Motherboard has reported that hacked spyware company Hacking Team is advising its law enforcement and government customers around the world to stop using its software.
Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said.
The Motherboard report has since been confirmed by Reuters, who spoke to Hacking Team spokesman Eric Rabe who said the company expects there “to be a relatively short suspension of service” while it determines whether specific operations by law enforcement agencies have been exposed by the leaking of 400 GB of the firm’s internal documents, source code, and email archives.
Hmm. I would expect that Hacking Team’s customers would be pretty livid about the hack, which has not only put the code for technology used to snoop upon people into the public domain, but also exposed the contracts that intelligence agencies have with Hacking Team to provide their services.
Furthermore, according to the Motherboard report, the leaked information could even prove who is spying on particular groups:
To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
“With access to this data it is possible to link a certain backdoor to a specific customer. Also there appears to be a backdoor in the way the anonymization proxies are managed that allows Hacking Team to shut them off independently from the customer and to retrieve the final IP address that they need to contact,” the source told Motherboard.
One imagines that even law enforcement agencies who haven’t used the services of Hacking Team will be taking a high level of interest in the hack, seeing as it appears to have exposed the Italian company providing spyware and surveillance technology to countries with particularly dodgy ruling regimes.
You also have to question which government agencies would feel comfortable working with Hacking Team in future, after it was revealed that the so-called security company had staff following spectacularly sloppy password practices.
And now, a word from Alanis Morissette:
- Hacking Team hacked – bad news for firm that helps governments spy on their citizens
- Lesson #1 from the Hacking Team hack: Choose strong passwords
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.
2 comments on “Hacking Team tells government customers to stop using its spyware, following hack”
Mr. Rabe (elsewhere) defends his company's activity by insisting that they only do work for "governments", as though that somehow absolves them of all moral responsibility for the harm their "clients" do.
It doesn't wash. Hacker Team whore themselves out to coercive states whose surveillance of their own citizens can only technically (but not morally) escape being labeled as criminal. Regimes that have the power to make any laws they want can justify any crimes they commit by simply legitimizing them. But just because something is locally legal that does not necessarily make it right.
And now, on top of the indefensibly vacant ethics of working for political tyrannies, the Hacker Team have added inexcusable incompetence to their list of qualifications. You'd think it might compel them to go and find honest work somewhere. But I wouldn't bet on it.
With a bit of luck it may be that this bunch of amoral jerks will crash and burn never to rise again' Whoever did the hack did us all a huge favour and I for one say THANKS guys & more power to your elbow