Hacking Team Breach Shows a Global Spying Firm Run Amok
On Sunday night, unidentified hackers published a massive, 400 gigabyte trove on bittorrent of internal documents from the Milan-based Hacking Team, a firm long accused of unethical sales of tools that help governments break into target computers and phones. The breached trove includes executive emails, customer invoices and even source code; the company’s twitter feed was hacked, controlled by the intruders for nearly 12 hours, and used to distribute samples of the company’s hacked files. The security community spent Sunday night picking through the spy firm’s innards and in some cases finding what appear to be new confirmations that Hacking Team sold digital intrusion tools to authoritarian regimes. Those revelations may be well timed to influence an ongoing U.S. policy debate over how to control spying software, with a deadline for public debate on new regulations coming this month.
Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies. However, their business has earned them a black mark from privacy and human rights organizations, as the company has been accused of selling tools and services to nations known for violent oppression.
Reporters Without Borders has listed the company on its Enemies of the Internet index due largely to Hacking Teams' business practices and their primary surveillance tool Da Vinci.
Sunday evening, documents circulating online, and documents shared by @SynAckPwn with Salted Hash, have linked Hacking Team to Egypt, Lebanon, Ethiopia, and Sudan.
The FBI Spent $775K on Hacking Team’s Spy Tools Since 2011
The problem is that the discussion around law enforcement using hacking as a means of information gathering has never been carried out in public.
“Congress has never explicitly granted law enforcement agencies the power to hack. And there have never been any congressional hearings on the topic,” Soghoian continued.
“We need to have a national debate about whether we want law enforcement agencies to be able to hack into the computers of targets. This is too dangerous a tool for them to start using by themselves.”