An Italian company called Hacking Team, which supplies intrusion and surveillance tools to governments and law enforcement agencies, has been hacked. The intruders have made off with 400GB of data which is now being leaked online.
The tranche of document reveals details about the company’s clients, along with passwords and details about the use of its products. So far, points out CSO, the list of clients includes:
Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, UAE
Some of those countries have what could be referred to as dubious human rights regimes. The company has in the past denied working for Sudan, for instance, but an invoice for 480,000 Euros amongst the cache of files suggests otherwise. Elsewhere, there are emails from the likes of Ethiopia’s Prime Minister, thanking the company for securing data about a high-value target.
In the US, documents suggest that the FBI had a maintenance contract with Hacking Team until June 30, 2015, while the Drug Enforcement Agency has a renewal in progress and work for the Department of Defence is listed as not active.
Worryingly, a cache of leaked passwords hints that standards aren’t that high at Hacking Team. Passwords recovered from the leaked documents include the likes of “HTPassw0rd”, “Passw0rd!81”, “Passw0rd”, “Passw0rd!”, “Pas$w0rd” and “Rite1.!!”. One wonders, perhaps, if a company with internal security like that should be let loose on the security of the world’s governments.