The two Malaysian agencies are listed as clients in the 415GB data leaked by unidentified hackers that broke into Hacking Team’s servers. The hackers also compromised Hacking Team’s Twitter account which they used to publish some of the information.
PMO is listed as still having an active account since it acquired the service in March last year while MACC’s account expired in January last year. The “Malaysian Intelligene” is also listed as active since it signed up in December 2014.
Over 30 other nations are listed, including Singapore and its Infocomm Development Agency which is presumably the Infocomm Development Authority which spearhead’s the country’s IT & telecommunications developments. The United States’ FBI is also on the list.
Hacking Team describes its lawful interception products as “offensive technology” but privacy groups such as Privacy International have condemned the use of such tools.
One of Hacking Team’s tools is the Da Vinci remote control system which allows the victim’s data to be captured, including e-mail messages, passwords, instant messaging chats and even Skype calls. It can also activate the infected machine’s webcam and microphone to record the user’s activity.
We are awaiting comments from the MCMC, and have also contacted national cybersecurity specialist agency CyberSecurity Malaysia.