Italian Hacking Team Hacked
In a twist of fate, a company known for supporting governments in spy operations, Hacking Group out of Italy, was recently exposed in a hack.
A group of blackhat hackers apparently compromised the group and gained control of their Twitter account as well, posting screenshots and other proof over the weekend. The potential motivation for this attack may have been long-standing allegations that the company readily supports repressive governments such as Sudan in their campaigns against human rights.
The company last year denied having ever sold software or contracts to private companies, for instance, but one of the documents specifically leaked was tied to the sale of such software to companies in Brazil.
In its customer policy, it states that only governments can be clients, however.
We provide our software only to governments or government agencies. We do not sell products to individuals or private businesses. We do not sell products to governments or to countries blacklisted by the U.S., E.U., U.N., NATO or ASEAN.
One of the company’s most powerful wares is a tool called Davinci, which allows the user (nearly always a law enforcement or government agent) to track a person’s calls, whereabouts, and other communications in real-time.
Also read: Lizard Squad Claims Lenovo DNS Attack
At present, it is unclear whether or not any code was obtained in the attacks, as thus far mostly communications and the like have been released. However, there are legitimate concerns that having such powerful tools as Davinci out in the Darknet, freely for sale at discount rates, could create serious hazards for everyday people on a global scale. Such tools as Davinci would serve massive purpose to organized crime syndicates trafficking in stolen identities, for instance.
One of the company’s mottoes is that it can help clients to “defeat encryption,” but a data breach of this magnitude is likely to discredit their capabilities a great deal. Indeed, a hacker getting hacked is about as good in terms of public relations as a hit man getting murdered. While Christian Pozzi, the founder of Hacking Team, is saying on Twitter that the attackers are falsifying the data they have, he is not saying to what level the breach occurred.
At the time of writing, HackingTeam.it was still down, and only a cached copy was served by the company’s DDoS-protection service.
Any company that makes a career of exposing the secrets of others will eventually have its secrets revealed. The real surprise among the security community might be that this took so long to come about in terms of Hacking Team.
Featured image from Shutterstock.