The Twitter account for Italian surveillance software company Hacking Team had its name changed to “Hacked Team” last night. For the next several hours, it sent out screenshots of emails and documents implicating Hacking Team in all sorts of questionable behavior. A 400G torrent file soon followed, full of the company’s code and communications.
Hacking Team has become a prominent player in the world of surveillance software (a nice way to say “professional hacking tools”) due to their relatively low prices and willingness to sell to oppressive governments. Hacking Team has always denied these charges, but the massive document dump includes a customer wiki listing countries like Kazakhstan, Sudan, Russia, Saudi Arabia, Egypt, and Malaysia. Other customers listed include private companies and major banks, raising the ugly specter of corporations being directly involved in the spying game.
One batch of emails detailed plans to sell software to Nigeria through a third party to get around legal restrictions. Another lays out the company’s attempt to skirt a United Nations embargo by claiming software sold to Sudan was not “weaponized.” These are just some of the early revelations to come from the nearly half-terabyte of data mined from Hacking Team, which includes emails, documents, passwords, financial reports, and even source code for their flagship Remote Controlled System Galileo software.
As for who was behind the attack, Motherboard reports that a hacker known as “PhineasFisher” confirmed his involvement by posting a screenshot of their correspondence on the Hacking Team Twitter account. PhineasFisher is the same person behind last year’s FinFisher hack, where surveillance company Gamma International had a similar 40G dump released onto the internet. No motive was given, but this is the second takedown of a security company that works with oppressive government regimes, so you can draw your own inferences from that.