Late Sunday night, someone leakedover 400GB of data from private surveillance technology company Hacking Team.
An unknown group or individual appears to have hacked into the company’s computers, downloaded its files, and the put them online for the world to see.
The hack was first made public via Hacking List’s twitter, which was also hacked.
Included in the dump were leaked emails, source codes, and even personal employee information. Perhaps most interesting were the lists of current and past clients, indicating that the company has been selling its surveillance technologies to some questionable actors.
For the past years the Italy-based Hacking Team has been accused of working with countries known for human rights abuses. Human rights watchdog Reporters Without Borders has listed it as an “enemy of the internet.”
Hacking Team, however, has maintained that its practices are completely kosher. In fact, the company has gone so far as to claim it never sells its software “to countries that international organisations including the European Union, NATO and the US of blacklisted.”
The data leak tells a different story.
For instance, one alleged Hacking Team document — filed under a client folder named (in Italian) as ‘offensive’ — was listed as “Client List_Renewal.” In this excel file is a list of countries and organisations who appear to have had contracts with the company.
Morocco, the United Arab Emirates, and Sudan were all included in this list. Other documents indicate Hacking Team also worked with groups in Egypt.
More interesting, the “status” column of this document (which for other countries is listed as either “Active” or “Expired”). Both Russia and the Sudan are listed as “Not officially supported.” It’s unclear what exactly this means.
Here’s a what the list looks like:
This excel file gives an idea of the sort of business private security companies can do.
Other documents tweeted by the @SynAckPwn account appear to show Hacking List clients based in both Egypt and Lebanon, instructed on how to use VPN technologies, CSO reports. There were also alleged invoices from Egypt.
While Hacking Team has made a point of never revealing its client base, it’s always maintained its practices to be clean.
“We take precautions to assure our software is not misused and we investigate cases suggesting it may have been,” the company wrote in a statement to Reporters Without Borders.
Hacking Team has yet to make a formal comment, and its website appears to be down as of the posting of this article.