A company renowned for providing surveillance software that helps governments hack digital devices and snoop on citizens’ online activities has been hacked.
Based out of Milan, Italy, Hacking Team has been known for a while, but it hit the headlines last year after security experts revealed the extent to which its software gives law enforcement and intelligence agencies remote access to mobile operating systems. It lets them access texts, phone calls, location data, and other forms of digital communications. It can even enable agencies to capture screenshots of a user’s search history. “In essence, it is malware sold to governments,” noted Citizen Lab, one of the organizations that detailed the extent of the activities last year.
Through the night, however, details emerged of how Hacking Team itself had been infiltrated. The mystery hackers published 400GB of “internal documents, source code, and email communications to the public at large,” reported CSO, a security-focused publication. Hacking Team’s Twitter account was also compromised, with a link to the torrent file posted in a tweet. This tweet has now been deleted and the Hacking Team website is offline.
Details contained within the leaked cache suggest that Hacking Team provided its software to a number of countries that could cause controversy.
Despite previously claiming it hadn’t provided tools to Sudan — in response to a 2014 Citizen Lab report that claimed it had, a maintenance list obtained by the hackers suggests that it does, in fact, work with Sudan. However, alongside Russia, Sudan is tagged as “Not officially supported.”
An accompanying invoice for €480,000 seems to support suggestions that what Hacking Team stated publicly doesn’t tally with what’s going on behind the scenes. And given that Sudan has certain trading restrictions imposed by the European Union (E.U.), this could lead to problems for the company.
Interestingly, three U.S. agencies appear on the company’s maintenance list — the Department of Defense (no longer active), the Drug Enforcement Agency, and the FBI.
While much of the content of the leaks may not be all that surprising given what we already knew about the company, it still gives an interesting insight into a controversial company.
Reporters Without Borders previously added Hacking Team to its Enemies of the Internet Index, and at a time when placing restrictions on government snooping powers is seemingly never out the headlines, this latest leak could help fuel anti-surveillance sentiment. If nothing else, it could prove a serious blow for Hacking Team — will governments around the world wish to work with a company that has been breached in such a way?
Meanwhile, check out this commercial for Hacking Team for a better idea of how the company sells itself.
Update, July 7, 2015: Hacking Team has issued the following statement:
“Hacking Team has been the victim of an online attack, and documents have been stolen from the company. We are investigating to determine the extent of this attack and specifically what has been taken. We are working with several appropriate law enforcement to determine who is responsible. Various documents attributed to our company and employees are being provided to the news media and may be published on line.
We do not disclose the names or locations of our clients and will continue to abide by this policy and our contracts which include a confidentiality clause. We cannot comment on the validity of documents purportedly from our company. However, interpreting even valid documents without complete picture of why they were created or how they were used can easily lead to misunderstandings and even false conclusions.
We are continuing our investigation.”