A group focused on counterintelligence and insider threats purchased the malware, according to a FOIA response.
Despite spending hundreds of thousands of dollars on equipment from controversial malware vendor Hacking Team, a section of the U.S. Army focused on counterintelligence never even used the tools.
The U.S. Army paid Cicom USA, the U.S. subsidiary of Hacking Team, $350,000 for the company’s “Remote Control System” (RCS) in 2011, according to publicly available contract records. Motherboard filed a Freedom of Information Act (FOIA) request with the U.S. Army for documents related to this contract, and one showed the purchase was specifically for the 902nd Military Intelligence Group.
“The 902nd Military Intelligence Group conducts proactive counterintelligence activities to detect, identify, assess, and counter, neutralize or exploit foreign intelligence entities and insider threats in order to protect Army and designated Department of Defense forces, information and technologies worldwide,” the U.S. Army website reads. The group is based at Fort Meade, Maryland.
Do you work in the lawful intercept industry? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
Depending on the version purchased, Hacking Team’s RCS is capable of remotely breaking into and exfiltrating data from mobile phones and computers.
A spokesperson for the U.S. Army Intelligence and Security Command (INSCOM) wrote in an emailed statement, “The 902nd Military Intelligence (MI) Group did not use the tools purchased through a contract with Cicom USA, LLC, in March 2011.”
“As I’m sure you are aware, many aspects of U.S. Army counterintelligence are not releasable to protect sensitive or classified information. We cannot respond to questions concerning its intended purpose or the reasons why it was eventually not used,” the statement added.
Motherboard has embedded the responsive documents below, and they are also available here.