Hacking Team, an Italian company offering security and surveillance services, has apparently fallen victim to exactly the thing it promises protection from: security breaches.
Hacking Team’s services mainly consist of a variety of software that many governments around the world use in their surveillance programs. The company is known for being under harsh criticism from people and organizations accusing it to have facilitated privacy invasions.
During the past weekend, Hacking Team’s Twitter account experienced an unpleasant hacking that ended up in its name and profile picture being changed to “Hacked Team.” But that’s the least of the trouble the company got in; whoever is behind the Twitter takeover has also made public 400 GB of data in a torrent file.
The company information that became public knowledge ranged from emails and confidential documents to important source codes to the firm’s software. The files also contain the names of Hacking Team’s clients, including countries which used its services for oppressive regimes.
Among the invoices leaked via the hacked Twitter account, Egypt and Sudan make surprising appearances as customers of Hacking Team, releasing data on the providing surveillance equipment and the software allowing remote access to computers that these countries have purchased.
Ever since NSA became infamous for its invasive surveillance practices, Hacking Team has been in the news a lot. We have heard of them especially last year, after a secret document was released talking about the company’s various tools used to get around encryption and spy on people, in general.
Groups advocating for human rights have been particularly interested in the work of Hacking Team after finding out it was willing to make business with countries known for their abuse on human rights. Not only that, but the list of nations partnering with Hacking Team are also limiting freedom of speech by spying on journalists, and surveilling on people who oppose the government.
Even though the company’s Twitter account has since been recovered, the hackers weren’t afraid to rub some salt in the wound in the time they had control. They changed not only the security firm’s Twitter name, but also the description: “Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.”
Besides the leaked invoices, there was a lot of cache of data revealing clients’ passwords; surprisingly, plenty of them were variations of Passw0rd!, Passw0rd, or Pas$w0rd, showing how little interest some have in their own security.
Even though Christian Pozzi, spokesperson for Hacking Team, has tried to discourage people from downloading the torrent file, the company is in big trouble, considering the number of big governments that seem to be its customers.
Image Source: Motherboard Vice.com