hackingWikileaks is back with another Kenyan dossier.

In a rather ironic twist of event, controversial Italian surveillance company ‘Hacking Team’, has been hacked and over 500GB of their documents released on the internet. Among these are thousands of email correspondence between ‘Hacking Team’ staff and representatives of corporations and governments across the world.

According to news website VICE, the hackers who infiltrated the company, which sells surveillance technology such as spyware, got everything. These includes the source code for the software they use to hack into modern operating systems like Windows, Android and Apple’s IOS.

In an even more bizarre turn of events, the hackers hacked ‘Hacking Team’ Twitter account and provided a link to where everything can be downloaded… Thats a lot of hack.


They composed the tweets as if they were written by ‘Hacking Team’, and tweeted a few sample of internal emails.

Here’s where it gets interesting. ‘Hacking Team’ has always been suspected of having high profile clients, but they have never revealed anything.

The leak however confirms that indeed governments have been paying them hundreds of thousands of dollars to get their hand on that surveillance software.

To get a feel of their clients, think of Governments of Ethiopia, United Arab Emirates, Italy, Morocco and the United States’ Drug Enforcement Agency (DEA). The UK government also wanted their services but the deal fell through due to legal handles.

Now, Wikileaks has revealed that Kenya’s National Intelligence Service (NIS) may be one of ‘Hacking Team’s’ clients.

Emails released by the website reveal the dark side of NIS and how they use state resources for all the wrong reasons. The software NIS was interested in goes by the code name ‘Galileo’.

In this email correspondence between Emad Shehata, the account manager for Kenya, and an NIS officer whose name we’ll not disclose, Mr Emad explains the incredible features of ‘Galileo’ and offered to schedule a live demonstration at NIS premises.


Dear Sir,

I’m Emad Shehata, Key Account Manager in charge of your country.

Since you have showed interest in our product, I take the occasion to send you some information related to the latest version of Remote Control System, codenamed Galileo.

Galileo is designed to attack, infect and monitor target PCs and Smartphones, in a stealth way.

It allows you to covertly collect data from the most common desktop operating systems, such as:

   * Windows
   * OS X
   * Linux

Furthermore, Remote Control System can monitor all the modern smartphones:

   * Android
   * iOS
   * Blackberry
   * Windows Phone

Once a target is infected, you can access all the information, including:

   * Skype calls
   * Facebook, Twitter, WhatsApp, Line, Viber and many more
   * device location
   * files
   * screenshots
   * microphone

· and much more

To protect your operations, resistance and invisibility to the major endpoint protection systems is integral to the solution.

Galileo also introduces Intelligence, a module designed to correlate the collected information, to speed up your investigation and highlight relevant connections.

There is more to show you than this.

If you are interested, please get in touch: we would be more than happy to schedule a presentation and live demonstration at your premises.

Best regards

Emad Shehata
Key Account Manager

Hacking Team
Milan Singapore Washington DC

email: [email protected]
mobile: +39 3357939078
phone: +39 0229060603

gal1 gal2 gal3

Click to expand

Now, here’s a software that you’ve been told can give you remote access to the device microphone, location and all those other stuff, but what does the NIS guy do? He asks the ‘Hacking Team’ to demonstrate its capabilities by hacking into Robert Alai’s blog ‘Kahawa Tungu’.


Dear Emad,

Hope this email finds you well. We have seen your proposal on the Galileo product and all looks great and would wish to move forward.

Meanwhile, there is a quick task we have for you:
1) There is a website we would wish you urgently bring down, either by defacement or by making it completely inaccessible. The website url is http://www.kahawatungu.com. If you can bring this site down, it would serve as a great proof of concept for your capabilities and also provide a means of immediate engagement. Please let me know if this is possible, and how soon you can have it done.

Best regards,
Support team.

Click to expand

Mr Emad told him that there’s a misunderstanding on what they really do. He said that they are not supposed to involve themselves or participate in any law enforcement operation, which basically translates to ‘buy the software, then hack Kahawa Tungu yourselves.


Dear Sir,
thanks for your e-mail.

We think that there’s some misunderstand on our company and professional service that we provide to all our customer around the globe.

Firstly as per my last e-mail to you dated 29 December 2014, we are here to ask you to sign and stamp the NDA as in attached.

Secondly due to company policy and international regulations we are not allowed to be directly involved or participate in any Law Enforcement operations.
As Proof of Concept you can consider as standard procedure, the attached doc.

Third, please introduce yourself.

Hope that now the picture will be more clear and re-start in a professional way as per our company standard and reputation.

Best regards

Click to expand

In a later internal email, the Operations Manager at ‘Hacking Team’ is seen expressing reservations on working with the Kenyans.


Da: Daniele Milan [mailto:[email protected]]
Inviato: giovedì 7 maggio 2015 15:36
A: Emad Shehata
Cc: rsales
Oggetto: Fwd: HT- ITALY


the person who wrote us is from a private communication company in Kenya that sells pay TV services, and the url they asked us to tear down is a news website that is highlighting corruption and other wrongdoings in the Kenya government. 

I don’t think we want to be involved with this…

Daniele Milan
Operations Manager

Click to expand

It’s not clear whether the purchase was eventually made, but in one of the emails, Emad – the ‘Hacking Team’ account manager for Kenya, reveals that more contact had been made and NIS was sending someone to Milan for a demonstration.


Dear Nasim,

firstly I would like to thank you for visiting us in our office.

As agreed, I’m here to attached you our NDA for you signature.

About the prospect customer ( National Intelligence Service ) in Kenya, we are waiting the customer visit to our office in Milan to perform them a DEMOSTRATION on our solution.

Once you will met the customer we can organize the visit in our office and send you a letter of invitation ( we need the passport copy and the NDA signed from the customer).  

As discussed we will not involved in any other Trip organization since you will be in charge of this trip: Travel- Hotel Expensive.

After the customer visit, we can going further on our negotiation ( as per your information, it will be take no more later than 3 Months, starting from January 2015).

I remain at your disposal.

Best regards


Emad Shehata
Key Account Manager

Click to expand

An invoice has also leaked, revealing that the company charges upwards of $400,000 for its software. That’s Sh40 million.

While I do not hold radical views opposing government surveillance, I really can’t bring myself to understand why NIS would make hacking Robert Alai’s blog their top priority, while Al Shabaab are attacking us every other day.

It would have made more sense to ask for a demonstration in the form of tracking a suspected terrorist’s number.