Now on Demand: Zero Trust Strategies Summit - Access All Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Surveillance Software Firm Hacking Team Suffers Data Breach

Hacking Team, a controversial Italy-based company that develops and sells surveillance technology to governments worldwide, has been breached. The attackers have leaked hundreds of gigabytes of sensitive information allegedly obtained from the company’s systems.

Hacking Team, a controversial Italy-based company that develops and sells surveillance technology to governments worldwide, has been breached. The attackers have leaked hundreds of gigabytes of sensitive information allegedly obtained from the company’s systems.

Hacking Team offers lawful interception tools, which the company calls “offensive technology,” to law enforcement and intelligence agencies from all over the world. Officially, the spyware maker does not sell its products to countries that abuse human rights.

However, the company has been accused on several occasions by organizations like Citizen Lab of providing surveillance solutions to countries that don’t have a good record on democracy and human rights, including Sudan, Morocco, Ethiopia, and the United Arab Emirates. The emails and documents leaked now by an unknown group of hackers show that Hacking Team appears to be well aware that its solutions are used by oppressive regimes.

The breach came to light early on Monday when someone hijacked Hacking Team’s Twitter account and started publishing screenshots apparently representing emails sent and received by the company’s employees. The screenshots show emails regarding DNS issues suffered by Hacking Team in March 2014 due to its service provider, commentary on reports from Citizen Lab and other researchers, and communications related to human rights investigations.

One screenshot allegedly shows the screen of a member of Hacking Team’s network security staff whose computer was used to exfiltrate sensitive data from the company.

The attackers also published a torrent file containing 400GB of emails, files and source code allegedly taken from Hacking Team.

Some of the leaked emails show that the United Nations has been investigating the reported sale of Hacking Team’s surveillance tools to Sudan. The company denied any involvement with Sudan, but leaked emails seem to show otherwise.

Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), analyzed some of the leaked files and identified a document that apparently shows every one of Hacking Team’s customers and the revenue they have generated. The document reveals that Ethiopia paid $1 million for surveillance software, while the government of Chile signed the largest contract to date, worth $2.85 million.

Advertisement. Scroll to continue reading.

Hacking Team could not be reached for comment. The company’s Twitter account still appears to be controlled by the attackers at the time of publishing.

Hacking Team’s Christian Pozzi said on Twitter that the breach has been reported to law enforcement authorities and that the people responsible for the attack will be arrested. Pozzi also warned users that the torrent file leaked by the hackers contains a virus.

“A lot of what the attackers are claiming regarding our company is not true. Please stop spreading false lies about the services we offer,” Pozzi said. “We haven’t broken any laws. We simply provide custom software solutions tailored to our customers needs,” he added.

The Hacking Team representative says they are in the process of notifying all customers about the breach.

Pozzi’s Twitter account was also hijacked minutes before this article was published.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.