A controversial surveillance software firm has become the target of an attack and a massive data breach. The alleged...
response from the firm included threats against those responsible and accusations of "spreading lies."
The Italy-based security firm, Hacking Team, has been known to supply surveillance and intrusion tools to governments and law enforcement. The firm has also been accused of shady business dealings. Hacking Team's various tools have reputedly been used for invading the privacy of researchers and media.
The hackers released a 400 GB torrent file of Hacking Team internal documents, source code and email communications. Researchers analyzing the data noted potentially inflammatory information, including a 480,000 euro contract with Sudan from 2012. In 2014, the firm denied a Citizen Lab report revealing that the Sudanese government used the Hacking Team's Remote Control System.
The Hacking Team has consistently denied selling surveillance tools to oppressive regimes.
The hackers involved made the attack known Sunday evening, but a security researcher who requested anonymity noted that the amount of documents captured by the hackers implies that the attack had been in progress for quite some time. The researcher said there was evidence that this was an advanced persistent attack (APT), but was clear to say that "APTs do not necessarily mean nation state involvement."
"The attackers could have been working anywhere from a week to a few weeks. I am not seeing a full scale intrusion, judging by the files posted so far," the researcher told TechTarget. "This could have been a really lucky intrusion that led to some juicy information on a shared file server, and, if that's the case, to exfiltrate 400 GB could take as little as a week."
The Hacking Team official Twitter account was hacked, and the tweets have since been deleted. There has been no official response regarding the attack, but employee Christan Pozzi may have unofficially responded on Twitter.
"We are awake. The people responsible for this will be arrested," Pozzi wrote on Twitter. "We are working with the police at the moment."
Following that, Pozzi spent about one hour responding to allegations. The responses included: claiming the hackers were "spreading lies" and that the torrent of released data included a virus; threatening those posting leaked files with jail time. Pozzi also defended the Hacking Team by saying, "We haven't broken any laws. We simply provide custom software solutions tailored to our customers needs. [sic]"
Pozzi also said the Hacking Team was "in the process of notifying all of our customers about the recent breach," and notably added that he was not denying allegations that weak passwords were to blame for the breach.
Pozzi's Twitter account was deleted after these messages were posted along with a claim that the account had been hacked. TechTarget contacted the Hacking Team for clarification on Pozzi's Twitter comments and account, but did not receive a response at the time of this posting.