After scrubbing its Twitter account, Italy-based surveillance software company Hacking Team has confirmed that it was the victim of a hack that saw hundreds of gigabytes of the company's sensitive customer data, emails, and other documents leaked onto the internet.
Hackers on Monday uploaded a 400GB torrent file containing the sensitive documents, tweeted a link to the file using Hacking Team's own Twitter account, and also posted screenshots of internal company emails and secret deals with governments around the world.
"Since we have nothing to hide, we're publishing all our emails, files and source code," one of the now-deleted tweets said.
Hacking Team develops spyware and malware designed to infiltrate a variety of devices and platforms, and sells its services to governments and businesses worldwide.
The company claims that its DaVinci remote control system is able to break encryption on files, emails, and voice over IP.
The firm's spokesman, Eric Rabe, on Monday confirmed the embarrassing breach. In a written statement, he said the company was the victim of an "online attack".
"We believe documents have been stolen from the company," he said. "We are investigating to determine the extent of this attack, and specifically what has been taken."
The authenticity of the files uploaded had not been verified at the time of writing, and Hacking Team declined to comment on the authenticity. However, some of the billing records being shared online appeared to corroborate work by Citizen Lab, a research group at the Munk School of Global Affairs at the University of Toronto, which has linked Hacking Team to two dozen countries, including several with atrocious human rights records.
"Early reports ... appear to validate our research showing use by repressive regimes like Ethiopia and Sudan," Citizen Lab said in a statement.
"These reports point to the lack of transparency and accountability around the market for intrusion software. We think that a better understanding of this market is essential for a free and secure internet."
So far, only one client on Hacking Team's alleged client list appears to be from Australia: The Australian Federal Police (AFP) is noted down as an Australian client, spending €245,000 in two payments over 2009 and 2010 relating to five specific targets, according to the unverified document.
The Australian Federal Police refused to confirm whether it was a client.
"The AFP does not confirm or deny what may or may not form part of its operational or technical methodologies," a spokesperson told ZDNet.
The Milan-based company, which has just 40 employees, has been the subject of increased scrutiny after its malware was discovered targeting a series of journalists and activists. The company was named an enemy of the internet by Reporters Without Borders.