Hacking Team Is Hacked
Someone hacked the cyberweapons arms manufacturer Hacking Team and posted 400 GB of internal company data.
Hacking Team is a pretty sleazy company, selling surveillance software to all sorts of authoritarian governments around the world. Reporters Without Borders calls it one of the enemies of the Internet. Citizen Lab has published many reports about their activities.
It’s a huge trove of data, including a spreadsheet listing every government client, when they first bought the surveillance software, and how much money they have paid the company to date. Not surprising, the company has been lying about who its customers are. Chris Soghoian has been going through the data and tweeting about it. More Twitter comments on the data here. Here are articles from Wired and The Guardian.
Here’s the torrent, if you want to look at the data yourself. (Here’s another mirror.) The source code is up on Github.
I expect we’ll be sifting through all the data for a while.
Slashdot thread. Hacker News thread.
EDITED TO ADD: The Hacking Team CEO, David Vincenzetti, doesn’t like me:
In another [e-mail], the Hacking Team CEO on 15 May claimed renowned cryptographer Bruce Schneier was “exploiting the Big Brother is Watching You FUD (Fear, Uncertainty and Doubt) phenomenon in order to sell his books, write quite self-promoting essays, give interviews, do consulting etc. and earn his hefty money.”
Meanwhile, Hacking Team has told all of its customers to shut down all uses of its software. They are in “full on emergency mode,” which is perfectly understandable.
EDITED TO ADD: Hacking Team had no exploits for an un-jail-broken iPhone. Seems like the platform of choice if you want to stay secure.
EDITED TO ADD (7/14): WikiLeaks has published a huge trove of e-mails.
Hacking Team had a signed iOS certificate, which has been revoked.
Anura • July 6, 2015 1:05 PM
I’m kind of hoping that this will spark criminal charges against people within Hacking Team. I mean, what they are doing is far worse than what the vast majority of hackers do (especially selling to the Sudan, which is aiding genocide). They do supply Western governments which you would expect to offer them protection, but this is the kind of hack that can completely destroy their business and cause their long-time customers to turn their backs. Of course, I figure at most they will be fined and file for bankruptcy, resulting in no further damage than has already been done.