Hacking Team hacked as tables turn on notorious surveillance company
Italian security and surveillance firm Hacking Team appears to have itself fallen victim to a security breach. Hacking Team produces software which is used by governments around the world as part of their surveillance programs. The company has been criticized for facilitating invasions of privacy, and, over the weekend, its Twitter feed was taken over, resulting in its name and profile picture being changed to read Hacked Team.
But this is far from being the end of the story. Whoever is responsible for the security breach also released a torrent file that provides access to 400GB of company data. Included in the cache are emails, source code, and confidential documents. The files reveal who the company has been dealing with including a number of countries known for their oppressive regimes.
Invoices leaked from the stash of documents via the hacked Twitter account show that Hacking Team provided services for countries such as Egypt and Sudan. This includes providing surveillance equipment as well as software for gaining remote access to computers. We've heard a lot about Hacking Team since the explosion of the NSA surveillance debacle. A secret manual published last year showed just how to use the company's various tools to spy on people, get around encryption.
Working through all of the documents that have been leaked since Sunday's breach, CSO reports that Hacking Team's list of customers includes:
Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, and UAE.
Hacking Team has gained the attention of human rights groups for its apparent willingness to work with countries engaged in human rights abuse, and those looking to spy on journalists, and people opposed to the government.
The attackers have not been afraid to rub a little salt in the wound. As well as the name change to Hacked Team, the security firm's description was also edited to read:
Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.
Control of the account has since been regained.
In addition to invoices, the leaked cache of data also reveals many of the passwords used by clients. With examples such as Passw0rd, Pas$w0rd, and Passw0rd!, it seems clear that security is not viewed with as much importance by all.
Hacking Team was very slow to respond to the attack. Eventually, Christian Pozzi from the company took to Twitter to hit out at the perpetrators. He also defended Hacking Team, suggesting that what was being posted by the attackers was not to be believed, and also tried to discourage people from downloading the data by suggesting that the torrent contained a virus. It's not clear how long it will take Hacking Team to regain control of its accounts, but Pozzi insisted that police are currently investigating. His Twitter account has subsequently been taken offline.
With the number of big governments that seem to be customers of Hacking Team, the fallout from this breach could be huge. As one Infosec associated puts it:
Bad day? Could be worse. It's now someone at @hackingteam's job to call up the Russian secret police and inform them there's been a breach
— Liam (@liamosaur) July 6, 2015