FRANKFURT/SAN FRANCISCO (Reuters) - Italy’s Hacking Team, which makes surveillance software used by governments to tap into phones and computers, found itself the victim of hacking on a grand scale on Monday.
The controversial Milan-based company, which describes itself as a maker of lawful interception software used by police and intelligence services worldwide, has been accused by anti-surveillance campaigners of selling snooping tools to governments with poor human rights records.
Hacking Team’s Twitter account was hijacked on Monday and used by hackers to release what is alleged to be more than 400 gigabytes of the company’s internal documents, email correspondence, employee passwords and the underlying source code of its products.
“Since we have nothing to hide, we’re publishing all our emails, files and source code,” posts published on the company’s hijacked Twitter account said. The tweets were subsequently deleted.
Company spokesman Eric Rabe confirmed the breach, adding that “law enforcement will investigate the illegal taking of proprietary company property.”
Rabe acknowledged that the company was recommending that clients suspend use of the snooping programs until Hacking Team determines whether specific law enforcement operations have been exposed.
“We would expect this to be a relatively short suspension of service,” Rabe told Reuters.
Hacking Team customers include the U.S. FBI, according to internal documents published Monday. That agency did not immediately respond to a request for comment.
One U.S. privacy rights activist hailed the publication of the stolen Hacking Team documents as the “best transparency report ever”, while another digital activist compared the disclosures to a Christmas gift in July for anti-surveillance campaigners.
Among the documents published was a spreadsheet that purports to show the company’s active and inactive clients at the end of 2014.
Those listed included police agencies in several European countries, the U.S. Drug Enforcement Administration and police and state security organisations in countries with records of human rights abuses such as Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Saudi Arabia and Sudan.
Sudan’s National Intelligence Security Service was one of two customers in the client list given the special designation of “not officially supported”.
However, a second document, an invoice for 480,000 euros to the same security service, calls into question repeated denials by the Hacking Team that it has ever done business with Sudan, which is subject to heavy trade restrictions.
Hacking Team did not dispute the veracity of any of the documents, though it said some reports that claimed to be based on them contained misstatements.
It said it would not identify any customers because of still-binding confidentiality agreements.
The 12-year-old Hacking Team was named one of five private-sector “Corporate Enemies of the Internet” in a 2012 report by Reporters Without Borders.
Citizen Lab, a digital rights research group affiliated with the University of Toronto, has published numerous reports linking Hacking Team software to repression of minority and dissident groups, as well as journalists in a number of countries in Africa and the Middle East.
Editing by Susan Fenton, Bernard Orr