Like emails documenting Hacking Team employees actively pursuing notorious government agencies, including Bangladesh’s anti-terrorism unit RAB, known for torture and unlawful killing. A 400G torrent file soon followed, full of the company’s code and communications. Around 400GB of data has been uploaded to BitTorrent – a haul that includes directories, audio recordings, emails and source code. What came as a surprise was the company’s alleged links with repressive regimes, countries that have been at the receiving end for their despotic temper.
Advertisement
Hacking Team system and security engineer Christian Pozzi took to Twitter to refute the claims, after a list of his passwords was published along with the other data.
The leak highlights an extended debate within the USA on how to administer a global arms control compliance with a focus on exporting hacking tools. Information also leaked included invoices showing that the company had worked in countries that are ruled by repressive governments including Egypt, Russia, Saudi Arabia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.
In 2012, Hacking Team was named as one of the “corporate enemies of the internet” by Reporters Without Borders for providing surveillance tools to oppressive nations.
The attackers have not been afraid to rub a little salt in the wound.
The account biography for the Milan-based company now reads:
Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.
The client list, which includes past and present customers, contains the names of many government agencies and private companies including the Egyptian Ministry of Defence, the FBI and the Lebanon Army Forces.
Advertisement
A further tweet appeared to suggest that the company is shutting down, but it isn’t clearly whether that is genuine or just a reaction to the outpouring of company information into the public domain. Of course the definition of “ethical government” is up for debate – some might even call it an oxymoron – and it seems Hacking Team’s definition is even more loose than most. He then threatened security researchers for discussing his poorly chosen passwords on Twitter. It’s not clear how long it will take Hacking Team to regain control of its accounts, but Pozzi insisted that police are now investigating. “We are working with the police at the moment”, he wrote, but the tweets were subsequently deleted, as was his account.
