On Sunday afternoon when most of Twitter was distracted by the Women's World Cup, a company known (and sometimes reviled) for helping governments and intelligence agencies spy on their citizens was hacked.
Hacking Team, the target, is an Italian company that was most recently in the public eye when it was placed on the Enemies of the Internet index. The first public signal of the hack was an unusual tweet by Hacking Team and around the same time the username and header photo were changed to "Hacked Team."
Looks like the hackers have a sense of humor.
The unknown hackers published a torrent file with 400GB of internal documents, source code and emails for anyone who wanted to look. One of the documents showed poor password choices by Hacking Team (HTPassw0rd, Passw0rd!81, Passw0rd, Passw0rd!, Pas$w0rd, Rite1.!!) that, considering the security aspect of the company, are laughable.
Another more newsworthy discovery was that Hacking Team has indeed done business with Sudan, something the company had previously denied. There's a UN arms embargo on Sudan, covered by EU and UK law, so the publication of this information could spell (more) trouble for the company. Below is a leaked invoice for work done for the Sudanese government.
Other countries that have worked with Hacking Team were revealed: Egypt, Ethiopia, Morocco, Nigeria, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, UAE.
The first response came from a Hacking Team staffer who took to Twitter to generally threaten people and lie. Here is some of what he wrote before his account was also hacked and then deleted:
"We are awake. The people responsible for this will be arrested. We are working with the police at the moment."
"Don't believe everything you see. Most of what the attackers are claiming is simply not true...The attackers are spreading a lot of lies about our company that is simply not true. The torrent contains a virus..."
"... We simply provide custom software solutions tailored to our customers needs..."
Posts from researchers who are inspecting the torrent file have popped up with more information. One item is an invoice for 58,000 Euro to Egypt for Hacking Team's RCS Exploit Portal. Also, based on documents shared by a Twitter user, it appears that Hacking Team encouraged some international clients to use VPN services based in the United States and Germany.
There's no official statement from Hacking Team as of writing, nor do we know who was behind the attack. Though, if the internet's general consensus was taken into account, authorities shouldn't rush to find or prosecute the hackers.
Bonus: In case you're wondering how this group managed to get their clients and promoted its spyware products, here's an ad for surveillance software 'Da Vinci' made by Hacking Team.