Hacking Team Hacked: Documents Show Company Sold Exploits And Spyware To UN-Blacklisted Governments

from the I-would-imagine-there-are-plenty-of-new-openings-on-its-appointment-calendar dept

Hacking Team -- purveyor of exploits and spyware to a variety of government agencies all over the world -- has been hacked. Late Sunday night, its Twitter account name was changed to "Hacked Team" and its bio to read:


Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.
Whoever's behind this (no group has claimed responsibility yet) has repurposed the official Hacking Team Twitter feed to send out screenshots of incriminating information it/they have uncovered. For those who want to take a look themselves, the liberated documents can be torrented. Here are two places the torrent file can be picked up. (CAUTION: Actual file is 400 GB, so use a robust client and check your drive[s] for free space…) [And, if those go down, I've also stashed the torrent file here.]

What has been exposed so far shows Hacking Team has been lying about its business partners. It claims to only sell to NATO partners and blacklists oppressive governments. But its "Customer" Wiki appears to show that it counts such countries as Kazakhstan, Sudan, Russia, Saudi Arabia, Egypt and Malaysia as partners.

Screenshots of emails accessed by Hacking Team's hackers show the company circumventing local regulations and restrictions on the export of exploits and spyware by using third-party resellers.


If you can't see/read the screenshot, here's the pertinent information. The email subject is "Remote Control Davinci System Into Nigeria." Underneath that is the proposed third-party process for sneaking Hacking Team's "Davinci" past import/export restrictions:

Commissions and meeting:

Being an Italian company, we are following the guidelines of our exterior ministry.

Understanding that this is an uncommon circumstance, this is what we are proposing:

HackingTeam will sell directly to your company and then TunsmosPetroleum will add its own mark up. The price you will purchase from us will include a discount on the list price as a compensation for the 1st meeting/demo in Milan and the training (in Milan as well) after the sale.
Other screenshots further confirm Hacking Team's efforts in forbidden markets. One shows the company dealing with a "Sudan Citizen Lab request," suggesting its end user(s) are uncomfortable with the investigative activities CL is performing.

ACLU technologist Chris Soghoian has taken a look at the files and uncovered even more incriminating information, including Hacking Team's stonewalling of a UN investigation into its sales in Sudan. This investigation is the direct result of Citizen Lab's investigative work. According to the files viewed by Soghoian, Hacking Team has denied any "current sales relationship" with Sudan, at least in terms of selling the sort of weaponized software forbidden by multiple treaties and UN resolutions. It claimed the software isn't weaponized tech. The UN disagreed.

Your letter 1029 of 13 March 2015 also stated that the company did not consider the Remote Control Software to be a weapon, and therefore fell outside the parameters of the sanctions regime. The view of the Panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of "military… equipment" or "assistance" related to prohibited items…
There's still plenty more to be uncovered in the document dump. Soghoian has already uncovered a spreadsheet listing every government customer, along with revenue to date.

Whatever happens from here on out should prove very interesting. Hacking Team is in for the longest Monday ever.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: citizen lab, governments, hacking team, hacking tools, sudan, un
Companies: hacking team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 6 Jul 2015 @ 2:10am

    Oh sweet schadenfreude...

    A company that makes(well, made...) it's money selling programs and exploits to compromise the security and privacy of others, has it's own security broken, allowing the world to pour through their personal communications and files, just like they helped others to do. Now that is some world class turn-about there.

    Can't wait for them to start screaming about how 'unfair' it is for their privacy to be violated like this, and how it's completely unacceptable, though I imagine given what's been revealed a little 'violation of privacy' is going to be the least of their worries soon.

    link to this | view in thread ]

  2. identicon
    Klaus, 6 Jul 2015 @ 3:58am

    More problems for them

    "...This page (http://www.hackingteam.it/) is currently offline. However, because the site uses CloudFlare's Always Online™ technology you can continue to surf a snapshot of the site. We will keep checking..."

    There's a moral here; no matter how smart you think you are, there's always someone smarter. Or maybe just more devious.

    link to this | view in thread ]

  3. icon
    That Anonymous Coward (profile), 6 Jul 2015 @ 3:59am

    I was more impressed that the Italian UN rep said they didn't work for some nations, and now they are showing the bills these idiots sent to those nations.

    Its just like how the US doesn't engage in economic espionage

    link to this | view in thread ]

  4. icon
    Ninja (profile), 6 Jul 2015 @ 4:06am

    Depending how entrenched in the power chain of NATO and its countries the company is we can safely assume the powers will deploy the full power of the Justice Hammer™ while gleefully ignoring they were doing business with shady Governments. Definition of which Governments are shady pending.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 6 Jul 2015 @ 4:06am

    Corrupted Torrent Files

    Those torrent files don't work, at least on utorrent.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 6 Jul 2015 @ 4:36am

    Re: Corrupted Torrent Files

    Me too, can't get them to open

    link to this | view in thread ]

  7. identicon
    ?, 6 Jul 2015 @ 4:40am

    Yeah, same - getting cannot allocate memory error.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 6 Jul 2015 @ 4:48am

    Re: Oh sweet schadenfreude...

    Can't wait for them to start screaming about how 'unfair' it is for their privacy to be violated like this

    But that requires that they have control over their social media accounts....

    link to this | view in thread ]

  9. icon
    Ninja (profile), 6 Jul 2015 @ 4:57am

    Re:

    What version are you using? Older versions can't handle large torrents.

    link to this | view in thread ]

  10. icon
    That Anonymous Coward (profile), 6 Jul 2015 @ 5:00am

    Re: Re: Corrupted Torrent Files

    The .torrent file contents is to large.
    If one was motivated one could find a magnet link which will work.

    There are reports that the Transmission client can handle the .torrent file.

    link to this | view in thread ]

  11. icon
    That Anonymous Coward (profile), 6 Jul 2015 @ 5:01am

    Re: Re: Oh sweet schadenfreude...

    well one of them did long enough to claim there was malware in the torrent dump, the police would get them, then the account went dark... then the account started talking and it was fairly clear it wasn't him in control anymore.

    link to this | view in thread ]

  12. identicon
    Anonymous Coward, 6 Jul 2015 @ 5:25am

    Re:

    No, they won't. Why?

    Because those agencies have bought the same software from the same shady company.

    link to this | view in thread ]

  13. identicon
    Anon, 6 Jul 2015 @ 5:59am

    Am I the only one who thinks it's immoral to sell security flaws to the highest bidder rather than fixing them?

    Governments who respect their citizens' rights should outright refuse to buy them and demand that such information be released to the public to have the flaws fixed.

    link to this | view in thread ]

  14. icon
    Coyne Tibbets (profile), 6 Jul 2015 @ 6:02am

    Re:

    I'm giving odds the Justice Hammer™ used in this case will be made of foam rubber. This reeks of company-collaborating-with-government to sell a little spy-spy ware to a target foreign government.

    link to this | view in thread ]

  15. icon
    Coyne Tibbets (profile), 6 Jul 2015 @ 6:04am

    Re:

    Makes sense. But where will you find a government that respects their citizens' rights these days?

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 6 Jul 2015 @ 6:15am

    Re: Corrupted Torrent Files

    Use Tixati client :-)

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 6 Jul 2015 @ 7:08am

    Re: Re:

    How about 'EVER'?

    Even though the US is a sure example of being better than most it never respected the citizens rights.

    Liberty requires ETERNAL VIGILANCE! We have lost so many of them because those warning of the loss of liberty as freaks and tin foil hatters.

    The slippery slope is not only very real, it is a zero day exploit!

    link to this | view in thread ]

  18. identicon
    Trevor, 6 Jul 2015 @ 7:54am

    Re: Re: Re: Corrupted Torrent Files

    I'm sure if you scroll through YourAnonNews' twitter feed, you might come across a magnet link...

    ...if I remember correctly.

    link to this | view in thread ]

  19. icon
    Walid Damouny (profile), 6 Jul 2015 @ 9:51am

    And the moral is...

    Selling exploits should be outright illegal. Even when there is a list of so called "good" countries, like this organization showed, there are always ways to reach a prohibited potential client as the email shows:

    HackingTeam will sell directly to your company and then TunsmosPetroleum will add its own mark up.

    link to this | view in thread ]

  20. icon
    Ninja (profile), 6 Jul 2015 @ 10:14am

    Re: Re:

    Oh sorry for my mistake, I forgot to insert after Justice Hammer™ "against the ones that hacked the company"

    My bad

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 6 Jul 2015 @ 10:25am

    Obviously...

    those documents are planted fakes since they were hacked. Or so they will claim.

    link to this | view in thread ]

  22. icon
    sorrykb (profile), 6 Jul 2015 @ 10:44am

    Re: Oh sweet schadenfreude...

    Yep. Couldn't have happened to a nicer bunch.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 6 Jul 2015 @ 10:53am

    Arresto!

    Via Ars Technica...
    Hacking Team engineer Christian Pozzi may have acknowledged the security breach. In a tweet, he wrote, "We are awake. The people responsible for this will be arrested. We are working with the police at the moment." The tweet and Pozzi's entire Twitter account were soon deleted.

    There's no realistic chance “Hacking Team” will find themselves arrested, is there?
     

    link to this | view in thread ]

  24. identicon
    0E800, 6 Jul 2015 @ 11:01am

    http://securityzap.com/how-to-download-hacking-team-torrent-database/

    magnet:?xt=urn:btih:51603bff88e 0a1b3bad3962614978929c9d26955&dn=Hacked%20Team&tr=udp%3A%2F%2Fcoppersurfer.tk%3A6969%2Fannou nce&tr=udp%3A%2F%2F9.rarbg.me%3A2710%2Fannounce&tr=http%3A%2F%2Fmgtracker.org%3A2710%2Fannou nce&tr=http%3A%2F%2Fbt.careland.com.cn%3A6969%2Fannounce&tr=udp%3A%2F%2Fopen.demonii.com%3A1 337&tr=udp%3A%2F%2Fexodus.desync.com%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6 969&tr=udp%3A%2F%2Ftracker.pomf.se&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969

    link to this | view in thread ]

  25. icon
    John Fenderson (profile), 6 Jul 2015 @ 11:37am

    You know the maxim

    Live by the sword, die by the sword.

    link to this | view in thread ]

  26. identicon
    Martin, 6 Jul 2015 @ 12:45pm

    Re: Working torrent file

    This is a spam-link. Do not follow. Will push .exe on you.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 6 Jul 2015 @ 1:31pm

    Re: You know the maxim

    The pen is mightier than the sword, and since we're dealing with information warfare here, everybody would seem to be using pens.

    I don't have a good "pen only" maxim, but I do know that there's a kindly anonymous hacker out there whose pen is much bigger than Hacking Team's pen is.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 6 Jul 2015 @ 6:13pm

    People have been mirroring it as well as uploading their internal projects to github:

    https://github.com/hackedteam

    Yes they contain working 0days, this one came with a nice readme!
    https://twitter.com/w3bd3vil/status/618168863708962816
    https://github.com/hackedteam/vector-ex ploit/blob/master/src/flash-0day-vitaly2/read%20me.txt

    link to this | view in thread ]

  29. icon
    Javarod (profile), 6 Jul 2015 @ 8:24pm

    Re:

    Even better, take a look at the client list, there's a screenshot here: http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-du mped-data.html Clients are divided into three types, active, inactive and not officially supported. Guess who is the third type

    link to this | view in thread ]

  30. identicon
    Anonymous Coward, 6 Jul 2015 @ 10:53pm

    So, that's where Sony's PSN team went to.

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 7 Jul 2015 @ 5:22am

    I see several countries on that list that the US gov't considers "partners" as well.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 7 Jul 2015 @ 5:38am

    Re: Re: You know the maxim

    The pen is mightier than the sword but the Shwartz is mightier than the pen. "May the Shwartz be with you!"

    link to this | view in thread ]

  33. identicon
    GEMont, 7 Jul 2015 @ 8:30pm

    Predictions are fun

    Hmmm.... lets see now.

    Hacking Team has friends in almost every government on earth, since they've been assisting almost every government on earth in the process of spying on almost everyone else on earth.

    They have just been exposed (by an unknown party), of working for everyone, while pretending to work only for the "designated good guys" on both sides of the line at once.

    How does a company deal with such a dilemma?

    Answer: Name Change!

    "Hacking Team" becomes - oh I dunno - "Sunfallow Excursions" and carries on as usual from its shiny new offices in the Bahamas, without missing a beat.

    After all, what government wants to charge such a group with a punishable crime and become the only government on earth not being serviced by that company and its wonderful surveillance toys?

    Answer: None of them.

    Thus, Hacking Team will be given a large sum of money by a large number of governments, to relocate and change their name and carry on with business as usual, with an even bigger budget and a better location.

    Just a guess. :)

    ---

    link to this | view in thread ]

  34. identicon
    GEMont, 8 Jul 2015 @ 9:08pm

    Re: Arresto!

    Arrested as in Stopped. No.
    Arrested as in Incarcerated. No.

    Remember who these people work for.
    Almost every government on earth.
    That some serious friends in high places.

    ---

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.