Hacking Team hit by breach; leak suggests it sold spyware to oppressive regimes

The elusive Italian spyware and hacking tool provider -- particularly for law enforcement -- had its corporate insides revealed over the weekend.
Written by Zack Whittaker, Contributor
About 400GB worth of data was stolen by hackers
(Image: ZDNet/CBS Interactive)

Even hackers can get hacked.

One of the most elusive spyware and malware providers to government agencies has been hit by hackers who have turned over what appears to be most of, if not all of the company's corporate data.

After apparently taking over its Twitter account, the administrative innards of the Milan, Italy-based Hacking Team was left open for the world to download. Throughout Sunday evening, a series of further tweets pointed to a widespread attack of the company's systems, exposing some of its -- and the world's government's dealings -- open for public scrutiny.

Hackers, whose identities are not yet known, have posted a torrent file-sharing link of more than 400GB worth of the company's data -- including emails and financial data -- for download.

The files could not be independently verified as being authentic, nor is it clear how the attack was carried out or even when it occurred. (We reached out to Hacking Team but did not immediately hear back, which isn't surprising considering.)

The Italian company makes surveillance technology for governments and private industry, although names and companies have never been formally disclosed. The company which makes spyware and malware designed to infiltrate a number of platforms, both desktop and mobile, to assist in surveillance. Its products can turn over instant messages and text messages, phone calls, and other data, all while slipping past most antivirus products.

But exactly who gets those tools remained much of a mystery.

While it's no secret that the US and UK have been in cahoots in massive surveillance, how firms like Hacking Team have provided technological support more oppressive regimes has remained much of a mystery. (The US Drug Enforcement Administration reportedly bought spyware products from the company as early as 2012, according to Motherboard.)

In some of the documents seen, the company has provided sales to countries with poor records on human rights and civil liberties, such as Bahrain, Saudi Arabia, Sudan, Oman, Lebanon, and Egypt.

A tweet posted Sunday by Eva Galperin, global policy analyst at the Electronic Frontier Foundation, posted a list of countries said to be customers of the Italian company. On that list, countries include Morocco, Panama, and Mexico, but also allied nations, such as Australia, Germany, and the US.

The company previously said it had not sold spyware and targeted surveillance malware to Sudan, but records leaked from the company's systems suggest otherwise.

In one file first tweeted about, the company instructed the Sudanese government to pay €480,000 ($530,000) by wire transfer for "remote control" systems, used to access a subject's personal information.

That has caused headaches at the highest level in global government, some suggest. One document suggested the company had been "stonewalling" a one-year investigation by the United Nations into the company's sales with member state governments, according to Christopher Soghoian, principle technologist at the American Civil Liberties Union.

"Our software isn't a weapon, so we weren't prohibited from selling it to Sudan," he said in a tweet, paraphrasing a document he screenshotted and published.

Hacking Team was in 2012 named as one of the "corporate enemies of the internet" by Reporters Without Borders for its role in providing tools to oppressive nations.

This isn't a story that's going away any time soon. We'll have more over the coming hours, and days.

Editorial standards