Cyber Security Firm Hacked: Data Stolen and Published Online

Hacking Team, a controversial and leading cybersecurity firm based in Italy, was humiliated early this month when its client database was hacked and published online by hackers.

The Hacking Team staff woke up to the worst-case scenario of its most secret business affairs being posted around the web.

Among the loads of leaked documents was evidence showing among its clientele were repressive regimes known for targeting human rights activists.

It’s also possible that police organisations have bought custom-built software from the firm that enabled them to infiltrate crime or terror networks.

The big hack went viral across the internet as experts, rivals and commentators picked through the digital debris of the company.

They lamented how the company and its clients were using foolish passwords such as ‘Passw0rd’ and ‘Pas$w0rd’.

Hackers got into the company’s internal servers before posting secret files on its Twitter feed, which was renamed ‘Hacked Team’.

More than 400 gigabytes of data, including emails, invoices, photographs and video phone calls, were posted online.

It appears the firm has been engaged in profitable contracts with authoritarian states like Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia, and the UAE, despite its public denials.

These states were listed by human rights organisations for their aggressive surveillance of citizens, activists and journalists both domestically and overseas.

One message showed the company dealing with a third party to export malware to Nigeria.

Another showed staff debating what to do after an independent investigation criticised it for selling hacking tools to Ethiopia, which were then used it to target journalists in the U.S.

Notably, the documents include an invoice for €480,000 (£340,000) from the Sudanese national intelligence service, dated June 2012, but earlier this year the company told the U.N. that it had no ‘current’ business relations with the country.

In 2013, a Reporters Without Borders report named Hacking Team as one of the ‘corporate enemies of the internet’ and labelled it a ‘digital mercenary’.

A Privacy International spokesman said: ‘The leak of materials reportedly shows how Hacking Team assisted some of the world’s most repressive regimes – from Bahrain to Uzbekistan, Ethiopia to Sudan – to spy on their citizens. Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics, time after time. Since surveillance companies continue to ignore their role in repression, democratic states must step in to halt their damaging business practices.’

If this can happen to a leading corporation it can happen to you! Do you need to talk through your security strategy? As part of our web services Team Discovery provide various security services to protect against internet fraud. Get in touch via our contact page if you have concerns about internet threats to your business.