Updated - Adds comments below by director at Alberta and statements by government, Opposition 

Malta’s secret service sought to use the services of a controversial hacking company linked to several repressive regimes, according to leaked e-mails.

Two officials from the Malta Security Service met representatives of the hacking company last month in Prague over a potential €600,000 agreement to use the company’s spy technology in Malta, the e-mails show.

Italian web security firm Hacking Team, listed as an “enemy of the internet” by Reporters without Borders, was itself the subject of a massive ‘hacktivist’ attack earlier this week.

Some 400 gigabytes of data, including e-mails and invoices, were obtained and published through the company’s own Twitter feed.

The leaked e-mails included an exchange between two of the company’s key account managers and a named member of the Malta Security Service. The exchange refers to a meeting that took place in Prague last month during a European intelligence and law enforcement conference. According to the e-mails, dated June 5, the Maltese official expressed interest in holding a demonstration of the company’s “hacking solution for governmental interception in Malta”.

No contact was made - ministry

Together with a colleague, the official requested an estimated quotation for a “basic configuration” of the software for 10 agents, which was given as €600,000, although the company representative suggested that 50 agents would be more appropriate.

The Hacking Team representative said the Maltese officials spoke Italian and “seemed interested”. They are also said to have confirmed that they had never used a similar software solution in the past.

In a follow-up e-mail, the Maltese official was forwarded a non-disclosure agreement ahead of confidential information that had to follow.

Also attached to the e-mail was a questionnaire requesting details about targets and “attack scenarios”, including the possibility of gaining physical access to targets’ devices.

It is unclear from the e-mails whether and how discussions proceeded beyond this point.

A spokeswoman for the Home Affairs and National Security Ministry said: “As is normal practice, personnel attending such conferences contact possible suppliers of products and services that appear to be of interest. In this case, an e-mail requesting unacceptable conditions was ignored. No contact was made with named company.”

Hacking Team is based in Milan and has offices in the US and Singapore. The company claims that its DaVinci Remote Control System is able to break encryption and allow law enforcement agencies to monitor encrypted files and e-mails, Skype and other voice or chat communication.

The software, which is capable of monitoring hundreds of thousands of computers at once, also allows for identification of the target’s location and relationships and can remotely activate a computer’s microphones and cameras.

Hacking Team has for years been the subject of scrutiny due to its suspected sales to regimes known for human rights abuses and aggressive surveillance of citizens, journalists and activists, which the company has always denied.

The leaked documents show that its clients include the governments and security services of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia and the UAE.

Last May, a Hacking Team representative travelled to Bangladesh for a demonstration at the headquarters of a notorious paramilitary security agency that Human Rights Watch refers to as a “death squad”.

WIKILEAKS SHEDS LIGHT ON EARLIER E-MAIL EXCHANGES 

Meanwhile, Wikileaks yesterday also published an e-mail exchange which took place in May 2013 between Duncan Barbaro Sant, director of fire safety and security firm Alberta, and Hacking Team in which Mr Barbaro Sant was given a presentation of the company’s hacking products, to attack, infect and monitor target PCs and smartphones in a stealth way.

“Once a target is infected, Remote Control System allows accessing a variety of information, including: Skype traffic (VoIP, chat), MSN traffic (VoIP, chat), Keystrokes (all Unicode languages), files, screenshots, microphone eavesdropped data, camera snapshots, etc.

“Invisibility features include full resistance to all the major and most common endpoint protection systems,” according to the presentation.

In an e-mail dated May 14, 2013 Mr Barbaro Sant said:

“Meeting went well. I have been made aware that the Malta Secret Service are already in possession of a similar software BUT I told them that it is probably the software that was installed ages ago. In view of this, a second meeting will be organised but this time with the MSS. (Malta Security Service)

“This is where I need your help……

If you were to send an introductory letter to MI5 how would you draft it to attract their interest and attention? Maybe you can forward me a sample for me to forward to them and to the Prime Minister with whom I also have good relations. (for what it’s worth)

“If you are to come over to perform a demonstration I need to make sure the Government is seriously interested. I would not want to waste your time, or mine for that matter.”

A draft non-disclosure agreement followed.

Contacted this morning, Mr Barbaro Sant said:

“Alberta specialises in fire and security and I am studying on terrorism. Alberta is heavily involved in Libya and we were at a security fair to meet with the large companies.

"Since they were not entering Libya we wanted to use our contacts to offer our services in Libya.

"We came across this company and we felt Malta was so exposed to the threats from a neighbouring country, even back then, that this software looked like a good tool to help the police track and identify any terrorist activity that may be approaching to Malta.

"That was the whole purpose of this exchange with Hacking Team and Malta Security services. During my meeting with MSS at no point did they communicate, so much so that it was a very silent and awkward meeting.

"They did not speak and lived up to their name and kept everything secret. The MSS did not communicate with us any longer since then.”

Asked about Hacking Team’s shady reputation, Mr Barbaro Sant said:

“We did not know this. We only met them at the fair for the first time. It was one of the largest anti-terror fairs in the UK. Since then we have had no connections whatsoever with Hacking Team.”

OPPOSITION DEMANDS ANSWERS FROM THE PRIME MINISTER

The Opposition expressed "grave concern" at the news and said this was not what the people were promised.

"People do not want a big brother government that spies on them. And the Opposition will give a voice to people’s concerns," it said.

In a statement it said the government had a track record of doing things in secret.

"Whether it is its secret deals with the Żonqor developers, with Electrogas, with Azerbaijan’s SOCAR or with Henley & Partners, it always operates in secrecy.

"Even PL deputy Leader Toni Abela admitted that thegovernment is making people rich by operating in secrecy. Now it wants to spy on citizens. There are fundamental freedoms at stake, such as the right to privacy. And the Opposition will defend fundamental freedoms."

The Opposition called on the Prime Minister to explain who gave the authorisation for the Malta Security Service to buy hacking technology for the government.

Opposition Leader Simon Busuttil said: “I expect the Prime Minister to come clean, and publicly explain what he is doing and why. He must also explain his personal involvement in this affair.”

Dr Busuttil stated that while the public deserved an immediate explanation, he would raise this issue at the next meeting of the Security Committee being held on July 20.

LEGAL INTERCEPTION SYSTEM PROCURED BY PREVIOUS ADMINISTRATION - GOVERNMENT

The Prime Minister never had meetings on the said subject and OPM records show that he never received any letter as the one which one of the authors of the emails seems to imply that he wanted to draft and send, the Office of the Prime Minister said.

It said that without going into details that might jeopardise national security, one needed to clarify that the legal interception system, including email interception capability, owned by the MSS was procured by the previous administration.

No further procurement in this area was made by this administration.

According to the MSS, the local representative offered services‎ but the offer was not taken up since the equipment bought by the previous administration was still valid.

"One has to clarify that the security committee has an oversight on the MSS. The members include the leader of the Opposition.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.