The Italian security firm Hacking Team has allegedly been hacked, unknown attackers have exfiltrated some 400Gbs of data. The company has often been at the center of heated debate because of surveillance solutions that it develops, many experts and privacy advocated arguing that the company sells its products to oppressive and dictatorial regimes.
At the timeI’m writing there is no information on how the attack was carried out or even when it occurred.
The Hacking Team alleged sold its solutions to customers in Lebanon, Oman, Saudi Arabia, and Sudan, for this reason, hacktivist at Reporters Without Borders marked the company as an Enemy of the Internet.
On Sunday Eva Galperin, global policy analyst at the Electronic Frontier Foundation, shared the list of countries said to be customers of the Italian Hacking Team.
— Eva (@evacide) 6 Luglio 2015
Hacking Team to UN: Our software isn’t a weapon, so we weren’t prohibited from selling it to Sudan. YOLO. pic.twitter.com/wjuWDULB20
— Christopher Soghoian (@csoghoian) 6 Luglio 2015
According to exploit activist Christopher Soghoian (@csoghoian) Chile allegedly bought the surveillance software last year for $US2.85 million.
The stolen data has been uploaded to BitTorrent, it includes a huge number of directories containing source code, emails, and also audio recordings.
Among the software solutions sold by the Hacking Team, there is the Da Vinci surveillance platform, a software used by law enforcement agencies to spy on suspects.
The hackers also hijacked the Hacking Team ‘s Twitter account to share screenshots of the stolen data as proof of the attack.
It’s curious that in the following image, the CEO of hacking team David Vincenzetti share the news related the hacking of their competitor FinFisher, another powerful surveillance software developed by Gamma Group.
The Hackers are tweeting the alleged contents of other emails from Hacking Team CEO David Vincenzetti which demonstrates that the company is doing business with oppressive governments. The torrent listings also include login credentials for the company’s support sites in Egypt, Mexico, and Turkey.
Hacking Team is verifying the material, let’s wait for official information on its authenticity
Stay Tuned …
(Security Affairs – Hacking Team, RCS)