An Italian surveillance software developer, which is being criticised for selling online snooping tools to repressive regimes, got a taste of its own medicine following a massive data breach.
On Monday, the Twitter account of Hacking Team was commandeered by an outside group, who used it to release over 400GB of the Milan-based firm’s private files, such as employee passwords, internal documents, email correspondence, and source code for its snooping tools.
A tweet posted to the developer’s hijacked Twitter account read: “Since we have nothing to hide, we’re publishing all our emails, files and source code.” The tweets were subsequently removed.
The uploaded documents included a spreadsheet that allegedly shows Hacking Team’s active and inactive clients at the end of 2014.
Among those listed are the US Drug Enforcement Administration, police agencies from various European countries, and government security organisations in countries with human rights violations like Egypt, Nigeria, Sudan, Ethiopia, Morocco, Kazakhstan, and Saudi Arabia.
The National Intelligence Security Service in Sudan was one of the clients in the list designated as “not officially supported”. However, an invoice for €480,000 addressed to the same agency casts doubt on Hacking Team’s repeated denials that it has ever offered its services to the repressive regime.
In a 2012 report issued by Reporters Without Borders, the company was branded as one of five corporate enemies of the free web.
The University of Toronto’s digital rights research group Citizen Lab discovered that Hacking Team’s software was used to eavesdrop on minority and dissident groups, including journalists, in several African countries and those in the Middle East.