The Italy-based security firm Hacking Team, known for providing spying tools to the Drug Enforcement Administration (DEA) in U.S has been hacked.
This Sunday evening, the infamous security firm’s Twitter handle got hacked and someone used it to proclaim that the company which is well known for the development of different hacking tools has itself become a target of a shocking hack.
A Milan-based company that goes by the name of Hacking Team, specializes in investigation technology, and sells surveillance and intrusion tools to the law enforcement communities, has learned it a hard way about how it feels when someone’s inner stuffs gets exposed to the world, while the privacy supporters seem to enjoy their suffering.
For those of you who don’t know, the primary surveillance tool offered by the Hacking Team is known as “Da Vinci”, which is a Remote Control System (RCS) and have the ability to interrupt encryption while allowing law enforcement groups to observe encrypted files and emails, Voice over IP (VoIP) as well as chat-based communications, and can remotely enable computer’s camera and microphone. This tool observation tool works globally.
The offensive and lawful interception tools developed by this company have been linked to numerous acts of confidentiality attack by the media and investigators. And in spite of getting barred as an “enemy of the internet” by human rights organizations, the company continued to operate, and sell their services and solutions to the nations that are well known for violent harassment.
So to expose the inner workings of the firm, some unknown attackers targeted their Twitter account and defaced it with a completely new profile including logo and biography, and openly released compromised data with the pictures.
The hackers, using the Hacking Team’s Twitter handle, has publicly published a link to whopping 400 gigabytes of Torrent file that contains source code, internal documents, employee’s personal information as well as the email communications with their clients.
Later that day, as the documents begun to flow around the Web, @SynAckPwn shared some documents with Salted Hash which shows that Hacking Team has already been in links with Egypt, Ethiopia, Lebanon and Sudan. Whereas, on the other hand, the company continues to state that they don’t offer their services to repressive governments.
Interestingly, the link of Hacking Team with Sudan is explicitly newsworthy, because investigation reports published in 2014 revealed that Sudanese government was using Hacking Team’s RCS tool but the company promptly denied to offer solutions to Sudan.
The leaked documents also reveal that a contract with Sudan, worth about 480,000 Euro (est. $530,000) was paid to Hacking Team via wire transfer to gain access to Remote Control System which is used to access individual’s personal data.
Additionally, the company has listed Sudan as one of their clients but marked it as “not officially supported” in the list that contains name of countries who have had agreements with the company.
Based on the breached internal documents, Hacking Team were offering their solutions to the clients located in the number of countries, including Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, and the UAE.
https://twitter.com/evacide/status/617893808580096000/photo/1
One of the company’s staffers, Christian Pozzi, offered several comments on the breach, despite his statement that he couldn’t comment. However, he claimed his account was also hacked as shown in screenshot below:
Here is Hacking Team’s official advert regarding their Da Vince spyware for governments:
Csoonline
![The leaked database was discovered on Shodan on May 14th.[wp_ad_camp_1][hlink][/hlink]A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles including those of influencers and brands has reportedly been discovered by security researcher Anurag Sen. The affected individuals include famous food bloggers and celebrities too apart from social media influencers. This database, which belongs to Chtrbox reportedly contains 49 million records was hosted on AWS (Amazon Web Services) and got exposed because it wasn’t protected with a password. Chtrbox is a Mumbai-based marketing firm that connects social media influencers to brands looking to market their products.See: Facebook: Storing Instagram passwords in plain text & harvesting your emailsEvery single record in the exposed database contains data belonging to social media influencers’ accounts and in some cases, even the account location is also mentioned. Each account has different worth depending on the number of followers, reachability, and engagement on the platform.[wp_ad_camp_1][hlink][/hlink]Zack Whittaker of TechCrunch contacted Chtrbox to inform about the exposed database, and it was eventually removed. It must be noted that Anurag claimed to discover the exposed database on Shodan on May 14th but in a statement issued by Chtrbox stated that the database was only exposed for 72 hours and contained no personal data.Whittaker also tweeted on Chtrbox's statement and called it "inaccurate."On the other hand, the Instagram spokesperson stated that they are figuring out the issue in order to understand whether the data actually is of Instagram accounts or of other sources."We're also inquiring with Chtrbox to understand where this data came from and how it became publicly available," the spokesperson told TechCrunch.[wp_ad_camp_1][hlink][/hlink]Whittaker claims that the information in the database must have been scraped from various publicly available social media accounts as it also included data such as the cost of a particular post and number of likes, etc. Moreover, some of the influencers claim that they aren’t associated with Chtrbox.See: Russian Hackers Control Malware via Britney Spears Instagram PostsFacebook, which owns Instagram, told TechCrunch that it is reviewing the matter. It is worth noting that Instagram doesn’t allow account scraping while Chtrbox claims that its client base boasts of over 184,000 Instagram influencers. This number is much less than the number of records found in the exposed database.Previously, hackers were found compromising and holding several Instagram influencers accounts for ransom - In the other case, personal data of top celebrities on Instagram was stolen and traded online while several dark web marketplaces were also seen selling Instagram data of 6 million celebrities.Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.](https://www.hackread.com/wp-content/uploads/2019/05/database-with-millions-of-instagram-influencers-leaked-online-1.jpg)
