Notorious surveillance tech provider Hacking Team has suffered a major data breach of internal documents which appears to show that repressive regimes including Bahrain were customers.
The 400GB data dump was first published on a torrent site on Sunday evening and also featured source code and various emails.
Security engineer Christian Pozzi is said to have had his corporate passwords exposed in the data breach as have several Hacking Team customers – many of which are apparently easily crackable.
That may have been the reason why the controversial Italian firm’s Twitter account was defaced at the same time, and used to post pictures of the data.
Hacking Team has long been criticized for enabling states with dubious human rights records to spy on their citizens.
The data dump released appears to corroborate that, with customers including Sudan, Saudi Arabia, Oman, and Kazakhstan. The United States is also a major customer, with the FBI having bought its spyware in the past, the documents show.
It’s not been confirmed whether these are all legitimate files, although the Milan-based firm has now admitted that it has suffered a breach.
Hacking Team’s products include Remote Control System (RCS), aka Galileo, which the firm claims will help customers “evade encryption” via an agent installed on the target’s device.
“Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable,” its website explains.
ESET security specialist, Mark James, claimed the breach would be a major blow to Hacking Team.
“The type of software they sell relies on a very high degree of not only secrecy but trust. Unfortunately for them both of those have been compromised overnight. The type of data found included invoices and agreements from governments and organizations they clearly have stated they have no affiliation with,” he said.
This article has been extracted from http://www.infosecurity-magazine.com, please click on this link to read the article in full http://www.infosecurity-magazine.com/news/hacking-team-hacked-in-400gb-breach/
Montash is a multi-award winning global technology recruitment business. Specialising in permanent and contract positions across mid-senior appointments across a wide range of industry sectors and IT functions, including:
ERP Recruitment, BI & Data Recruitment, Information Security Recruitment, Enterprise Architecture & Strategy Recruitment , Energy Technology Recruitment, Demand IT and Business Engagement Recruitment, Digital and E-commerce Recruitment, Leadership Talent, Infrastructure and Service Delivery Recruitment, Project and Programme Delivery Recruitment.
Montash is headquartered in Old Street, London, in the heart of the technology hub. Montash has completed assignments in over 30 countries and has appointed technical professionals from board level to senior and mid-management in permanent and contract roles.