Add Luxembourg to the list of governments now facing questions from the press and citizenry about its use of Hacking Team products. The Luxemburger Wort reports:
…. However, while the documents made available online by hackers showed the Luxembourg tax authority as a customer, Bettel said that it was the secret service that had made the purchase under the previous government.
Documents obtained by the “Luxemburger Wort” list a Remote Control System with the name Falcon, bought for 190,000 euros, with annual maintenance bills of 38,000 euros. The latest bill was for the period from June 1, 2014 until the end of May this year.
Contacted by the “Luxemburger Wort”, the Prime Minister’s office said that the tool was still being used by the SREL, but not “permanently” and only in selected and individual cases.
They’re probably not too happy that Hacking Team reportedly did not contact them to notify them about the hack and data leak:
The Luxembourg secret service has contacted Hacking Team after the company failed to inform the government about the hacker attack and the subsequent data leaks.
The government did not comment on the possibility to claim damages.
Read more on Luxemburger Wort. A Hacking Team spokesperson had said that the firm had sent out a blast to all customers advising them to stop using their products, so it’s not clear to me what the secret service is claiming about the lack of notification. Did the Hacking Team notify them or did they notify the tax authority, which they show as their client?
And what does it mean that the RCS “Falcon” system records leaked online indicated it was purchased by the tax authority when it was being used by the secret service? Did Hacking Team know that about that use? Did they vet that use as per their ethics policy?