Hacking Team, the controversial Italian cyber security company that provides surveillance software to law enforcement agencies and governments around the world, has been hacked. 400 GB of documents have been posted online via the company’s Twitter account, which was renamed “Hacked Team” by the perpetrators. These documents include source code, employee passwords, and internal documents and email archives that apparently reveal the identity of some of the company’s clients – some of which are oppressive regimes.
Company spokesman Eric Rabe confirmed the breach, telling Reuters that “law enforcement will investigate the illegal taking of proprietary company property.”
He also acknowledged that the company had recommended that its clients suspend their use of Hacking Team’s software until it could be determined whether specific law enforcement operations have been exposed by the incident.
“We would expect this to be a relatively short suspension of service,” Rabe told Reuters.
According to the leaked documents, Hacking Team’s active customers include the governments and security services of Chile, Colombia, Ecuador, Egypt, Ethiopia, Honduras, Kazakhstan, Malaysia, Mexico, Mongolia, Morocco, Oman, Saudi Arabia, Singapore, South Korea, Turkey, the United Arab Emirates, the United States and Uzbekistan. Russia and Sudan were flagged as “Not officially supported”.
Motherboard, which reports that Hacking Team is “scrambling to limit the damage” following the “massive hack”, notes that an informed source told it that “none of the sensitive files in the data dump, from employees passports to list of customers, appear to be encrypted.”
“To make matters worse,” Motherboard continues, “every copy of Hacking Team’s Galileo software is watermarked… which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.”
Seems likely that a fair few people will be interested, then.
Subscribe to our Daily Sentinel for updates on this story, and all the latest cyber security news.