Hacking Team Hacked: Documents Show Company Sold Exploits And Spyware To UN-Blacklisted Governments

from the I-would-imagine-there-are-plenty-of-new-openings-on-its-appointment-calendar dept

Hacking Team — purveyor of exploits and spyware to a variety of government agencies all over the world — has been hacked. Late Sunday night, its Twitter account name was changed to “Hacked Team” and its bio to read:

Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.

Whoever’s behind this (no group has claimed responsibility yet) has repurposed the official Hacking Team Twitter feed to send out screenshots of incriminating information it/they have uncovered. For those who want to take a look themselves, the liberated documents can be torrented. Here are two places the torrent file can be picked up. (CAUTION: Actual file is 400 GB, so use a robust client and check your drive[s] for free space…) [And, if those go down, I’ve also stashed the torrent file here.]

What has been exposed so far shows Hacking Team has been lying about its business partners. It claims to only sell to NATO partners and blacklists oppressive governments. But its “Customer” Wiki appears to show that it counts such countries as Kazakhstan, Sudan, Russia, Saudi Arabia, Egypt and Malaysia as partners.

Screenshots of emails accessed by Hacking Team’s hackers show the company circumventing local regulations and restrictions on the export of exploits and spyware by using third-party resellers.

If you can’t see/read the screenshot, here’s the pertinent information. The email subject is “Remote Control Davinci System Into Nigeria.” Underneath that is the proposed third-party process for sneaking Hacking Team’s “Davinci” past import/export restrictions:

Commissions and meeting:

Being an Italian company, we are following the guidelines of our exterior ministry.

Understanding that this is an uncommon circumstance, this is what we are proposing:

HackingTeam will sell directly to your company and then TunsmosPetroleum will add its own mark up. The price you will purchase from us will include a discount on the list price as a compensation for the 1st meeting/demo in Milan and the training (in Milan as well) after the sale.

Other screenshots further confirm Hacking Team’s efforts in forbidden markets. One shows the company dealing with a “Sudan Citizen Lab request,” suggesting its end user(s) are uncomfortable with the investigative activities CL is performing.

ACLU technologist Chris Soghoian has taken a look at the files and uncovered even more incriminating information, including Hacking Team’s stonewalling of a UN investigation into its sales in Sudan. This investigation is the direct result of Citizen Lab’s investigative work. According to the files viewed by Soghoian, Hacking Team has denied any “current sales relationship” with Sudan, at least in terms of selling the sort of weaponized software forbidden by multiple treaties and UN resolutions. It claimed the software isn’t weaponized tech. The UN disagreed.

Your letter 1029 of 13 March 2015 also stated that the company did not consider the Remote Control Software to be a weapon, and therefore fell outside the parameters of the sanctions regime. The view of the Panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of “military… equipment” or “assistance” related to prohibited items…

There’s still plenty more to be uncovered in the document dump. Soghoian has already uncovered a spreadsheet listing every government customer, along with revenue to date.

Whatever happens from here on out should prove very interesting. Hacking Team is in for the longest Monday ever.

Filed Under: , , , , ,
Companies: hacking team

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Hacking Team Hacked: Documents Show Company Sold Exploits And Spyware To UN-Blacklisted Governments”

Subscribe: RSS Leave a comment
That One Guy (profile) says:

Oh sweet schadenfreude...

A company that makes(well, made…) it’s money selling programs and exploits to compromise the security and privacy of others, has it’s own security broken, allowing the world to pour through their personal communications and files, just like they helped others to do. Now that is some world class turn-about there.

Can’t wait for them to start screaming about how ‘unfair’ it is for their privacy to be violated like this, and how it’s completely unacceptable, though I imagine given what’s been revealed a little ‘violation of privacy’ is going to be the least of their worries soon.

Anonymous Coward says:

Re: Re: Re:

How about ‘EVER’?

Even though the US is a sure example of being better than most it never respected the citizens rights.

Liberty requires ETERNAL VIGILANCE! We have lost so many of them because those warning of the loss of liberty as freaks and tin foil hatters.

The slippery slope is not only very real, it is a zero day exploit!

Anonymous Coward says:


Via Ars Technica

Hacking Team engineer Christian Pozzi may have acknowledged the security breach. In a tweet, he wrote, “We are awake. The people responsible for this will be arrested. We are working with the police at the moment.” The tweet and Pozzi’s entire Twitter account were soon deleted.

There’s no realistic chance “Hacking Team” will find themselves arrested, is there?

0E800 says:



Anonymous Coward says:

Re: You know the maxim

The pen is mightier than the sword, and since we’re dealing with information warfare here, everybody would seem to be using pens.

I don’t have a good “pen only” maxim, but I do know that there’s a kindly anonymous hacker out there whose pen is much bigger than Hacking Team’s pen is.

GEMont (profile) says:

Predictions are fun

Hmmm…. lets see now.

Hacking Team has friends in almost every government on earth, since they’ve been assisting almost every government on earth in the process of spying on almost everyone else on earth.

They have just been exposed (by an unknown party), of working for everyone, while pretending to work only for the “designated good guys” on both sides of the line at once.

How does a company deal with such a dilemma?

Answer: Name Change!

“Hacking Team” becomes – oh I dunno – “Sunfallow Excursions” and carries on as usual from its shiny new offices in the Bahamas, without missing a beat.

After all, what government wants to charge such a group with a punishable crime and become the only government on earth not being serviced by that company and its wonderful surveillance toys?

Answer: None of them.

Thus, Hacking Team will be given a large sum of money by a large number of governments, to relocate and change their name and carry on with business as usual, with an even bigger budget and a better location.

Just a guess. 🙂

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...