Hacking Team, an Italian company which specialises in helping governments and intelligence agencies spy on their citizens, has found itself hacked – and its internal emails and documents published on the net.
The first public clue that Hacking Team had a serious problem came when the firm’s Twitter account was compromised, and its name changed to “Hacked Team”.
An out-of-character tweet posted on the hacked account contained a link to what the attackers claimed was a 400 GB dump of the company’s internal files, source code and communications:
Since we have nothing to hide, we’re publishing all our e-mails, files and source code [LINK]
No one has yet claimed responsibility for the hack, but the company’s primary surveillance tool (known as Da Vinci), helped it earn a spot on an “Enemies of the Internet” list compiled by Reporters without Borders.
In short, this Milan-based company has no shortage of online enemies around the world.
Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.
Internal documents stolen by the hackers reveals the location of the company’s customers, including Australia, Azerbaijan, Bahrain, Chile, Colombia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, Germany, Honduras, Hungary, Italy, Kazakhstan, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Singapore, South Korea, Spain, Sudan, Switzerland, Thailand, UAE, United States, Uzbekistan, and Vietnam.
Furthermore, observers who have seen documents released by the hackers say that it includes passwords used by both Hacking Team staff and its customers. Sadly the passwords appear to prove that even those you would hope understand the importance of good password security still make very bad choices:
A YouTube video acts as an advertisement for Hacking Team’s services – although it’s questionable just how many intelligence agencies would want to use the services the firm now it has been so seriously breached.
The Hacking Team website, which does not appear to have been breached, currently says it is hiring new staff. However, you have to wonder if there will be much of a company left to join following the repercussions of this hack.
- Hacking Team hacked, attackers claim 400GB in dumped data – CSO Online
- Lesson #1 from the Hacking Team hack: Choose strong passwords
- Hacking Team tells government customers to stop using its spyware, following hack
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.