The National Intelligence Service (NIS) may have acquired a stealth surveillance system from controversial Italian-based company, Hacking Team, to intercept private communication and bring down websites deemed offensive to the government.
According to a trove of e-mails released by WikiLeaks — an online whistleblower that publishes secret information largely exposing government and corporate misconduct — the spy system enables NIS unfettered access to people’s information, infect and monitor computers and smartphones.
Hacking Team has been facing criticism from privacy campaigners for supplying surveillance software to some of the world’s most oppressive regimes.
Interior Ministry spokesman Mwenda Njoka declined to comment on the matter.
The system is “designed to attack, infect and monitor target PCs and smartphones in a stealth way,” according to emails between a representative of the Hacking Team based in Singapore — described as a “key account manager in charge of your country (Kenya)” — and a supposed NIS operative in Nairobi on April 27.
“It allows you to covertly collect data from the most common desktop operating systems, such as: Windows OS, Linux. Furthermore, Remote Control System can monitor all modern smartphones: Android OS, Blackberry, Windows Phone. Once a target is infected, you can access all the information, including: Skype calls, Facebook, Twitter, WhatsApp, Line, Viber and many more. To protect your operations, resistance and invisibility to the major endpoint protection systems is integral to the solution,” the company’s representative further states.
According to the e-mails, Hacking Team is headquartered in Milan, Italy, but has offices in Singapore and Washington DC.
To test the efficacy of the system, NIS had on May 6 emailed Hacking Team to bring down Kahawa Tungu, a website associated with controversial blogger Robert Alai “as a great proof” of the company’s capability.
“There is a website we would wish you urgently bring down, either by defacement or by making it completely inaccessible… Please let me know if this is possible, and how soon you can have it done,” the NIS operative tells the Hacking Team representative.
Additionally, the system would enable the NIS to access documents from target computers even if they have not been sent to another device through the internet. It would also monitor the social networks of targeted people without them knowing.
The NIS agent was introduced to the hacking company by an executive director of a Nairobi-based communication solutions provider who also sells pay TV services and was working as an intermediary for the NIS and Hacking Team since October last year.
“I herein this mail copy (NIS agent) who works with the National Intelligence Agency in Kenya particularly in the department that requires your solution,” he says in an email sent on October 29 last year.
In an e-mail on May 6, the NIS agent appears convinced by the system’s capabilities, commenting that “all looks great and we would wish to move forward”.
WikiLeaks has released more than one million emails involving Hacking Team and affecting many countries. Some of the company’s customers include Sudan, Saudi Arabia, UAE, Bahrain, Morocco, Egypt, India, Russia and the USA, among others.
Section 42 of the NIS Act provides that the Director General of NIS must obtain an ex-parte court warrant to monitor and intercept communications of a person he has reasonable grounds to believe poses a threat to national security.
Section 45 of the Act provides that once issued, the warrant “may authorise any member of the service to obtain any information, material, record, document or thing” by entering and searching premises, monitoring communication and install, maintain or remove anything.
The Security Laws (Amendment) Act, 2014 that were passed last year had initially sought to empower the Director-General of NIS or his representatives “to do anything” without the need for a court warrant. This, it was argued, would enable NIS to secretly acquire information from devices and social accounts belonging to people suspected of involvement in terrorism activities.
The provision was, however, deleted in the final text of the Act following a public outcry and opposition from rights groups. The NIS is still required to obtain a warrant to monitor and intercept private communications.
Kenya has been grappling with the Al-Shabaab terror threat, prompting some to justify eavesdropping of private conversations. However, the NIS has also for years been thought to be secretly spying on Kenyans. Nonetheless, new encryption technology, including widely available mobile phone applications, is also proving to be a headache to security agencies all over the world.
WikiLeaks was founded in 2006 by Australian computer programmer and publisher Julian Assange and thrives on publishing secret information, news leaks, and classified media from governments and anonymous sources. The website became famous in 2010 when it published millions of US diplomatic cables.
The publishing of the cables forced the US government to apologise to world leaders about their unflattering contents.