An Italian digital surveillance firm, Hacking Team, notorious for helping governments spy and clampdown on internet users was Sunday night hacked, and 415GB of its internal data leaked online.
The firm’s Twitter account was also hacked and used to disseminate the leaked torrent files.
Documents released so far by the attackers show that Hacking Team worked with the Bayelsa state Governor, Seriake Dickson, and many other suppressive regimes like Sudan, UAE, Russia, Bahrain and Ethiopia.
The records also showed the security firm had contracts with U.S. government agencies like FBI, the Department of Defense, and the Drug Enforcement Agency.
The project with the Bayelsa state government was within the period of the state’s clampdown on one of its former employees, Tonye Okio, for allegedly criticizing the Bayelsa State governor, Mr. Dickson, on his Facebook page.
It is unclear at this point the exact surveillance task the firm carried out for Bayelsa state government – researchers are still pouring through troves of data leaked by the attacker – but the project status reads that it has expired.
Hacking Team is loathed by digital activists all over the world.
Reporters Without Borders listed the firm on its Enemies of the Internet index due to Hacking Teams’ primary surveillance tool Da Vinci, and its use by oppressive governments to censor the Internet
Embarrassing Passwords
Researchers poring through the trove of data have so far found the leak contains emails of Hack Team’s top employees, including its founder and chief executive, David Vincenzetti.
The data also include information on the company’s customers and examples of how its remote control system can spy on users’ web connections and WhatsApp conversations.
Also included in the leak is also a number of the firms’ internal passwords, which appear to be embarrassingly patterned and weak for a company that deals in exposing others’ security.
A file called login.txt held credentials belonging to Christian Pozzi, security engineer at the firm, and his passwords include easily-crackable variations on the word “password” and the name of an X-Men character all in lower-case and with no numbers or symbols.
The firm’s clients’ passwords were exposed as well, and several documents related to contracts and configurations have been circulating online.
The firm potentially faces trouble with the European Union after the trove revealed that it had continued to maintain a business relationship with Russia and Sudan.
In 2014, Hacking Team vehemently denied it was in bed with the Sudanese government after a Citizen Lab report revealed evidence that the firm’s remote control system was being used by Sudan.
Earlier this year, Citizen Lab, based at the University of Toronto, also published a report linking Hacking Team to efforts by the government of Ethiopia to target journalists.
The firm denied both reports but the leaked data show the firm lied in its denials.
Hacking Team is yet to officially comment on the hack, 16 hours after the perceived attacker, Phineas Fisher, announced the attack on Twitter.
One of the company’s employees, whose weak passwords was the butt of several jokes on the attack, Mr. Pozzi, took to Twitter to comment on the attack.
He argued that his company had done nothing illegal.
“The people responsible for this will be arrested,” he said. “We are working with the police at the moment. Don’t believe everything you see. Most of what the attackers are claiming is simply not true…The attackers are spreading a lot of lies about our company that is simply not true.”
He also claimed the massive torrent file had malware in it. However, other hackers have since discredited his virus claims.
“We simply provide custom software solutions tailored to our customers’ needs,” Mr. Pozi insisted before either deleting or disabling his Twitter account.
An archive is of his tweet is available here.
PREMIUM TIMES is monitoring the data leak and will bring more details as they emerge.
