Hacking Team, a company that sells weaponized spyware, has been attacked by hackers who may have stolen more than 400GB worth of e-mails, source code, and other sensitive data, according to Ars Technica.
The hacktivists reportedly took command of Hacking Team’s twitter account and began tweeting. The account, changed to the name “Hacked Team” began tweeting links to the company’s private information. One tweet that is circulating are the purported passwords for the Hacking Team support staff, which have brought ridicule for their simplicity (using password).
In addition, documents were made available through BitTorrent. Information also leaked included invoices showing that the company had worked in countries that are ruled by repressive governments including Egypt, Russia, Saudi Arabia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.
The Guardian reported the Hacking Team had an invoice for €480,000 (530,616 USD) to a Sudanese national intelligence agency. Another leaked document had listed Russia and Sudan as countries “not officially supported,” as opposed to the designation of the other nations as “active” or “expired.”
The Italy-based company distributes malware surveillance software known as “Da Vinci,” which is capable of compromising hardware, including Android, Windows and Blackberry phones. The company’s website states it sells to a select customer base in “law enforcement and intelligence communities.” The Drug Enforcement Agency and the U.S. Army have bought Hacking Team’s spyware, which can collect data without detection.
Hacking Team made technology news last year when the company was found to be injecting malware in unencrypted YouTube and Microsoft Live traffic. Google and Microsoft have since fixed those vulnerabilities.
The firm has come under criticism for selling the software to repressive governments who would use it to spy on citizens. Human rights groups expressed concern that the spyware is being used to quash pro-democracy groups around the world.