to be in well-developed countries 382 00:17:40,260 --> 00:17:43,961 with big ICT and defense security sectors. 383 00:17:43,997 --> 00:17:45,797 How big is this industry? 384 00:17:45,832 --> 00:17:48,299 Actually, one of the scariest things is that 385 00:17:48,334 --> 00:17:51,402 because it's so secretive, nobody actually knows. 386 00:17:51,438 --> 00:17:54,605 There's been a few estimates by people in the industry, 387 00:17:54,641 --> 00:17:57,909 somewhere in the region of $5 billion a year. 388 00:17:57,944 --> 00:17:59,944 But ultimately, 'cause it's so secretive, 389 00:17:59,979 --> 00:18:01,312 there's just no way of knowing. 390 00:18:01,347 --> 00:18:02,814 They want it to be kept a secret. 391 00:18:02,849 --> 00:18:04,082 So it stays in the shadows that way. 392 00:18:04,117 --> 00:18:05,316 Stays in the shadows. 393 00:18:09,556 --> 00:18:10,788 Cyber profiteers are getting rich 394 00:18:10,824 --> 00:18:13,458 from a growing arms and surveillance market. 395 00:18:13,493 --> 00:18:15,693 But cloaked in secrecy, there's no way of knowing 396 00:18:15,728 --> 00:18:17,361 how big it really is. 397 00:18:17,397 --> 00:18:19,597 And Citizen Lab director Ron Deibert thinks 398 00:18:19,632 --> 00:18:21,699 there's an even more fundamental problem. 399 00:18:21,734 --> 00:18:24,936 It's only going to continue to grow. 400 00:18:24,971 --> 00:18:29,740 And once states' armed forces and intelligence agencies 401 00:18:29,776 --> 00:18:33,211 start equipping themselves, their adversaries take it as 402 00:18:33,246 --> 00:18:37,081 a challenge and do the same, and it ratchets up constantly. 403 00:18:37,117 --> 00:18:41,719 There's certain conditions that tend to favour arms races, 404 00:18:41,754 --> 00:18:43,888 and if you look at the environmental conditions 405 00:18:43,923 --> 00:18:48,659 around cyberspace, many of them are there. 406 00:18:48,695 --> 00:18:51,562 So like, you know, offense has the advantages, 407 00:18:51,598 --> 00:18:53,564 speed and so on. 408 00:18:53,600 --> 00:18:56,000 It's very difficult to verify. 409 00:18:56,035 --> 00:18:58,002 Wow, that's a scary proposition. 410 00:18:58,037 --> 00:18:59,804 We don't have enough weight 411 00:18:59,839 --> 00:19:02,140 behind the idea of watching the watchers. 412 00:19:05,812 --> 00:19:08,613 Marietje Schaake is a member of the European Parliament 413 00:19:08,648 --> 00:19:10,181 from Holland. 414 00:19:10,216 --> 00:19:12,183 She's been leading the charge to include spyware 415 00:19:12,218 --> 00:19:13,751 under international arms law. 416 00:19:15,155 --> 00:19:17,488 Do you think the vendors are responsible if they make a sale 417 00:19:17,524 --> 00:19:19,257 to an authoritarian regime? 418 00:19:19,292 --> 00:19:22,994 Well, they should be helped in making the right assessment. 419 00:19:23,029 --> 00:19:27,765 If a company like Hacking Team can operate legally, 420 00:19:27,800 --> 00:19:31,602 that is the most clear sign that our laws are outdated and 421 00:19:31,638 --> 00:19:35,439 desperately need to be updated, to make sure that there is 422 00:19:35,475 --> 00:19:39,277 no unintended consequences and that we stop this 423 00:19:39,312 --> 00:19:42,613 grey and unregulated market from going on the way it does. 424 00:19:42,649 --> 00:19:46,117 But can you really regulate, police computer code? 425 00:19:46,152 --> 00:19:49,453 The fact of the matter is that we don't have official laws that 426 00:19:49,489 --> 00:19:52,690 provide for transparency and accountability in this market. 427 00:19:52,725 --> 00:19:55,293 There's only very few measures such as 428 00:19:55,328 --> 00:19:57,795 the Wassenaar Arrangement or such as sanctions 429 00:19:57,830 --> 00:20:00,965 on specific countries like Iran and Syria, 430 00:20:01,000 --> 00:20:03,968 the worst of the worst human rights violators. 431 00:20:04,003 --> 00:20:06,637 Hacker Phineas Fisher thinks there's not much difference 432 00:20:06,673 --> 00:20:09,640 between the good guys and the bad guys anyway. 433 00:20:09,676 --> 00:20:12,043 The difference between authoritarian regimes 434 00:20:12,078 --> 00:20:14,979 and democratic ones is the Hacking Team customers 435 00:20:15,014 --> 00:20:18,583 jail, torture and kill, where the democratic ones 436 00:20:18,618 --> 00:20:21,385 have gentler ways of managing dissent. 437 00:20:21,421 --> 00:20:23,254 But many in the international community 438 00:20:23,289 --> 00:20:25,523 do see good and bad guys. 439 00:20:25,558 --> 00:20:27,925 And that's why they drafted the Wassenaar Arrangement, 440 00:20:27,961 --> 00:20:30,361 which regulates the export of both conventional arms 441 00:20:30,396 --> 00:20:32,863 as well as technology that can be used as arms. 442 00:20:32,899 --> 00:20:35,333 It's been signed by 41 countries. 443 00:20:35,368 --> 00:20:38,035 In 2013, network surveillance and intrusion software 444 00:20:38,071 --> 00:20:40,771 was added to its list of restricted items. 445 00:20:40,807 --> 00:20:45,009 I think that that arrangement, as is built today, 446 00:20:45,044 --> 00:20:48,779 will help to destroy the security industry. 447 00:20:48,815 --> 00:20:50,848 Adriel is one of many security researchers 448 00:20:50,883 --> 00:20:52,883 critical of the arrangement. 449 00:20:52,919 --> 00:20:55,586 If you take a company that operates in multiple countries, 450 00:20:55,622 --> 00:20:59,123 that company might suffer a breach, and you might have 451 00:20:59,158 --> 00:21:02,360 a piece of technology here, you know, that is somehow 452 00:21:02,395 --> 00:21:04,629 regulated because of offensive capabilities. 453 00:21:04,664 --> 00:21:07,031 With Wassenaar in place, you can't just send that information 454 00:21:07,066 --> 00:21:09,533 over to your other division. 455 00:21:09,569 --> 00:21:11,535 You have to go and apply for the license, 456 00:21:11,571 --> 00:21:12,903 and do all this other stuff. 457 00:21:12,939 --> 00:21:14,438 And by that time, the hackers have had a field day 458 00:21:14,474 --> 00:21:16,040 and taken whatever they wanted. 459 00:21:16,075 --> 00:21:17,708 It prevents fast response. 460 00:21:17,744 --> 00:21:20,011 I believe it was written with good intention, 461 00:21:20,046 --> 00:21:25,216 but I believe it was written by politicians and people 462 00:21:25,251 --> 00:21:29,453 who didn't really understand the nature of zero-days. 463 00:21:29,489 --> 00:21:32,256 And more importantly, they didn't understand 464 00:21:32,292 --> 00:21:35,226 how grey the boundaries are. 465 00:21:35,261 --> 00:21:37,628 Despite the grey boundaries, Hacking Team claims to be 466 00:21:37,664 --> 00:21:40,131 in full compliance with the Wassenaar Arrangement. 467 00:21:40,166 --> 00:21:42,400 But in the wake of the leak, the Italian government revoked 468 00:21:42,435 --> 00:21:44,502 Hacking Team's global license. 469 00:21:44,537 --> 00:21:47,338 They now have to apply for an individual license every time 470 00:21:47,373 --> 00:21:50,241 they want to export their software outside of Europe, 471 00:21:50,276 --> 00:21:52,410 a sign that times may be changing 472 00:21:52,445 --> 00:21:54,412 for spyware manufacturers. 473 00:21:54,447 --> 00:21:57,581 If you could say anything to the hacker who hacked Hacking Team, 474 00:21:57,617 --> 00:21:59,083 what would you say? 475 00:21:59,118 --> 00:22:00,418 Please keep on. 476 00:22:00,453 --> 00:22:03,587 Keep on hacking these hackers, and expose them. 477 00:22:03,623 --> 00:22:05,456 They are helping, they are fuelling 478 00:22:05,491 --> 00:22:07,425 dictatorship in Ethiopia. 479 00:22:07,460 --> 00:22:10,261 The market for spyware is growing fast. 480 00:22:10,296 --> 00:22:13,698 Without tough legislation around the sale of these cyber weapons, 481 00:22:13,733 --> 00:22:15,733 anyone can be a target. 482 00:22:15,768 --> 00:22:18,135 Including me, including you. 45387

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.