Hacked security company's documents show a laundry list of questionable clients

Advertisement

hacking team tweet

Screenshot

The original tweet (since deleted) from Hacking Team

Late Sunday night, someone leaked over 400GB of data from private surveillance technology company Hacking Team.

Advertisement

An unknown group or individual appears to have hacked into the company's computers, downloaded its files, and the put them online for the world to see.

The hack was first made public via Hacking List's twitter, which was also hacked.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Included in the dump were leaked emails, source codes, and even personal employee information. Perhaps most interesting were the lists of current and past clients, indicating that the company has been selling its surveillance technologies to some questionable actors.

For the past years the Italy-based Hacking Team has been accused of working with countries known for human rights abuses. Human rights watchdog Reporters Without Borders has listed it as an "enemy of the internet."

Advertisement

Hacking Team, however, has maintained that its practices are completely kosher. In fact, the company has gone so far as to claim it never sells its software "to countries that international organizations including the European Union, NATO and the US of blacklisted."

The data leak tells a different story.

For instance, one alleged Hacking Team document - filed under a client folder named (in Italian) as 'offensive' - was listed as "Client List_Renewal." In this excel file is a list of countries and organizations who appear to have had contracts with the company.

Morocco, the United Arab Emirates, and Sudan were all included in this list. Other documents indicate Hacking Team also worked with groups in Egypt.

More interesting, the "status" column of this document (which for other countries is listed as either "Active" or "Expired"). Both Russia and the Sudan are listed as "Not officially supported." It's unclear what exactly this means.

Advertisement

Here's a what the list looks like:

Hacking List screenshot

Screenshot

A screenshot of the client renewal list included in the Hacking List internal document dump

This excel file gives an idea of the sort of business private security companies can do.

Other documents tweeted by the @SynAckPwn account appear to show Hacking List clients based in both Egypt and Lebanon, instructed on how to use VPN technologies, CSO reports. There were also alleged invoices from Egypt.

While Hacking Team has made a point of never revealing its client base, it's always maintained its practices to be clean.

Advertisement

"We take precautions to assure our software is not misused and we investigate cases suggesting it may have been," the company wrote in a statement to Reporters Without Borders.

Hacking Team has yet to make a formal comment, and its website appears to be down as of the posting of this article.

NOW WATCH: How to clear out a ton of space on your iPhone superfast