Hacking Team, an international surveillance company that sells hacking software, was compromised by an unidentified hacker.
A surveillance company that sells hacking spyware to governments just got out-performed by an unidentified assailant. The attacker released an extensive accretion of internal documents online. With an added braggadocio, the hacker even compromised its Twitter account in a Washington Post report.
Hacking Team is one of numerous related companies currently selling elite spyware software–initially reserved for intelligence companies–to governments willing to pay the right price.
Eric Rabe, Haking Team’s spokesperson, released “Hacking Team has been the victim of an online attack, and we believe documents have been stolen from the company,” in a recent statement.
In addition to hundreds of gigabytes being floated through the internet, so are the company’s underlying code for its spying arsenal and e-mail inboxes of its employees. Yet, Rabe declined for a comment regarding the files’ validity.
Civil liberties groups and security researchers have censured Hacking Team for selling the sensitive nature of its technology to governments with human rights records as long as they can afford the price tag. If the documents are authenticated, countries would include Azerbaijan, Ethiopia, Egypt, Kazakhstan, Sudan and Saudi Arabia.
Sudan, currently the subject of an arms embargo, received an invoice for $480,000 for Hacking Team’s Control System, their featured spyware tool, which gives governments the power to hack into their target’s devices according to a Wired account.
One Citizen Lab reported that the institution continued to purvey its software to Ethiopia despite announcements that it was using the tools to target U.S. journalists.
“There doesn’t seem to be any sort of human rights due diligence in what we’ve seen right now,” said Collin Anderson, an independent researcher who has knowledge of the commercial surveillance market. Several U.S. agencies are among the company’s rolodex, which aligns with previous accounts by Motherboard that detailed the company using shell companies to sell its services to the Drug Enforcement Administration.
The leak highlights an extended debate within the U.S. on how to administer a global arms control compliance with a focus on exporting hacking tools. It’s also the second breach within recent months. The same anonymous attacker claimed responsibility for hacking into Gamma International last August, in which 40 gigabytes of company data was released.
Hacking Team is especially vulnerable if the code for the spyware apparatuses is determined to be credible.