School of Computing and Information Sciences

Saint Louis University

Baguio City 2600

CASE PROFILE ON RECENT SECURITY BREACH:

HACKING TEAM HACKED: FIRM SOLD SPYING TOOLS TO REPRESSIVE REGIMES,
DOCUMENTS CLAIM

Submitted by: Mina, Aaron Jones C.

Submitted to: Sir Randy Flores

The cybersecurity firm HackingTeam appears to have itself been the victim of a hack, with
documents that purport to show it sold software to repressive regimes being posted to the
companys own Twitter feed.
The Italy-based company offers security services to law enforcement and national security
organizations. It offers legal offensive security services, using malware and vulnerabilities to
gain access to targets networks.
According to the documents, 400GB of which have been published, Hacking Team has also
been working with numerous repressive governments something it has previously explicitly
denied doing. It has not been possible to independently verify the veracity of the documents.
The perpetrators of the apparent hack used the companys own official Twitter feed (renamed
Hacked Team) to communicate. They continued to post to the feed for hours after, highlighting
specific documents they claim come from the hack, such as emails, invoices and even
screenshots of Hacking Team employees computers, until the company regained control on
Monday morning and removed the posts.
One such tweet, which has since been removed, purports to show Hacking Team
negotiating with a third-party reseller to export its malware to Nigeria. If the sale took place, it
may have bypassed Italian export controls. Another is claimed to show the company debating
what to do after an independent investigation from the University of Toronto attacked it for
selling hacking tools to Ethiopia, which then used it to target journalists in the US and
elsewhere. The company has never publicly confirmed nor denied working with Ethopia, and in
March this year a spokesman dismissed earlier reports as based on some nicely presented
suppositions.
The company has repeatedly denied selling its technology to repressive regimes. In 2013, a
Reporters Without Borders report that named Hacking Team as one of the corporate enemies
of the internet for its position as a digital mercenary prompted a response from the firm. In a
statement, it said: Hacking Team goes to great lengths to assure that our software is not sold to

governments that are blacklisted by the EU, the USA, Nato and similar international
organizations or any repressive regime.
But, if genuine, the leaked documents suggest that among Hacking Teams clients are the
governments and security services of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain,
Saudi Arabia and the UAE, many of whom have been criticized by international human rights
organizations for their aggressive surveillance of citizens, activists and journalists both
domestically and overseas.
Most notably, the documents include an invoice for 480,000, which purports to be from the
Sudanese national intelligence service, dated June 2012. Three years later, in January 2015,
the company told the UNs Italian representative that it had no current business relations with
the country, prompting the follow-up question as to whether there have any previous business
arrangements with Sudan, the answer to which is not recorded.
A separate document contained in the apparent file dump appears to show Sudan, along with
Russia, listed as not officially supported, as opposed to the active or expired status held by
most other nation states.
The company describes itself as in the business of providing tools to police organizations and
other government agencies that can prevent crimes or terrorism, but if the documents are
genuine they suggest it may be willing to sell to non-state actors as well. One invoice
apparently company dealing with a private Brazilian firm, YasNiTech, to whom it sold three
months access to its remote access tool, allowing the firm to hack in to Android and Blackberry
phones, and Windows devices. We do not know if this sale was part of a wider contract with the
Brazilian government.
Hacking Team is one of a number of security firms that sell surveillance technology and
malware to national governments, enabling them to access the computers of their targets.
Gamma International, another firm in the same space that was best known for its FinFisher
surveillance software, suffered a similar hack in 2014. In the 40GB of data on FinFisher leaked,
the companys clients, capabilities and pricing was revealed; according to the leaked
documents, Hacking Team was celebrating the demise of a wannabe competitor of ours. The
hacker behind the Gamma International hack responsibility for, according to Motherboards
Lorenzo Franceschi-Bicchierai.

Hacking Team refused to give comment over the phone, directing the Guardian to an email
address. Multiple emails to that address and others given on the firms website were returned as
undeliverable, and on a follow-up call, Hacking Team again declined to comment and directed
the paper to the broken email address. When the Guardian explained that the email address
was not working, Hacking Team declined to give an alternative address or any other form of
contact.
Christian Pozzi, one of the firms employees, tweeted to say that the documents contained
false lies about the services the company offers.
A lot of what the attackers are claiming regarding our company is not true. Please stop
spreading false lies about the services we offer, Pozzi tweeted. We are currently working
closely with the police at the moment. I cant comment about the recent breach.
Pozzis feed was later itself hacked, and later still the entire account was deleted.
Privacy groups have welcomed a rare chance to potentially look inside the workings of a cybersurveillance company such as Hacking Team. Privacy International said in a statement:
Yesterdays leak of materials reportedly shows how Hacking Team assisted some of the worlds
most repressive regimes from Bahrain to Uzbekistan, Ethiopia to Sudan to spy on their
citizens.
We know from investigations by Citizen Lab that these tools are used to target human rights
activists and pro-democracy supporters at home and abroad. Surveillance companies like
Hacking Team have shown they are incapable of responsibly regulating themselves, putting
profit over ethics, time after time. Since surveillance companies continue to ignore their role in
repression, democratic states must step in to halt their damaging business practices.
References:
http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spyingtools-to-repressive-regimes-documents-claim
http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim400gb-in-dumped-data.html