Italian Surveillance Software Maker Falls Victim To Doxing Attack

Milan-based Hacking Team tells customers to stop using its products after leaked documents reveal the product's source code and the company's history of selling to governments with records of human rights abuses.

Source code for the Remote Control System (RCS) surveillance software as well as details of the international government agencies that purchased it were revealed today in an apparent doxing attack on Hacking Team, the Milan-based makers of RCS.

The dumped data revealed that Hacking Team had sold its products to several countries with poor human rights records, as well as to the FBI and U.S. Drug Enforcement Administration (DEA). Unnamed sources told Motherboard that Hacking Team has told customers to suspend use of the software, of which the newest version is named Galileo, and was previously known as Da Vinci.

In total, attackers uploaded to BitTorrent 400 gigabytes of data (and might have stolen as much as a terabyte), which also included internal documents, audio recordings, email correspondence, and employee passwords. One of the leaked files was a PowerPoint presentation explaining how the company was able to intercept communications on the Tor network, which is supposed to be anonymous. One of the leaked files was a spreadsheet, from the end of 2014, of active and inactive clients. Among those clients were police and state agencies in nations with records of human rights abuses, including Russia, Egypt, Sudan, Ethiopia, Kazakhstan, Morocco, Nigeria, and Saudi Arabia.

SPONSOR VIDEO, MOUSEOVER FOR SOUND

The attackers also hijacked Hacking Team's Twitter account, posting "Since we have nothing to hide, we're publishing all our emails, files and source code." Tweets posted by the attackers have been deleted, but the account appears to still be active as of publishing time.

Motherboard's anonymous source says the attacker seems to have compromised the client machines of two of Hacking Team's system administrators, who had complete access to the company's files. While the company has asked customers to suspend use of the product, the source said "The company, in fact, has 'a backdoor' into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about."