Biter Bitten: The Hacking Team Hit by Breach

1436195222446585.png?crop=0.8649457538346428xw:1xh;*,*&resize=600:*&output-format=jpeg&output-quality=90

One of the most elusive spyware and malware providers to government agencies has been hit by hackers, who have turned over what appears to be most of, if not all, the company's corporate data.

After apparently taking over its Twitter account, the administrative innards of the Milan, Italy-based Hacking Team was left open for the world to download. Throughout Sunday evening, a series of further tweets pointed to a widespread attack of the company's systems, exposing some of its -- and the world's government's dealings -- open for public scrutiny.

Hackers, whose identities are not yet known, have posted a torrent file-sharing link of more than 400GB worth of the company's data -- including emails and financial data -- for download.
The files could not be independently verified as being authentic, nor is it clear how the attack was carried out or even when it occurred. (We reached out to Hacking Team but did not immediately hear back, which isn't surprising considering.)

The Italian company makes surveillance technology for governments and private industry, although names and companies have never been formally disclosed. The company which makes spyware and malware designed to infiltrate a number of platforms, both desktop and mobile, to assist in surveillance. Its products can turn over instant messages and text messages, phone calls, and other data, all while slipping past most antivirus products.

While it's no secret that the US, and UK, have been in cahoots in massive surveillance, how firms like Hacking Team have provided technological support more oppressive regimes has remained much of a mystery. 
In some of the documents seen, the company has provided sales to countries with poor records on human rights and civil liberties, such as Bahrain, Saudi Arabia, Sudan, Oman, Lebanon, and Egypt.

A tweet posted Sunday by Eva Galperin, global policy analyst at the Electronic Frontier Foundation, posted a list of countries said to be customers of the Italian company. On that list, countries include Morocco, Panama, and Mexico, but also allied nations, such as Australia, Germany, and the US. The company previously said it had not sold spyware and targeted surveillance malware to Sudan, but records leaked from the company's systems suggest otherwise. In one file first tweeted about, the company instructed the Sudanese government to pay €480,000 ($530,000) by wire transfer for "remote control" systems, used to access a subject's personal information.

That has caused headaches at the highest level in global government, some suggest. One document suggested the company had been "stonewalling" a one-year investigation by the United Nations into the company's sales with member state governments, according to Christopher Soghoian, principle technologist at the American Civil Liberties Union.
"Our software isn't a weapon, so we weren't prohibited from selling it to Sudan," he said in a tweet, paraphrasing a document he screenshotted and published.

Hacking Team was in 2012 named as one of the "corporate enemies of the internet" by Reporters Without Borders for its role in providing tools to oppressive nations. This isn't a story that's going away any time soon. 

ZD Net:

« BBC Forgotten List 'sets a precedent'
Trade Groups Protest US Block on Digital Imports »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

AhnLab

AhnLab

AhnLab provides a range of information security solutions including network security, endpoint security, antivirus and consulting services.

European Organisation for Security (EOS)

European Organisation for Security (EOS)

EOS represents all domains of security solutions and services.providers including ICT information and communications technologies.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

SecureMetric Technology

SecureMetric Technology

SecureMetric is one of SE Asia’s leading players in the field of digital security with a focus on Software Licensing Protection, 2-Factor Authentication, Advanced Identity and Access Management, Publi

SEWORKS

SEWORKS

SEWORKS provides offensive and defensive app security that ensures mobile and web apps are safe from dangerous hacking threats.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Governikus

Governikus

Governikus provides solutions for secure data transport, authentication, the use of electronic signatures and cryptography as well as for long-term storage.

InFyra

InFyra

InFyra is an IoT & Telecoms specialist consultancy, with extensive global and local experience in business and technology strategy, networks and solutions development.

Energia Ventures

Energia Ventures

Energia Ventures is a three-month intensive accelerator for entrepreneurs with an innovative business in the energy, smart grid, cleantech, and cybersecurity sectors.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

Drumz

Drumz

Drumz plc is an investment company whose investing policy is to invest principally but not exclusively in the technology sector within Europe.

Mayer Brown

Mayer Brown

Mayer Brown is a global law firm. We have deep experience in high-stakes litigation and complex transactions across industry sectors including the global financial services industry.

Hawk AI

Hawk AI

Hawk AI’s mission is to help financial institutions detect financial crime more effectively and efficiently using AI to enhance rules and find anomalies.

Ipseity Security

Ipseity Security

Ipseity Security provide security-centric advisory and consulting services for organizations to secure their perimeter-less digital transformation to meet business and security requirements.