The Italy-based security firm Hacking Team, known for providing spying tools to the Drug Enforcement Administration (DEA) in U.S has been hacked.
This Sunday evening, the infamous security firm’s Twitter handle got hacked and someone used it to proclaim that the company which is well known for the development of different hacking tools has itself become a target of a shocking hack.
A Milan-based company that goes by the name of Hacking Team, specializes in investigation technology, and sells surveillance and intrusion tools to the law enforcement communities, has learned it a hard way about how it feels when someone’s inner stuffs gets exposed to the world, while the privacy supporters seem to enjoy their suffering.
For those of you who don’t know, the primary surveillance tool offered by the Hacking Team is known as “Da Vinci”, which is a Remote Control System (RCS) and have the ability to interrupt encryption while allowing law enforcement groups to observe encrypted files and emails, Voice over IP (VoIP) as well as chat-based communications, and can remotely enable computer’s camera and microphone. This tool observation tool works globally.
The offensive and lawful interception tools developed by this company have been linked to numerous acts of confidentiality attack by the media and investigators. And in spite of getting barred as an “enemy of the internet” by human rights organizations, the company continued to operate, and sell their services and solutions to the nations that are well known for violent harassment.
So to expose the inner workings of the firm, some unknown attackers targeted their Twitter account and defaced it with a completely new profile including logo and biography, and openly released compromised data with the pictures.
The hackers, using the Hacking Team’s Twitter handle, has publicly published a link to whopping 400 gigabytes of Torrent file that contains source code, internal documents, employee’s personal information as well as the email communications with their clients.
Later that day, as the documents begun to flow around the Web, @SynAckPwn shared some documents with Salted Hash which shows that Hacking Team has already been in links with Egypt, Ethiopia, Lebanon and Sudan. Whereas, on the other hand, the company continues to state that they don’t offer their services to repressive governments.
Interestingly, the link of Hacking Team with Sudan is explicitly newsworthy, because investigation reports published in 2014 revealed that Sudanese government was using Hacking Team’s RCS tool but the company promptly denied to offer solutions to Sudan.
The leaked documents also reveal that a contract with Sudan, worth about 480,000 Euro (est. $530,000) was paid to Hacking Team via wire transfer to gain access to Remote Control System which is used to access individual’s personal data.
Additionally, the company has listed Sudan as one of their clients but marked it as “not officially supported” in the list that contains name of countries who have had agreements with the company.
Based on the breached internal documents, Hacking Team were offering their solutions to the clients located in the number of countries, including Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, and the UAE.
— Eva (@evacide) July 6, 2015
One of the company’s staffers, Christian Pozzi, offered several comments on the breach, despite his statement that he couldn’t comment. However, he claimed his account was also hacked as shown in screenshot below: