×

Spy firm gets hacked, links to dodgy regimes exposed

An Italian company that sells surveillance technology to governments has been hacked with 400 gigabytes worth of documents leaked online exposing its links to governments with controversial human rights records.

Hacking Team was subject to an attack on Monday that saw its Twitter account compromised with hackers posting screenshots of confidential emails. A link to all the company's private documents was also published. No group has claimed responsibility for the attack.

Among the images posted was an invoice of 480,000 euros to Sudan's national intelligence and security agency, despite in a letter sent by Hacking Team to the United Nations stressing that the company had no business relations with the country. Sudan has been accused by Human Rights Watch of violently supressing anti-government protestors and holding dubious elections.

Sudan along with Russia, another customer, are both listed as "not officially supported" in Hacking Team's internal spreadsheet of customers. The document was part of the leak by hackers.

Another post showed an invoice of $1 million to Ethiopia, a country that has been accused of spying on journalists by the University of Toronto-based Citizen Lab. The report published last year by Citizen Lab revealed that Hacking Team's spying software was being used by Ethiopia, a claim again that was denied by the Italian company.

The latest leaks appear to confirm many of the allegations surrounding the company's involvement with governments known for corruption and human rights abuses.

Hacking Team did not make any official comment Monday, but one staff member, named Christian Pozzi, took to Twitter and urged people to "stop spreading false lies about the service we offer". He said that the company is "closely working with the police". His Twitter account was then hacked and deleted. Hacking Team seems to also have recovered its own official Twitter account and deleted tweets posted by the attackers.

Another embarrassing revelation from the data leak was a list of credentials for Pozzi including for sites such as Facebook and PayPal. The passwords were of poor quality and often just a variation on the word "password". A list of porn sites visited by Pozzi on his work computer were also posted on Twitter by security expert Dan Tentler, who downloaded the files published by the hackers and then posted them.