Hungary’s Orbán government invests in spying technology for use abroad

Since November 2010, Hungary’s Orbán government has spent over 571,000 euros to purchase highly sophisticated spying technology from an Italian firm called the Hacking Team, and the software is used to bug cell phones and hack into private computers, according to a report published by the liberal 444.hu news site.  The data on the Hacking Team’s servers was stolen by a group of hackers this past weekend and ever since, journalists–including a small handful of Hungarian ones–have been perusing a staggering 400 gigabytes of data, to determine which governments had ordered products or services from the firm. According to The Intercept, a news site that focuses on surveillance, spying and hacking related stories, the Hacking Team has a long history of selling software and other products to despotic regimes. For instance, the Hacking Team’s representatives travelled to Bangladesh, in order to sell products to the Rapid Action Battalion, an infamous death squad headquartered in Dhaka. Also according to The Intercept, the Hacking Team sold surveillance software to Belarus in October 2014 for use by the country’s Operations and Analysis Center, which is responsible for monitoring opposition activists and dissenters.

In Hungary’s case, we now know that the Bureau of Information (Információs Hivatal), formerly the intelligence wing of the Ministry of Foreign Affairs, and now under the direct supervision of the Prime Minister’s Office, and the Professional Services of National Security (NBSZ) have paid a total of nine invoices for products and services rendered by the Hacking Team. Starting in September 2012, the Információs Hivatal (IH) has been led by István Pásztor, the former military attaché previously stationed at the Embassy of Hungary in Washington, DC. The IH is responsible for overseeing the security of Hungarian embassies and consulates and for “obtaining, analysing, evaluating and forwarding to the government information obtained abroad or from foreign sources that can be used for national security purposes in Hungary, or which supports Hungary’s interests.” As is highlighted on the IH’s website, the bulk of the organization’s intelligence activity occurs outside of Hungary.

Also according to the IH’s website, while the majority of IH officers work at the organization’s centre in Budapest, others are placed at Hungarian embassies, consulates and in other workplaces outside of Hungary, “where their ties with the IH are concealed.”

So what has IH been purchasing from the Hacking Team, according to the information stolen and released to the public by rival hackers?

The IH and the NBSZ have been primarily concerned with bugging cell phones. IH has been using a piece of technology called the Remote Control System (RCS), as well as an “exploit portal,” purchased from the Italian company. The yearly licensing fee for the RCS is 64,000 euros and Hungary last renewed this in November 2014. NBSZ, which serves as a public procurer for IH, upgraded the RCS software at a cost of 150,000 euros, in order to allow it to bug a wider range of cell phones. Specifically, Hungarian state security officials realized that it was important for their technology to be able to track older, Nokia-type cellular phones, which preceded today’s smartphones. This upgrade, called Symbian, ensures that IH can obtain any data stored on these older phones, and can monitor all telephone conversations.

In 2012, NBSZ purchased a second upgrade for 36,000 euros, which allows it to bug Apple Iphones. What’s interesting about this approach is how the software is custom-made to bug all generations and different brands of cell phones and smartphones. The Orbán government is covering all its bases.

While it is now clear that Hungary has spent at least 571,000 euros on this technology, 444.hu suggests that once all the information stolen from the Hacking Team server is processed and reviewed, the full amount spent will be closer to 1,89 million euros.

A scene from the 2006 German film The Lives of Others (Das Leben der Anderen).

A scene from the 2006 German film The Lives of Others (Das Leben der Anderen).

The RCS technology is the most important part of this surveillance “package.” The software, also known as Galileo or as DaVinci, is according to the Hacking Team, only sold to government agencies and not to private individuals or companies. But governments have used Galileo to spy on civil rights activists, such as Egyptian journalist Ahmed Mansour. Egyptian authorities have sentenced Mr. Mansour to 15 years in prison in what appears to be a show trial, for his involvement in the Tahrir Square protests of 2011 against then President Hosni Mubarak.

RCS, or Galileo, is a very powerful surveillance software. It includes a keylogger function, which allows for intelligence agencies to track every keystroke entered on an electronic device. It also produces screen shots, uncovers passwords and allows for any file saved on the machine to be copied. But most critically: RCS is able to activate a laptop or desktop computer’s camera, even when it is not in use, to capture discussions and activities going on in the room where the computer is located.

When it comes to computers, IH use phishing attacks, through emails, to plant RCS onto the machines of individuals under surveillance. But this is seen as a relatively rudimentary approach and it requires the target person to “play along.” (He/she has to actually fall for the phishing attack.) That is why NBSZ purchased an “exploit portal” upgrade for use by IH, allowing for Hungarian agents to exploit software/security deficiencies on the target person’s computer.

According to The Intercept, Hungary is considered to be one of the Hacking Team’s top clients. In fact, the Orbán government is currently the firm’s 6th largest client in the world. The top client is Mexico, followed by Italy, Marocco, Saudi Arabia, Chile and then Hungary. The United Kingdom considered purchasing products from the Hacking Team, for use by London Metropolitan Police Services, but the deal never went through, due to British “legal concerns” about “lawful inception.”

Hungary, being this firm’s sixth most important client, apparently does not share these concerns. I strongly suspect that we are only seeing the tip of the iceberg when it comes to this story and how it relates to Hungary’s IH.

15 Comments

  1. András B. Göllner says:

    Looks like some people have suddenly become tongue tied Christopher 🙂 Your article is a very important heads up. The Hungarian PMO possesses the technology to listen to anyone’s cell phone, tap into anyone’s computer, anywhere in the world, without any judicial oversight. It’s one thing to have your civil liberties trampled upon in Hungary, it is another matter when that invasion is replicated abroad. The TEK, which is Orbán’s private security service, headed by his former body-guard, can legally tap anyone’s cell-phone, take action against anyone anywhere in the world who is critical of the Hungarian government. It has agents who are deployed not only on the territory of Hungary but in places as far away as the USA and Canada. According to the law, the TEK does not require prior judicial permission, nor ex post facto judicial review for any of its actions. It’s above the law. The information that’s surfacing now merely confirms what has been known by many for a long time.

    The difference between the Hungarian regime’s use of the available technology and the manner the US uses the same technology is markedly different. In Hungary the use of the technology is not subject to judicial oversight, it’s under the control of the ruling political power, it’s partisan, and is directed at not only potential terrorists, but leaders of the democratic opposition. By way of comparison, what we have in Hungary is THE LEGALIZATION OF WATERGATE. The spirit of Richard Nixon is alive and well in the body of Viktor Orbán. Both are clients of Arthur J. Finkelstein, who is aptly nick-named as “The Merchant of Venom”. The discussions of the secretly taped transcripts that are available to the Hungarian PM are not taped for the public record. There are no minutes taken at cabinet discussions in Hungary. The character assassination techniques utilized by the Hungarian PMO are not actionable or subject to any kind of overview. The maligned individuals have no protection whatsoever.

    According to Transparency International, the Hungarian government is the least transparent government in all of Europe, and is making itself even less transparent as we speak. It has just passed a new law, that will make it virtually impossible to see into its machinations. Hungary won its infamous distinction under Viktor Orbán. Remember his speech at Tusnádfürdő last year. “Imagine where I’d be, if I could be sued by members of parliament, like the US President” Imagine indeed !!! He’d be facing impeachment like his role model, tricky Dick !!!

    • “…..the TEK does not require prior judicial permission, nor ex post facto judicial review for any of its actions. It’s above the law. ”

      Then it’s above Orban and will act accordingly when it becomes necessary.

  2. I previously suspected and wrote about it but reading this article I’m sure the whole operation mentioned above is just a part of trading intel beyond selling out other confidential EU information to their clients, possibly in the middle east, that serves many different purposes, mostly illegal arms and ammunition trade. This might as well be one of his duties in exchange for being put in such a high position of a PM and allowed to loot the country and suck it dry and to make sure that the stolen money will be laundered and recirculated to Swiss and other banks to find its way to those millionaires bank account who helped this unscrupulous monster to power.

    This is just a garrison of a bigger “army”that haunts for more intel that they actually need and it’s worth inventing a lot of money in this business as the sold intel, possibly collected for clients order, pays off.

    This little “jerkoff” as Simicska described him had to have a good reason to shift business an throw Simicska out of the basket. Not the money, but Simicska was the brain and the purse of the Fidesz and some business requires extraordinary precaution. Let’s see what will happen after all.

  3. I like the Das Leben der Anderen illustration used in this article. (I also loved the film.) But do you think that Orbán’s spies are so benign and ethical, and capable of compassion as Hauptmann Gerd Wiesler?

    Not a chance.

  4. I know some people who cover up their laptop’s camera when it’s not in use, precisely because they know that hackers and spies can take control of it and use it to record everything that happens in the room. It may sound paranoid, but it isn’t and this article proves that this precaution is an important one.

    This is called “camfecting” in the computer security industry. For Orban, his diplomats and spies, camfecting is useful because it allows them to register offline discussions and even learn details of what is in someone’s home, maybe clues as to where that home is located–if they don’t already know–and, most importantly–TO KNOW WHEN THE TARGET IS NOT AT HOME! They learn your schedule, and know when you are out of the house. For regular hackers, this can lead to burglaries. But for Orban and his spies, it is more about tracking where you are, where you are going, who you are with, what is in your home, what you read, what you watch and listen to and, if they know when you are away, they can possibly enter your home and plant listening devices in there…if they have their people working in your city.

    • Depends on how good the target person is at computing, what security solutions uses. Also, discovering an intrusion and letting it going on, gives a chance for disinformation or to take other steps that might not make them intruders happy. It makes easy to hack the hacker.

      You see it happened even to Hacking Team.

      Moreover, the Hungarian government has many expensive spy software but not their own development therefore they themselves are vulnerable to surveillance, by the softmaker, who is surely spying on their clients and as the client is just trained by the vendor thus they don’t have comprehensive knowledge of the softpack and how it works what it does. That is the most stupid thing for a government to do, to use spyware developed by a third party. The Hungarian handlers of the softpack are not qualified enough and as they surely hire foreign speaking many times native foreigner experts, translators, engineers, they themselves become vulnerable. If they were qualified enough they could develop their own spyware.

      Now, Hacking Team surely was/is spying on their clients and they have all the downloaded classified government documents what the Orban government stole with THEIR softpack, and they will either blackmail the Orban government in some indirect way under disguise or they simply sell the stolen information to the “enemy”. Big money. Actually THEY ARE SPYING, they are the spies with the help of the Orban government who was stupid enough to pay a fortune for a softpack that is not their own and let it upload all their stolen stuff to the HT serves . HT will trade the stolen information that the Orban government stole and unwillingly uploaded to their server. Trading intel is a business of HT as much as the business of the Orban government.

      Now, HT has been hacked and God knows who possesses now all the intel of the Orban government that HT stole from them and how they will use it. They may sell it back on high price to the victims. They will, and Orban will not even be able understand why and when the sky is falling on his head.

  5. This is one of the better articles out there on camfecting:

    http://everydaylife.globalpost.com/tell-webcam-hacked-33446.html

    And this piece in the New York Times is also excellent, when it comes to computer security:

    http://www.nytimes.com/2012/11/08/technology/personaltech/how-to-devise-passwords-that-drive-hackers-away.html?_r=0

  6. Gyula Bognar, Jr. says:

    It is not enough to obtain valuable intelligence information, there has to be intelligence in the Government to use it well.

    In a country where one of the Government’s main efforts are to convince the populations, that domestic watermelons are better than the imports and the other main occupations is to build stadiums, firmly believing that the result is automatic, so the more stadiums they have, the better the soccer teams will play, intelligence is non-existent in the Government. After all, it is János Lázár, who is the head of Intelligence, along with six or seven other ministries. It had also been proved that The Fidesz Government is doing everything, without listening to anyone else’s opinion, so they have no ears either.

    Therefore just gathering intelligence without having intelligence and ears to listen, is like having a cow, but unable to milk it.

  7. Miklos Banfi says:

    Let’s hope Gyula. let’s hope. But just because some air-heads on the top, does not necessarily mean that everybody is as mentally challanged. After all we are supposed to be a mentally superior nation, aren’t we? Just the threat is daunting unfortunately.

  8. András B. Göllner says:

    Richard:

    In Hungary you do not have rule of law but rule by law. If you pass an act that the constitutional court objects to, you simply pass another one that changes the constitution and then put your buddies on the bench in order to uphold the law, tighten the procedure. This is rule by law. The TEK is ruled by a law that enables it to ignore the human and civil rights of any citizen anywhere in the world.

  9. Andras,

    in the world? Out of 93 000 square km? How can they do that? Then TEK must employ foreign mercenaries. Once they run into the arms of the counter-intelligence they can choose; cooperate or die. But they don’t die. Than who rules by law, can it be still Orban? It’s getting bigger.
    That’s what I am keep on thinking. Who is at the top of the pyramid?
    The TEK with its own operational network? But who rules?
    I know we see this issue through different eyes but any time I put the pieces of the puzzle together there is one piece always standing out that just doesn’t fit anywhere. For me it is just Orban himself. Meanwhile, I understand the mechanism of rule as you described.

  10. I have just found confirmation of the 1.89 figure. What I saw is that the information office have been using their services since 2008 and SSNS – Ungheria, since 2009. The former pay 41,000/yr for maintenance, the latter 64,000. The former have spent a total of 885,000, the latter 1,011,000.

  11. András B. Göllner says:

    Richard

    TEK can engage in wire-tapping, hacking anywhere in the world. It has the equipment, the budget, the manpower and the authorization. It’s operatives can conduct covert operations anywhere outside the territory of Hungary – the organization does not have to get prior permission to do this from anyone, it has no formal reporting requirements or judicial overview of its covert operations. The TEK is as secretive as the KGB was under one-Party rule. What’s unusual with Orbán’s anti-Terrorist organization is, that it can and does target those who are not terrorists but law abiding democratic opponents of the Fidesz-Jobbik regime.

    • Andras,

      that’s right. Was very helpful as I saw a thing or two in a different way, but you’re right. You answered and told me everything I wanted to know. I understand every words. Thanks for making it clear.

Leave a Reply

Your email address will not be published. Required fields are marked *