Hacking Team, a company that helps the police hack citizens, has itself been hacked — with the hackers revealing some very interesting information about Hacking Team.
In a number of tweets that were sent from Hacking Team's compromised Twitter account, the hackers revealed embarrassing emails along with 415GB of internal files and other communications.
Hacking Team is based in Milan and works for law enforcement in a number of countries, including the U.S., Australia, South Korea, Morocco, Ethiopia and the UAE. It also provides tools to the Drug Enforcement Agency to spy on suspects, tapping into their phone calls, emails, passwords and so on. The company is known in security circles for having created Ettercap, a spying tool that is the weapon of choice for hackers.
The hack didn't just lead to files being stored online. Because the company is so reviled in hacking circles – due to its dealings with different governments – hackers dove into the files, swiftly dismantling the company's reputation.
The documents reveal something very interesting: Hacking Team was perhaps not as put-together as people thought. The company's own security was very low-level, and the code that it used was poorly written.
All of the files were stolen while the staff of Hacking Team was asleep — prompting the use of the hashtag #IsHackingTeamAwakeYet. Eventually Hacking Team did wake up, and the Security Engineer for the company, Christian Pozzi, frantically tried to patch things up, saying the dumped files had viruses (they didn't) and even threatening a user with jail time for mocking the company's poor password habits. Pozzi's account was itself then hacked and removed.
Soon after, Hacking Team sent out a blast of emails from new, non-compromised email addresses, telling clients to immediately stop using its software.
It's unclear exactly who hacked Hacking Team, however, a hacker who goes by the name of PhineasFisher has claimed credit. This is the same hacker who hacked a similar company called Gamma International last year.
The stolen information was released on a GitHub repository called "Hacked Team," and WikiLeaks also released all the emails that were included in the massive 415GB that were leaked. According to some of the documents, Hacking Team sold services to both the FBI and the Russian government.