Share

Government surveillance software firm Hacking Team hit by hack and data leak

The Verge reported in 2013 that Hacking Team made a major push to lure U.S.-based clients, and according to this list, the Federal Bureau of Investigation and Drug Enforcement Agency had engaged Hacking Team’s services at one point.

Advertisement

But this is far from being the end of the story.

Data leaked onto Pastebin yesterday appeared to show the full list of current and ex- customers at Hacking Team. This puts the agencies or governments using the software at risk, if the source code contains vulnerabilities.

Some of the services of the company include providing zero-day exploits with the surveillance software.

Hacking Team, an Italian maker of surveillance software, was allegedly breached on Sunday. European Union law enforces the UN arms embargo on Sudan, which means that if Hacking Team has indeed done business with nation’s government, it could be in serious trouble.

Other customers on the list were intelligence and policing bodies from Australia, Azerbaijan, Bahrain, Chile, Columbia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, Honduras, Hungary, Luxembourg, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Spain, South Korea, Sudan, Thailand, Tunisia, Turkey, the UAE and Uzbekistan.

The documents appear to confirm earlier accusations by critics that Hacking Team was dealing with various governments, many of which have questionable human rights records.

The attackers have not been afraid to rub a little salt in the wound.

The firm’s bio on Twitter has also been changed to read: ‘Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.’.

Control of the account has since been regained.

Following the breach, Hacking Team member Christian Pozzi took to Twitter to defend the company, stating: “A lot of what the attackers are claiming regarding our company is not true”.

Another screenshot from the Hacking Team leak. Civil rights groups have repeatedly expressed concern about Hacking Team’s software falling into the hands of oppressive governments, something the firm has stated it takes measures to avoid. Multiple emails to that address and others given on the firm’s website were returned as undeliverable, and on a follow-up call, Hacking Team again declined to comment and directed the paper to the broken email address.

Hacking Team’s Twitter page was still under the control of the hackers at the time of publication.

Advertisement

In addition, Pozzi took to Twitter to rage over a security professional from Carbon Dynamics, Dan Tentler, mocking his poor choice of passwords for online accounts – majority simply being “passw0rd” which is somewhat ironic considering his field – and threatened to have him sent to jail if he continued.

Hacker with laptop