Biter Bitten: The Hacking Team Hit by Breach

1436195222446585.png?crop=0.8649457538346428xw:1xh;*,*&resize=600:*&output-format=jpeg&output-quality=90

One of the most elusive spyware and malware providers to government agencies has been hit by hackers, who have turned over what appears to be most of, if not all, the company's corporate data.

After apparently taking over its Twitter account, the administrative innards of the Milan, Italy-based Hacking Team was left open for the world to download. Throughout Sunday evening, a series of further tweets pointed to a widespread attack of the company's systems, exposing some of its -- and the world's government's dealings -- open for public scrutiny.

Hackers, whose identities are not yet known, have posted a torrent file-sharing link of more than 400GB worth of the company's data -- including emails and financial data -- for download.
The files could not be independently verified as being authentic, nor is it clear how the attack was carried out or even when it occurred. (We reached out to Hacking Team but did not immediately hear back, which isn't surprising considering.)

The Italian company makes surveillance technology for governments and private industry, although names and companies have never been formally disclosed. The company which makes spyware and malware designed to infiltrate a number of platforms, both desktop and mobile, to assist in surveillance. Its products can turn over instant messages and text messages, phone calls, and other data, all while slipping past most antivirus products.

While it's no secret that the US, and UK, have been in cahoots in massive surveillance, how firms like Hacking Team have provided technological support more oppressive regimes has remained much of a mystery. 
In some of the documents seen, the company has provided sales to countries with poor records on human rights and civil liberties, such as Bahrain, Saudi Arabia, Sudan, Oman, Lebanon, and Egypt.

A tweet posted Sunday by Eva Galperin, global policy analyst at the Electronic Frontier Foundation, posted a list of countries said to be customers of the Italian company. On that list, countries include Morocco, Panama, and Mexico, but also allied nations, such as Australia, Germany, and the US. The company previously said it had not sold spyware and targeted surveillance malware to Sudan, but records leaked from the company's systems suggest otherwise. In one file first tweeted about, the company instructed the Sudanese government to pay €480,000 ($530,000) by wire transfer for "remote control" systems, used to access a subject's personal information.

That has caused headaches at the highest level in global government, some suggest. One document suggested the company had been "stonewalling" a one-year investigation by the United Nations into the company's sales with member state governments, according to Christopher Soghoian, principle technologist at the American Civil Liberties Union.
"Our software isn't a weapon, so we weren't prohibited from selling it to Sudan," he said in a tweet, paraphrasing a document he screenshotted and published.

Hacking Team was in 2012 named as one of the "corporate enemies of the internet" by Reporters Without Borders for its role in providing tools to oppressive nations. This isn't a story that's going away any time soon. 

ZD Net:

« BBC Forgotten List 'sets a precedent'
Trade Groups Protest US Block on Digital Imports »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Contrast Security

Contrast Security

Contrast Security is the leader in modernized application security, embedding code analysis and attack prevention directly into software.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

CERTuy

CERTuy

CERTuy is the national Computer Emergency Response Team for Uruguay.

KZ-CERT

KZ-CERT

KZ-CERT is the national Computer Emergency Response Team for Kazakhstan.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Padlock

Padlock

Padlock is a trusted platform with an intimate knowledge of the cybersecurity industry that connects businesses with freelance professionals

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

SIA Group

SIA Group

SIA Group, an Indra company, combines Consulting, Systems Integration and Managed Services in four specialized business areas: Information Security, Storage, IT Management and IT Mobility.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

PeoplActive

PeoplActive

PeoplActive is an IT consulting and recruitment services organization with leading capabilities in digital, cloud and security.

MAUSHIELD

MAUSHIELD

MAUSHIELD is the national platform for sharing cyber threat information and intelligence that can help organisations to improve their cybersecurity posture, minimize risks and prevent cyber-attacks.

Kong

Kong

Kong - powering the API world. Increase developer productivity, security, and performance at scale with the unified platform for API management, service mesh, and ingress controller.

ABPGroup

ABPGroup

ABPGroup is Asia’s leading cybersecurity technology provider focusing on providing best-of-breed solutions that address today’s pressing challenges.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

PureSoftware

PureSoftware

PureSoftware is a global software products and digital services company that is driving transformation for the world’s top organizations across various industry verticals.