Hacking Team, an Italian IT company that sells surveillance tools to governments and law enforcement agencies, has itself been the victim of a hack, it has emerged.
Around 400GB of data has reportedly been stolen from Hacking Team’s servers and uploaded to BitTorrent Ã¢â‚¬â€œ including internal documents, email communications and client lists that appear to show the company sold software to repressive regimes.
The client list, which includes past and present customers, contains the names of many government agencies and private companies including the Egyptian Ministry of Defence, the FBI and the Lebanon Army Forces.
A service maintenance list shared by Twitter user @SynAckPwn also indicates that contracts with
Sudan’s National Intelligence Security Service and Russia’s Intelligence Kvant Research were in place, but “not officially supported”.
The attackers defaced Hacking Team’s Twitter account last night, changing its name to “Hacked Team” and posting links to where the stolen files were being hosted. This content has since been removed.
Hacking Team system and security engineer, Christian Pozzi, took to Twitter to refute the claims, after a list of his own passwords was published along with the other data. Embarrassingly, these included a range variations on the word ‘Password’.
Mr Pozzi’s account now appears to have been deleted, but a cached version is available here.
“We haven’t broken any laws. We simply provide custom software solutions tailored to our customers needs,” said Mr Pozzi in a tweet. “Don’t believe all the false info the attackers are spreading.”
PozziÃ‚Â threatened security researchers with jail for discussing his poorly selected passwords, which were leaked as part of the 400GB cache.
Hacking Team has always claimed that it does not do business with oppressive governments or those that may use its tools to abuse human rights.