Among the 400GB of the Italian Hacking Group's internal data released onto Wikileaks following a July breach were more than a million company emails including several detailing the Saudi Arabian government's bid to buy control of the surveillance company.
Journalist Marco Lillo, who reported on the Saudi emails for the Italian newspaper Il Fatto Quotidiano, commented: “It's paradoxical that it (Hacking Team) couldn't sell its software to Saudi Arabia but it could sell them the entire company."
UK-based, Syrian-born Wafic Said and former US ambassador to Italy Ronald Spogli, an investor in Hacking Team, were reportedly involved in the deal which collapsed in 2014 following the departure of leading backer, former Saudi ambassador to Washington, Prince Bandar bin Sultan, from his role as head of the Saudi intelligence service. CIO.com reported Hacking Team spokesman Eric Rabe saying talks had never been close to completion.
The Hacking Team has been criticised for supplying countries with poor human rights records, but Rabe justified the sales on the basis that Saudi Arabia is an ally of the West and it was important that it should receive instruments that enabled it to combat crime and terrorism.
Despite its current role as head of the UN's human rights committee, Saudi Arabia has often been accused of being a violator of human rights. It is currently threatening to behead and crucify Ali al-Nimr, and it has made peaceful protesting a terrorist offence following demonstrations in al-Ahsa and al-Qatif districts in the eastern province by the minority Shia population.
On 10 February 2014, Charles Stauffer, a senior manager at Said's investment company Safinvest, wrote to David Vincenzetti, CEO of the Hacking Team providing details of the transaction: the Saudi-owned joint venture company was to be called Halo and the price was set at €37 million (£30 million). Vincenzetti was also reported as seeking to avoid implications of the Wassenaar Arrangement (restricting dual use technology exports) being implemented, saying: "We would like the newco to be in a country which will not impair the export of our technology."
Rabe was reported by CIO.com as saying he didn't think the hack was the work of corporate rivals, as competitors were unlikely to post the results online, adding: "It was people who were trying to destroy our company.”
While there is no verification of who hacked Hacking Team, in a tweet to Motherboard, 'PhineasFisher' claimed responsibility for the hack. Last year 'he' claimed responsibility for hacking Gamma International, makers of FinFisher surveillance software.
It is also not known what alternative arrangements Saudi Arabia may have made to gather cyber-intelligence when the Hacking Team deal collapsed.
Bob Tarzey, analyst and director, Quocirca Ltd, commented to SCMagazine.UK.com, that, assuming the story is correct, "If Saudi Arabia wants to monitor the social media activities of its own population, the communications of its local rivals such as Iran, or simply know what western organisations and countries are doing (in relation to Saudi Arabia), then it is likely to buy in the skills as I doubt there is that much in-house expertise given the size of the population and the nature of the education system. It has a generally positive relationship with western companies/countries [so this should not be a problem]."
In an email to SCMagazineUK.com, Sarb Sembhi, director STORM Guidance adds: “Any government, be it a Western or Middle-Eastern one, would most logically have had to be considering several options on acquiring such tools and expertise - The Hacking Team would most likely have been just one of those several options. We do not yet know for sure whether or not it succeeded in either purchasing another company or other tools comparable to those of the Hacking Team. If it has managed to do so, then it has been able to reduce the gap with some of the Western governments in relation to vulnerabilities, attack tools, etc. In political ally and enemy terms, it would make most sense that we assume that those tools and expertise are held by Saudi Arabia than not.”
So the Saudis may well be the new player on the block, but equally they may simply want to give the impression that they have such capabilities even when they don't. But the real challenge, suggests Sembhi, “ .... is not always ‘does the other party have the capability?', but does it have means to acquire such capability, and then to make use of it effectively. If the answer to that is ‘yes', then all the rest is just game play.”
In another development, Saudi Arabian government sites are currently being targeted by Anonymous. According to messages posted with the #OpNimr hashtag, the attacks are a protest against the death sentence being confirmed this month against Ali al-Nimr, a nephew of Shia cleric and activist Sheikh Nimr Baqr al-Nimr.
He has been sentenced to be beheaded and then crucified for alleged anti-government activities in 2012 when he was 17. Amnesty International alleges Ali al-Nimr was tortured to extract a confession.
Saudi Arabia's UN human rights appointment is criticised by Anonymous which also issued a statement saying: “Ali Mohammed al-Nimr, an innocent young teenage boy has been sentenced to death in Saudi Arabia and we will not stand by and watch.”
It has issued a list of targets on Pastebin including the Ministry of Justice, the Ministry of Civil Service, the General Administration of Education, PSATRI, Saudi Arabia's technological centre for its military and security sectors and Saudi Airlines.
Anonymous said: "The ministry of justice was taken offline a few days ago and we will continue to do this to other government websites,” though it is believed to be the only site currently offline.