techcrunch.com | July 06, 2015
The Hacking Team is now being ridiculed and humiliated on the internet as the Hacked Team.
The hackers get hacked. One of the technology world’s most notorious providers of surveillance and intrusion software has found itself on the wrong end of an embarrassing hack.
A range of sensitive documents belonging to Italy-based Hacking Team, which is known for working with governments worldwide, appeared to leak out over the weekend, including email communications and client lists. The hackers, who remain unidentified at this time, also took over the group’s Twitter account, using it to post screenshots of emails and other details, as CSO first reported.
Hacking Team is a mysterious organization which has long been thought to sell tracking and hacking software to governments, particularly those in developing markets. The organization describes itself as providing “effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities”. One tool that it is known to offer is Davinci, a service marketed at law enforcement organization that can purportedly access SMS, emails, web browsing and more to locate specific targets.
Last year, the organization denied selling technology to “any repressive regime” following a report from a report from Citizen Lab, but early leaks of the files — which weigh it at over 400GB — appear to show government contracts with Kazahkstan, Sudan, Russia, Saudi Arabia and others.
One released document shows an email communication between a man named Binyam Tewelde who is linked to Meles Zenawi foundation and the Hacking Team.
“An email from a person linked to several domains allegedly tied to the Meles Zenawi Foundation (MZF), Ethiopia’s Prime Minister until his death in 2012, was published Sunday evening as part of the cache of files taken from Hacking Team.
In the email, Biniam Tewolde offers his thanks to Hacking Team for their help in getting a high value target.
Around the time the email was sent, which was eight months after the Prime Minister’s death, Tewolde had registered eight different MZF related domains. Given the context of the email and the sudden appearance (and disappearance) of the domains, it’s possible all of them were part of a Phishing campaign to access the target. Who the high value target is, remains unknown.
An invoice leaked with the Hacking Team cache shows that Ethiopia paid $1,000,000 for Hacking Team’s Remote Control System, professional services, and communications equipment.”
In addition, it seems that the company also sold software to private companies. That was something that it denied doing in the past. The hacked list of its customers:
Further email correspondence appears to show Hacking Team acknowledge that it supplied technology to Ethiopian authorities which was subsequently used to spy on journalists and activists, per another report from Citizen Lab.
In an apparent leaked note posted to Twitter, Hacking Team COO Giancarlo Russo acknowledged the potential that the client had abused its software, but appeared to bury any concerns around ethics by explaining that a flag had been raised by “two of the newest guys… who may be frightened by this kind of press.”
A further list, posted to Pastebin, claims to show the organization’s client list, which includes government agencies from Australia, Egypt, Malaysia, Mexico, Singapore, Spain, Thailand, Turkey and UAE. The Verge reported in 2013 that Hacking Team made a major push to lure U.S.-based clients, and according to this list, the FBI and Drug Enforcement Agency had engaged Hacking Team’s services at one point.
Many of the security community may enjoy the irony that Hacking Team, which is listed on Reporter’s Without Borders’ ‘Enemies Of The Internet’ list, is being exposed so publicly, but there’s a genuine concern that if the organization’s source codes are indeed part of the leaked documentation — which experts are still looking over — then that could grant widespread access to some very powerful tools.
Hacking Team founder Christian Pozzi claimed on Twitter that the hackers falsified information about the company’s services and clients, adding that the company is working with police on the issue.
A further tweet appeared to suggest that the company is shutting down, but it isn’t clearl whether that is genuine or just a reaction to the outpouring of company information into the public domain.