Biter Bitten: The Hacking Team Hit by Breach

Uploaded on 2015-07-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

1436195222446585.png?crop=0.8649457538346428xw:1xh;*,*&resize=600:*&output-format=jpeg&output-quality=90

One of the most elusive spyware and malware providers to government agencies has been hit by hackers, who have turned over what appears to be most of, if not all, the company's corporate data.

After apparently taking over its Twitter account, the administrative innards of the Milan, Italy-based Hacking Team was left open for the world to download. Throughout Sunday evening, a series of further tweets pointed to a widespread attack of the company's systems, exposing some of its -- and the world's government's dealings -- open for public scrutiny.

Hackers, whose identities are not yet known, have posted a torrent file-sharing link of more than 400GB worth of the company's data -- including emails and financial data -- for download.
The files could not be independently verified as being authentic, nor is it clear how the attack was carried out or even when it occurred. (We reached out to Hacking Team but did not immediately hear back, which isn't surprising considering.)

The Italian company makes surveillance technology for governments and private industry, although names and companies have never been formally disclosed. The company which makes spyware and malware designed to infiltrate a number of platforms, both desktop and mobile, to assist in surveillance. Its products can turn over instant messages and text messages, phone calls, and other data, all while slipping past most antivirus products.

While it's no secret that the US, and UK, have been in cahoots in massive surveillance, how firms like Hacking Team have provided technological support more oppressive regimes has remained much of a mystery. 
In some of the documents seen, the company has provided sales to countries with poor records on human rights and civil liberties, such as Bahrain, Saudi Arabia, Sudan, Oman, Lebanon, and Egypt.

A tweet posted Sunday by Eva Galperin, global policy analyst at the Electronic Frontier Foundation, posted a list of countries said to be customers of the Italian company. On that list, countries include Morocco, Panama, and Mexico, but also allied nations, such as Australia, Germany, and the US. The company previously said it had not sold spyware and targeted surveillance malware to Sudan, but records leaked from the company's systems suggest otherwise. In one file first tweeted about, the company instructed the Sudanese government to pay €480,000 ($530,000) by wire transfer for "remote control" systems, used to access a subject's personal information.

That has caused headaches at the highest level in global government, some suggest. One document suggested the company had been "stonewalling" a one-year investigation by the United Nations into the company's sales with member state governments, according to Christopher Soghoian, principle technologist at the American Civil Liberties Union.
"Our software isn't a weapon, so we weren't prohibited from selling it to Sudan," he said in a tweet, paraphrasing a document he screenshotted and published.

Hacking Team was in 2012 named as one of the "corporate enemies of the internet" by Reporters Without Borders for its role in providing tools to oppressive nations. This isn't a story that's going away any time soon. 

ZD Net:

« BBC Forgotten List 'sets a precedent'
Trade Groups Protest US Block on Digital Imports »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Association of Slovakia (ITAS)

IT Association of Slovakia (ITAS)

ITAS is a professional association of domestic and foreign companies operating in the field of information and communication technologies

Monegasque Digital Security Agency (AMSN) - Monaco

Monegasque Digital Security Agency (AMSN) - Monaco

AMSN is the national authority in charge of the security of information systems in Monaco.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Cynterra

Cynterra

Cynterra is a next generation cloud cyber security and data analytical service provider offering cloud security compliance, data protection, visibility and threat protection services.

Argo Group

Argo Group

Argo is an international underwriter of specialty insurance. Argo Cyber offers a full spectrum of coverage solutions related to professional and technology services.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

Paradyn

Paradyn

Paradyn-managed security services can provide a holistic view of your business environment, no matter how simple or complex it is.

Bright Data

Bright Data

Bright Data Inc is the world’s #1 web data platform, enabling organizations to research, monitor, analyze data, and make better decisions.

InfoSec4TC

InfoSec4TC

InfoSec4tc is an online Information Security Courses, Training, and Consultancy provider.

Performance Technologies

Performance Technologies

As a leading IT Solutions Provider in Greece, Performance Technologies delivers reliable, long life solutions, ensuring continuous availability of business-critical services and information.

Censinet

Censinet

Censinet provides the first and only third-party risk management platform for healthcare organizations to manage the threats to patient care that exist within an expanding ecosystem.

Board of Cyber

Board of Cyber

Board of Cyber offers Security Rating: a fast, non-intrusive, continuous, 100% automated solution to evaluate the cyber performance of an organization.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

DACTA Global

DACTA Global

DACTA was established with the aim of simplifying the perception of complexity surrounding digital security challenges and solutions.

Robust Intelligence

Robust Intelligence

Robust Intelligence enables enterprises to secure their AI transformation with an automated solution to protect against security and safety threats.