Facing the Truth: Hacking Team leak confirms Moroccan government use of spyware
On July 6th, the company Hacking Team was hacked: over 400GB of administrative documents, source code and emails are now available for download.
Documents from the hack confirm once again the claims made in our report Their Eyes on Me, the Moroccan intelligence services made use of Hacking Team's spyware 'Remote Control System' to target those whom they perceive as their opponents. The documents show the two intelligence agencies in the country have been renewing their contracts and are currently still using the piece of spyware. Over the past six years Morocco has spent more than €3 million on Hacking Team equipment.
Among the documents, a client list showed that the two Moroccan intelligence agencies – the High Council for National Defence (CSDN) and the Directory of Territorial Surveillance (DST) – have both purchased Remote Control System. The CSDN first acquired it back in 2009 and the DST obtained it in 2012.
In total Morocco spent €3,173,550 to purchase the licenses and maintain the product. In 2015 alone, the CSDN spent €140,000 and the DST €80,000 for spyware that can reach respectively up to 300 and 2,000 targeted devices.
The contracts were both signed through Al Fahad Smart Systems, an Emirati company that acts as an intermediary for government and private companies seeking to purchase “security services”.
The documents also reveal that the Moroccan Gendarmerie was listed as an “opportunity” for 2015 and expected to obtain €487,000 from them.
The documents arrived two months after the Moroccan government threatened members of Moroccan civil society with a lawsuit following the publication in Morocco of the Privacy International report 'Their Eyes on Me'. The report was a series of testimonies of activists who had been targeted by Hacking Team spyware.
In a press release relayed by the press agency MAP, the Government said they had “filed a lawsuit against some people who prepared and distributed a report which includes serious accusations of spying by its services”. And they added that “(the) ministry has asked for an investigation to identify people behind such accusations to try them by the competent court".
The staff of our partner organisation in Morocco reported that their neighbours and family members were interrogated by the police following the announcement.
All the claims stated in the report were in fact backed by research from the Citizen Lab, an interdisciplinary research group affiliated to the University of Toronto. Back in 2012, they had identified the use of Remote Control System against Mamfakinch, a collective of citizen journalists, whose stories are documented in our report.
Emails from Hacking Team employees, spotted by The Intercept, reveal that their opinion of the Moroccan government had remained untainted. David Vincenzetti, the CEO of Hacking Team, wrote to his colleagues in a recent email: “The King of Morocco is a benevolent monarch. Morocco is actually the most pro-Western Arab country, national security initiatives are solely needed in order to tighten stability.”
Those revelations are, however, yet more evidence that the reality of the Moroccan regime is very different from the public image the Government likes to spread. Far from a liberal Kingdom led by a benevolent monarch, Morocco is in fact yet another regime that has been caught red-handed using highly invasive technology to spy on journalists and pro-democracy activists. And when their wrongdoing is exposed, the government attempts to discredit the solid work of independent researchers and to silence local activists.