Biter Bitten: The Hacking Team Hit by Breach

Uploaded on 2015-07-08 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

1436195222446585.png?crop=0.8649457538346428xw:1xh;*,*&resize=600:*&output-format=jpeg&output-quality=90

One of the most elusive spyware and malware providers to government agencies has been hit by hackers, who have turned over what appears to be most of, if not all, the company's corporate data.

After apparently taking over its Twitter account, the administrative innards of the Milan, Italy-based Hacking Team was left open for the world to download. Throughout Sunday evening, a series of further tweets pointed to a widespread attack of the company's systems, exposing some of its -- and the world's government's dealings -- open for public scrutiny.

Hackers, whose identities are not yet known, have posted a torrent file-sharing link of more than 400GB worth of the company's data -- including emails and financial data -- for download.
The files could not be independently verified as being authentic, nor is it clear how the attack was carried out or even when it occurred. (We reached out to Hacking Team but did not immediately hear back, which isn't surprising considering.)

The Italian company makes surveillance technology for governments and private industry, although names and companies have never been formally disclosed. The company which makes spyware and malware designed to infiltrate a number of platforms, both desktop and mobile, to assist in surveillance. Its products can turn over instant messages and text messages, phone calls, and other data, all while slipping past most antivirus products.

While it's no secret that the US, and UK, have been in cahoots in massive surveillance, how firms like Hacking Team have provided technological support more oppressive regimes has remained much of a mystery. 
In some of the documents seen, the company has provided sales to countries with poor records on human rights and civil liberties, such as Bahrain, Saudi Arabia, Sudan, Oman, Lebanon, and Egypt.

A tweet posted Sunday by Eva Galperin, global policy analyst at the Electronic Frontier Foundation, posted a list of countries said to be customers of the Italian company. On that list, countries include Morocco, Panama, and Mexico, but also allied nations, such as Australia, Germany, and the US. The company previously said it had not sold spyware and targeted surveillance malware to Sudan, but records leaked from the company's systems suggest otherwise. In one file first tweeted about, the company instructed the Sudanese government to pay €480,000 ($530,000) by wire transfer for "remote control" systems, used to access a subject's personal information.

That has caused headaches at the highest level in global government, some suggest. One document suggested the company had been "stonewalling" a one-year investigation by the United Nations into the company's sales with member state governments, according to Christopher Soghoian, principle technologist at the American Civil Liberties Union.
"Our software isn't a weapon, so we weren't prohibited from selling it to Sudan," he said in a tweet, paraphrasing a document he screenshotted and published.

Hacking Team was in 2012 named as one of the "corporate enemies of the internet" by Reporters Without Borders for its role in providing tools to oppressive nations. This isn't a story that's going away any time soon. 

ZD Net:

« BBC Forgotten List 'sets a precedent'
Trade Groups Protest US Block on Digital Imports »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

BEAM Teknoloji

BEAM Teknoloji

BEAM Technology is an independent Software Quality and Security Testing Center in Turkey.

Bio-Morphis

Bio-Morphis

Bio-Morphis Reflex solution is a paradigm shift in the approach to information systems security.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Police Digital Security Centre (PDSC)

Police Digital Security Centre (PDSC)

PDSC is a not-for-profit organisation, owned by the police, that works across the UK in partnership with industry, government, academia and law enforcement.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Plante Moran

Plante Moran

Plante Moran is a leading audit, tax, consulting, and wealth management firm. Areas of consulting expertise include cybersecurity.

FourNet

FourNet

FourNet is an award-winning provider of cloud and managed services; we work closely with our clients to enable digital transformation across their organisation.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

Corinium Global Intelligence

Corinium Global Intelligence

At Corinium, we have been bringing together the brightest minds in data, AI and info sec since 2013, to innovate at the intersection of technological advancements and critical thinking.

Oxygen Technologies

Oxygen Technologies

Oxygen Technologies is a business systems strategy and integration company offering a variety of solutions to give our clients ways to work smarter not harder.

Attestiv

Attestiv

Attestiv puts authenticity into photos, videos and documents by utilizing advanced technologies in AI and tamper-proofing.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.

Mitra Informatics Integration (MII)

Mitra Informatics Integration (MII)

Mitra Informatics Integration is the information communication technology solution business of the Metrodata Group.