Hacking Team hacked: Spyware source code torrent blurts govt customers
Man, this two-edged sword has totally slashed me
Italian surveillance-ware developer Hacking Team has been infiltrated by hackers, who have leaked online 400GB of secret source code and other internal data.
The plundered booty is being shared via BitTorrent, and appears to include audio recordings, emails, documentation, invoices, and source code.
Hacking Team sells the Da Vinci malware surveillance software to law enforcement agencies, though it claims to only deal with ethical governments. It is marked as an Enemy of the Internet by activist outfit Reporters Without Borders.
The unknown hackers also hijacked Hacking Team's Twitter account and, at the time of writing, are tweeting screenshots of emails stolen in the raid.
The trove also allegedly reveals all Hacking Team customers and when they purchased the software.
The company is said to count Saudi Arabia, Oman, and Lebanon among its customers.
Chile allegedly bought the software last year for $US2.85 million, according to exploit activist Christopher Soghoian (@csoghoian) who is analysing the data.
Some of those may in coming days be scrambling to switch off the surveillance-ware due to source code being made public.
The claims are unverified at the time of writing. (This writer lives just outside of Australia's tiny National Broadband Network and as a result has not as yet downloaded the whole cache).
Hackers are tweeting the alleged contents of the stolen emails from Hacking Team CEO David Vincenzetti, which appear to reveal dealings with oppressive governments.
The torrent listings also allegedly contain login credentials for the company's support sites in Egypt, Mexico, and Turkey.
The Register will update this story as more information comes to hand.
Readers can for now follow the carnage on the commandeered @HackingTeam Twitter account. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero Day Initiative
- Zero trust