Italian surveillance software maker, Hacking Team, allegedly breached

Sources said the 400GB of stolen data includes a customer list and revenue received

Hacking Team, an Italian maker of surveillance software, was allegedly breached on Sunday.

Hacking Team, an Italian maker of surveillance software, was allegedly breached on Sunday.

An Italian developer of surveillance software, Hacking Team, which has previously been sharply criticized by digital activists, has apparently suffered a large data breach.

Hacking Team develops surveillance tools that it has maintained are legally sold to governments for law-abiding investigations. But critics contend the company's software has been used to spy on dissidents, human rights activists and journalists.

On Sunday, it appeared that Hacking Team's Twitter feed was taken over. The banner on the page had been changed to "Hacked Team." Several posts contained screenshots that are purportedly of the stolen data, which included emails sent by Hacking Team's founder and CEO, Vincent Vincenzetti.

Hacking Team officials could not be immediately reached for comment.

The data stolen amounts to some 400GB, according to Christopher Soghoian, principal technologist for the Speech, Privacy and Technology project of the American Civil Liberties Union.

Soghoian, who has frequently criticized Hacking Team, wrote in another Twitter post that the data "dump includes an .xls spreadsheet listing every government client, when they first bought HT and revenue to date."

That kind of data, if accurate, could be immensely damaging to Hacking Team, which has sought to defend its operations amid a variety of accusations from critics over who buys its software and how it's used.

Hacking Team has been under consistent fire from organizations such as the University of Toronto's Citizen Lab. One of Hacking Team's main products is the Remote Control System, which is a suite of tools that enables secret remote access of a computer.

In a February 2014 study, Citizen Lab said RCS appears to have been used by 21 countries such as Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE and Uzbekistan.

Some of those countries, Citizen Lab noted, have questionable human rights records, and it's believed that some governments may have used RCS to monitor the activities of civil rights activists.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Join the CSO newsletter!

Error: Please check your email address.

Tags securitydata breachHacking Team

More about TechnologyTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place