An Italian company called Hacking Team, which supplies intrusion and surveillance tools to governments and law enforcement agencies, has been hacked. The intruders have made off with 400GB of data which is now being leaked online.
Hacking Team has more than 40 employees and sells commercial hacking software to law enforcement in several dozen countries, including Morocco, Ethiopia, and the United Arab Emirates. A recent report from Motherboard revealed that the Hacking Team also supplies spyware tools to the Drug Enforcement Agency to implant software in a suspect’s phone and record texts, emails, passwords, and monitor conversations.
Some of those countries have what could be referred to as dubious human rights regimes. The company has in the past denied working for Sudan, for instance, but an invoice for 480,000 Euros amongst cache of files suggests otherwise.
In a series of tweets from the company’s compromised Twitter account, the unknown hackers appear to have revealed embarrassing internal emails and a torrent with 400GB of internal files, source code, and communications.
Worryingly, a cache of leaked passwords hints that standards aren’t that high at Hacking Team. Passwords recovered from the leaked documents include the likes of “HTPassw0rd”, “Passw0rd!81”, “Passw0rd”, “Passw0rd!”, “Pas$w0rd” and “Rite1.!!”. One wonders, perhaps, if a company with internal security like that should be let loose on the security of the world’s governments.
