Hacking Team breach: A 400GB corporate data dump and online mockery

The wholesale sacking of the spyware firm's systems was bad enough before employees underwent a public meltdown. [UPDATE]

screen-shot-2015-07-06-at-12-10-58.png

Twitter has spent the last 12 hours mockingly asking if Hacking Team was awake yet, but the firm's massive data breach reveals a more serious side to the PR disaster -- deals allegedly between Hacking Team and oppressive governments.

Over the weekend, the secretive Hacking Team security firm was the victim of a cyberattack which ripped the company's corporate secrets apart and exposed the malware provider's email communications to the eyes of the Internet.

Milan, Italy-based Hacking Team is known for the creation of surveillance solutions for government agencies. Predictably, considering the client base, Hacking Team's dealings have rarely been formerly disclosed, leaving the security industry to wonder who customers are and what spy tools are floating around cyberspace -- and for what purposes.

Founded in 2003, Hacking Team's spy tools range from standard PCs and networks to mobile, and are well-known for circumventing antivirus products available to the mass market. In 2012, Reporters without Borders labelled the company as an "enemy of the Internet" due to one tool in particular, the DaVinci remote control system.

Hacking Team claims the tool is able to break encryption on emails, files and Internet telephone protocols, allowing clients to spy on users and their communications without limitations.

If you're interested in seeing how Hacking Team markets itself and convinces clients how "to overcome encryption and capture relevant data," the video below touts DaVinci, the "hacking suite for governmental interception."

For the full story from the beginning, check out our previous coverage: Hacking Team hit by breach; leak suggests it sold spyware to oppressive regimes

The idea of this secretive firm releasing sophisticated hacking tools for use on unsuspecting targets is enough to make anyone uncomfortable -- but hackers have taken their displeasure further.

Over the weekend, hackers who remain unnamed posted a .torrent file linking to over 400GB of company data belonging to Hacking Team. The file, which contains emails, client lists, revenue reports, client history and marketing materials -- just to name some of the most interesting aspects -- appears to show Hacking Team has a healthy client list worldwide.

According to the data -- which has not been independently verified at the time of writing -- Hacking Team counts customers in countries including Italy, the US, Spain, Singapore, Malaysia, Saudi Arabia, Mexico, Luxembourg, Egypt, Oman, Panama, Turkey, the UAE, Nigeria, Ethiopia, Poland, Thailand, Denmark and Israel, among others.

The customer client list, past and present, includes a vast list of government agencies and private companies. To name but a few, the documents indicate Barclays, the Egyptian MOD, the FBI, the Lebanon Army Forces and a multitude of intelligence agencies worldwide are past or current customers.

See also: Team GhostShell: Back with a bang and after your data

However, the story has not ended there. Hacking Team's Twitter account was also taken over by the cyberattackers before the company wrestled control back at approximately 11.30 GMT on Monday morning.

Hacking Team attempted to douse the fire by removing messages, screenshots of stolen data and mockery levied against the surveillance company -- but the account was compromised long enough for Twitter to take notice.

screen-shot-2015-07-06-at-11-36-33.png

Hacking Team has always maintained it does not do business with oppressive governments and those which may use their tools to abuse human rights. However, some of the leaked documents suggest otherwise. A service maintenance list indicates that a contract with Sudan's National Intelligence Security Service, valued at 480,000 euros, is in place but "not officially supported." Interestingly, a contract with Russia's Intelligence Kvant Research has also been assigned the same note.

ZDNet has reached out to Hacking Team but no comment has been forthcoming. However, Hacking Team system and security engineer, Christian Pozzi, took to Twitter to refute claims made by the cyberattackers.

The Twitter account has been deleted, but a cache version containing his comments can be accessed:

screen-shot-2015-07-06-at-11-55-52.png

While at first calm, Pozzi's tweets became increasingly frantic. The employee said Hacking Team was currently "in the process" of notifying its customers of the data breach, and also claimed "false info" was being spread about the company.

screen-shot-2015-07-06-at-11-56-58.png

It is reasonable to assume the claim of a virus was made in a damage limitation attempt, considering the file is clean -- as said by one skeptical security researcher:

screen-shot-2015-07-06-at-12-26-55.png

In addition, Pozzi took to Twitter to rage over a security professional from Carbon Dynamics, Dan Tentler, mocking his poor choice of passwords for online accounts -- most of them simply being "passw0rd" which is somewhat ironic considering his field -- and threatened to have him sent to jail if he continued.

UPDATE 14.09 GMT: The Hacking Team website is offline. It is not known whether this is due to an extension of the cyberattack or the company itself taking such an action to avoid further problems -- or the heat of the media.

15.07 GMT: The company's surveillance solution code appears to have found itself way onto GitHub.

ZDNet has reached out to companies involved and will update if we hear back. More on this story as it develops.

Read on: Top picks

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All