Spyware Maker ‘Hacking Team’ Gets Hacked, 400GB Data Leaked

In deliciously ironic news, Italian surveillance group ‘Hacking Team’ has fallen prey to an anti-surveillance hacker.

The company has been accused of selling a spyware product known as Remote Controlled System Galileo to governments across the globe, including agencies in Ethiopia, Morocco, the United Arab Emirates, and the US Drug Enforcement Administration. Documents also indicate the FBI has spent $775,000 on the company’s spy tools in 4 years.

Hacker Team’s spy tools were used by governments to target human rights activists and journalists

A number of the aforementioned government agencies are known for their questionable human rights records, and have been found to use Hacking Team’s spyware against both human rights activists and journalists. Once installed on a target device, the software can be used to monitor the user’s communications, including phone calls, text messages, Skype calls, or emails.

The hacker, who go by the name of “PhineasFisher”, appears to have a grudge against all sorts of surveillance programs. Around a year before this incident, he was also involved in the sabotage of a British-German surveillance tech company called Gamma International, which sells a similar spyware software known as FinFisher.

The singular hacker actually announced the hack through the company’s own social media accounts

As much as 400GB of internal files have been retrieved and leaked through their latest hack, with a source claiming that the file names and folders indicate a significant compromise of Hacking Team’s confidential information. The leaked information includes client files, contracts, financial documents, internal emails between employees, and allegedly also the source code of Hacking Team’s software, all of which are publicly available for download.

Interestingly, the hacker indirectly announced their feat through Hacking Team’s own Twitter account, posing as the surveillance company in their tweets. He went on to tweet a number of samples of internal emails from the company. Furthermore, a list of alleged Hacking Team customers was posted on Pastebin, which includes several previously unknown clients from around the world.

Eric King, the deputy director of Privacy International said:

These are the equivalents of the Edward Snowden leaks for the surveillance industry. There are few countries Hacking Team aren’t willing to sell to. There are few lines they aren’t willing to cross.

Hacking Team’s spokesperson has declined to comment on the legitimacy of the hack, neither confirming nor denying it. The company did however say that the torrent file containing the data had a virus. In response, a security researcher tweeted: “No, the torrent contains all of your viruses, which you sell, and which will get patched.”

It seems to be a field day for security researchers who have already found invoices to government spy agencies, new exploits for everything from Adobe (a new 0-day exploit was just disclosed) to Microsoft and the proof for all the accusations leveled at Hacking Team in the past.

via Vice