Over the weekend, Italian security and surveillance firm Hacking Team became a victim to a security breach. The company, which produces software which is used by governments around the world as part of their surveillance programs has for a long time been criticized for facilitating invasions of privacy and over the weekend, its Twitter feed was taken over, resulting in its name and profile picture being changed to read Hacked Team in what has been termed as a very serious security breach.
But the story does not end there; whoever was responsible for that breach also went ahead and released a torrent file providing access to 400GB of the company’s data where everybody could access it. The data included email exchanges, confidential documents and source coded.
Among the email exchanges leaked by Wikileaks was one between the company and the Kenyan government. The email revealed how in May this year the Hacking Team declined a request from the Kenya government to bring down KahawaTungu blog, a local blog known for its controversial stories. That aside, the Hacking Team has now issued a warning that terrorists may now have use of the spying tools
The email is one of the more than 1 million searchable emails released by Wikileaks from the Italian surveillance malware vendor Hacking Team, which first came under international scrutiny after WikiLeaks publication of the SpyFiles.
According to the Hacking Team, a major threat exists as a result of the source code having been made available online. The security outfit has already launched an investigation in the wake of the breach and has since determined that “sufficient code was released to permit anyone to deploy the software against any target of their choice”
Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the security breach, the company is worried that the ability to control who uses the technology has been lost. It says terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.
There have been reports that Hacking Team has ‘backdoors’ in its systems that would allow us to control the systems remotely. The company has dismissed this and says its clients operate the technology on their own computer systems, and so it is clients who must take action to suspend operations.
Hacking Team engineers are now working around the clock to provide an update to the Remote Control System that will allow clients to resume criminal and intelligence investigations. In the meantime, all clients have suspended use of the system that was compromised in the attack.