Leaked e-mails from the Italy-based computer and network surveillance company Hacking Team show that the company developed a piece of rugged hardware intended to attack computers and mobile devices via Wi-Fi. The capability, marketed as part of the company's Remote Control System Galileo, was shown off to defense companies at the International Defense Exposition and Conference (IDEX) in Abu Dhabi in February, and it drew attention from a major defense contractor. But like all such collaborations, it may have gotten caught up in the companies' legal departments.
In an e-mail summarizing a meeting in January, co-founder Marco Valleri outlined the roadmap for a number of Hacking Team's platforms, including its "Tactical Network Injector" or TNI. This piece of hardware was designed to insert malicious code into Wi-Fi network communications, potentially acting as a malicious access point to launch exploits or man-in-the-middle attacks. The bullet points included the creation of a "mini-TNI" tasked to Hacking Team employee Andrea Di Pasquale:
- Transportable by a drone (!)
The mini-TNI, marketed at IDEX as "Galileo," drew the attention of a representative from Insitu, a subsidiary of Boeing that builds small unmanned aircraft systems including the ScanEagle and RQ-21A "Blackjack" UASs used by the US Navy. In early April, Giuseppe Venneri—an Insitu intern and a graduate student at University of California, Irvine—was tasked with contacting Hacking Team's key account manager Emad Shehata, following up on a meeting at IDEX. "We see potential in integrating your Wi-Fi hacking capability into an airborne system and would be interested in starting a conversation with one of your engineers to go over, in more depth, the payload capabilities including the detailed size, weight, and power specs of your Galileo System," Venneri wrote.