Hacking Team, the cybersecurity firm which saw 400GB of private data published on Sunday night in a humiliating hack, has been forced to advise customers to stop using its software while it assesses the damage caused by the leak.
Advertisement
The Italian company, which sells surveillance tools to government and law enforcement agencies, was hacked over the weekend.
One tweet by the hackers that is written as if it were posted by Hacking Team reads: “Since we have nothing to hide, we’re publishing all our e-mails, files, and source code, followed by a link”.
Confirmation of the breach came via the Twitter account of Hacking Team engineer Christian Pozzi. Hacking Team refuses to publicly confirm the identity of its clients, citing confidentiality; however, leaked documents list its clients as including government security agencies in several African and Middle Eastern countries with poor human rights records. Hacking Team had denied ever working with Sudan after a report in 2014 accused it of doing so.
As yet those who cracked Hacking Team are unknown, and the company itself hasn’t produced any statement.
Phineas Fisher had previously hacked Gamma global, a British-German surveillance company that’s behind the spyware software FinFisher. Hacking Team’s previous and current clients include the United States Federal Bureau of Investigation, Lebanon Army Forces and the Egyptian Ministry of Defense.
According to Citizen Lab, a Canadian think tank, Hacking Team’s software has been used to target the Shia minority in Saudi Arabia and journalists critical of the government in Ethiopia, from where dozens of journalists have fled in the past decade due to “threats and intimidation”.
Hacking Team produces software which is used by governments around the world as part of their surveillance programs.
Based on a service maintenance list shared by Twitter user @SynAckPwn, it indicated that contracts with Sudan’s National Intelligence Security Service and Russia’s Intelligence Kvant Research were in place, but this was not officially supported. That lines up with previous reporting by Motherboard that appeared to show the company using shell companies to sell its products to the the Drug Enforcement Administration.
Advertisement
However, a second document, an invoice for 480,000 euros to the same security service, calls into question repeated denials by the Hacking Team that it has ever done business with Sudan, which is subject to heavy trade restrictions.
