Information Security News
Privacy and human rights advocates are having a field day picking through a massive leak purporting to show spyware developer Hacking Team's most candid moments, including documents that appear to contradict the company's carefully scripted PR campaign.
"Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)," Hacking Team CEO David Vincenzetti wrote in a June 8 e-mail to company employees including Walter Furlan, whose LinkedIn profile lists him as the international sales engineer of the spyware developer. "You would be demonized by our dearest friends the activists, and normal people would point their fingers at you."
Other documents suggested the US FBI was among the customers paying for software that allowed targets to be surreptitiously surveilled as they used computers or smartphones. According to one spreadsheet first reported by Wired, the FBI paid Hacking Team more than $773,226.64 since 2011 for services related to the Hacking Team product known as "Remote Control Service," which is also marketed under the name "Galileo." One spreadsheet column listed simply as "Exploit" is marked "yes" for a sale in 2012, an indication Hacking Group may have bundled some sort of attack code that remotely hijacked targets' computers or phones. Previously, the FBI has been known to have wielded a Firefox exploit to decloak child pornography suspects using Tor.
A controversial company that sells weaponized spyware has been penetrated by hackers who claim to have plundered more than 400GB worth of e-mails, source code, and other sensitive data—including invoices showing that the firm has done business in countries ruled by highly repressive governments.
Italy-based Hacking Team has long denied selling to nations with poor human rights records. It instead markets itself as a supplier of customized software for law enforcement departments and government agencies in countries with good human rights records. Its spyware, company officials have said, helps crack down on criminals and terrorists. Over the weekend, unidentified people claimed to hack Hacking Group computers and social media accounts and to make off with documents contradicting that narrative. As proof, the hacktivists posted invoices purporting to show malware sales to groups in Egypt, Russia, Saudi Arabia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.
"Since we have nothing to hide, we're publishing all our e-mails, files, and source code," the hackers wrote in a tweet that included a BitTorrent link to the alleged trove of documents. The statement was posted to the official Hacking Team Twitter account, which the hackers said had also been compromised (the account handle was changed to "Hacked Team").