Hacking Team, a controversial company that helps governments and organizations spy on people, just found itself hacked and exposed.
The Italian company is well-known for its controversial operations, helping governments and various intelligence agencies spy on citizens. Hacking Team had notable clients worldwide, including in repressive regimes.
Ironically, Hacking Team has been hacked itself, and found its name changed to "Hacked Team" on Twitter. No attackers have taken credit so far for this hack, but a 400 GB of the company's purported internal files, source code, documents, as well as email communications, found their way online. The hackers posted a link to the dumped files via a tweet on Hacking Team's hacked account. The CSO was the first to report on the Hacking Team being hacked.
Hacking Team has apparently managed to regain control of its Twitter account in the meantime and delete the attackers' posts, including the link to the dumped files, but nothing really disappears once it's surfaced on the Internet.
The Italy-based cybersecurity firm specializes in offering offensive and defensive security services to law enforcement and national security organizations, leveraging malware and exploits to access networks and spy on its targets.
Hacking Team was at the center of a big controversy when it made it to Reporters without Borders' Enemies of the Internet list, which drew attention to the "era of the digital mercenaries."
Although Hacking Team has previously denied allegations that it was offering its services to oppressive governments, the attackers behind this new hack may have evidence of the contrary. More specifically, attackers who hacked Hacking Team took to PasteBin to dump a comprehensive list of customers.
The internal documents the attackers obtained from Hacking Team include a "client list renewal," revealing the various locations in which Hacking Team had customers. The list includes repressive regimes such as Sudan, Azerbaijan, Bahrain, Kazakhstan, Uzbekistan, Saudi Arabia, Russia, and the UAE.
Based on the list, Hacking Team enjoys a wide customer base all across the world, with numerous government agencies relying in its services to spy on their citizens. U.S. customers who used Hacking Team's services include the FBI, DEA and Department of Defense, the list reveals.
After recovering its Twitter account, Hacking Team tried to do me damage control and the screenshots, messages and other posts from the hackers no longer appear on its page.