|This article relies too much on references to primary sources. (July 2015)|
|Founders||David Vincenzetti, Valeriano Bedeschi|
|Alberto Ornaghi, Marco Valleri|
Hacking Team is a Milan-based information technology company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records. Hacking Team states that they have the ability to disable their software if it is used unethically.
Hacking Team employs around 40 people in its Italian office, and has subsidiary branches in Annapolis, Washington, D.C. and Singapore. Its products are in use in dozens of countries across six continents.
Hacking Team was started by two Italian programmers: Alberto Ornaghi and Marco Valleri. Prior to the company's formal establishment, Ornaghi and Valleri created a set of tools that could be used to monitor and remotely manipulate target computers. The program, called Ettercap, was embraced both by hackers looking to spy on people, and by companies that hoped to test the security of their own networks.
The Milan police department learned of the tools. Hoping to use Ettercap to spy on Italian citizens and listen to their Skype calls, the police contacted Ornaghi and Valleri and asked them to help modify the program. Hacking Team was born, and became "the first sellers of commercial hacking software to the police."
According to former employee Alberto Pelliccione, the company began as security services provider, offering penetration testing, auditing and other defensive capabilities to clients. Pelliccione states that as malware and other offensive capabilities were developed and accounted for a larger percentage of revenues, the organization pivoted in a more offensive direction and became increasingly compartmentalized. Pelliccione claims fellow employees working on aspects of the same platform - for example, Android exploits and payloads - would not communicate with one another, possibly leading to tensions and strife within the organization.
In February 2014, a report from Citizen Lab identified the organisation to be using hosting services from Linode, Telecom Italia, Rackspace, NOC4Hosts and notorious bullet proof hosting company Santrex.
On July 5, 2015 the company suffered a major data breach of customer data, software code, internal documents and emails. - See: § 2015 data breach
Hacking Team enables clients to perform remote monitoring functions against citizens via their "Remote Control Systems" (RCS), including their "Da Vinci" and "Galileo" platforms:
- Covert collection of emails, text message, phone call history and address books
- Keystroke logging
- Uncover search history data and take screenshots
- Record audio from phone calls
- Activate phone or computer cameras
- Hijack telephone GPS systems to monitor target's location
- Infect target computer's UEFI BIOS firmware with a rootkit
- Extract WiFi passwords
- Exfiltrate Bitcoin and other cryptocurrency wallet files to collect data on local accounts, contacts and transaction histories.
RCS is a management platform that allows operators to remotely deploy exploits and payloads against targeted systems, remotely manage devices once compromised, and exfiltrate data for remote analysis.
Human rights implications
In June 2014, a United Nations panel monitoring the implementation of sanctions on Sudan requested information from Hacking Team about their alleged sales of software to the country in contravention of United Nations weapons export bans to Sudan. Documents leaked in the 2015 data breach of Hacking Team revealed the organization sold Sudanese National Intelligence and Security Service access to their "Remote Control System" software in 2012 for 960,000 Euros.
In response to the United Nations panel, the company responded in January 2015 that they were not currently selling to Sudan. In a follow-up exchange, Hacking Team asserted that their product was not controlled as a weapon, and so the request was beyond the scope of the panel. There was no need for them to disclose previous sales, which they considered confidential business information.
The U.N. disagreed. “The view of the panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of ‘military … equipment’ or ‘assistance’ related to prohibited items,” the secretary wrote in March. “Thus its potential use in targeting any of the belligerents in the Darfur conflict is of interest to the Panel.”
In the fall of 2014, the Italian government abruptly froze all of Hacking Team’s exports, citing human rights concerns. After lobbying Italian officials, the company eventually won back the right to sell its products abroad.
2015 data breach
On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who published an announcement of a data breach against Hacking Team's computer systems. The initial message read, "Since we have nothing to hide, we're publishing all our e-mails, files, and source code …" and provided links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code; which were leaked via BitTorrent and Mega. An announcement of the data breach, including a link to the bittorrent seed, was retweeted by WikiLeaks and by many others through social media.
The material was voluminous and early analysis appeared to reveal that Hacking Team had invoiced the Lebanese Army and Sudan and that spy tools were also sold to Bahrain and Kazakhstan. Hacking Team had previously claimed they had never done business with Sudan.
The leaked data revealed a zero-day cross-platform Flash exploit (CVE number: CVE-2015-5119). The dump included a demo of this exploit by opening Calculator from a test webpage. Adobe patched the hole on July 8, 2015. Another vulnerability involving Adobe was revealed in the dumps, which took advantage of a buffer overflow attack on an Adobe Open Type Manager DLL included with Microsoft Windows. The DLL is run in kernel mode, so the attack could perform privilege escalation to bypass the sandbox.
Also revealed in leaked data was Hacking Team employees' use of weak passwords, including 'P4ssword', 'wolverine', and 'universo'.
After a few hours without response from Hacking Team, member Christian Pozzi tweeted the company was working closely with police and "what the attackers are claiming regarding our company is not true." He also claimed the leaked archive "contains a virus" and that it constituted "false info". Shortly after these tweets, Pozzi's Twitter account itself was apparently compromised.
Responsibility for this attack was claimed by the hacker known as Phineas Fisher on Twitter. Phineas has previously attacked spyware firm Gamma International, who produce malware, such as FinFisher, for governments and corporations.
||This section is in a table format that may be better presented using prose. (September 2015)|
A full list of Hacking Team's customers were leaked in the 2015 breach. Disclosed documents show Hacking Team had 70 current customers, mostly military, police, federal and provincial governments. The total company revenues disclosed exceeded 40 million Euros.
|Customer||Country||Area||Agency||Year First Sale||Annual Maintenance Fees||Total Client Revenues|
|Polizia Postale e delle Comunicazioni||Italy||Europe||LEA||2004||€100,000||€808,833|
|Centro Nacional de Inteligencia||Spain||Europe||Intelligence||2006||€52,000||€538,000|
|Infocomm Development Authority of Singapore||Singapore||APAC||Intelligence||2008||€89,000||€1,209,967|
|UPDF (Uganda Peoples Defense Force), ISO (Internal Security Organization), Office of the President||Uganda||Africa||Intelligence||2015||€831,000||€52,197,100|
|Italy - DA - Rental||Italy||Europe||Other||2009||€50,000||€628,250|
|Malaysian Anti-Corruption Commission||Malaysia||APAC||Intelligence||2009||€77,000||€789,123|
|SSNS - Ungheria||Hungary||Europe||Intelligence||2009||€64,000||€1,011,000|
|CC - Italy||Italy||Europe||LEA||2010||€50,000||€497,349|
|Al Mukhabarat Al A'amah||Saudi Arabia||MEA||Intelligence||2010||€45,000||€600,000|
|IR Authorities (Condor)||Luxembourg||Europe||Other||2010||€45,000||€446,000|
|La Dependencia y/o CISEN||Mexico||LATAM||Intelligence||2010||€130,000||€1,390,000|
|Egypt - MOD||Egypt||MEA||Other||2011||€70,000||€598,000|
|Federal Bureau of Investigation||USA||North America||LEA||2011||€100,000||€697,710|
|Oman - Intelligence||Oman||MEA||Intelligence||2011||€30,000||€500,000|
|Turkish National Police||Turkey||Europe||LEA||2011||€45,000||€440,000|
|UAE - MOI||UAE||MEA||LEA||2011||€90,000||€634,500|
|National Security Service||Uzbekistan||Europe||Intelligence||2011||€50,000||€917,038|
|Department of Defense||USA||North America||LEA||2011||€190,000|
|Bayelsa State Government||Nigeria||MEA||Intelligence||2012||€75,000||€450,000|
|Estado del Mexico||Mexico||LATAM||LEA||2012||€120,000||€783,000|
|Information Network Security Agency||Ethiopia||MEA||Intelligence||2012||€80,000||€750,000|
|State security (Falcon)||Luxemburg||Europe||Other||2012||€38,000||€316,000|
|Italy - DA - Rental||Italy||Europe||Other||2012||€60,000||€496,000|
|MAL - MI||Malaysia||APAC||Intelligence||2012||€77,000||€552,000|
|Direction générale de la surveillance du territoire||Morocco||MEA||Intelligence||2012||€160,000||€1,237,500|
|National Intelligence and Security Service||Sudan||MEA||Intelligence||2012||€76,000||€960,000|
|Russia - KVANT||Russia||Europe||Intelligence||2012||€72,000||€451,017|
|Saudi - GID||Saudi||MEA||LEA||2012||€114,000||€1,201,000|
|SIS of National Security Committee of the Republic of Kazakhstan||Kazakhstan||Europe||Intelligence||2012||€140,000||€1,012,500|
|The 5163 Army Division (Alias of South Korean National Intelligence Service)||S. Korea||APAC||Other||2012||€67,000||€686,400|
|UAE - Intelligence||UAE||MEA||Other||2012||€150,000||€1,200,000|
|Drug Enforcement Administration||USA||North America||Other||2012||€70,000||€567,984|
|Central Anticorruption Bureau||Poland||Europe||LEA||2012||€35,000||€249,200|
|Estado de Qeretaro||Mexico||LATAM||LEA||2013||€48,000||€234,500|
|Gobierno de Puebla||Mexico||LATAM||Other||2013||€64,000||€428,835|
|Gobierno de Campeche||Mexico||LATAM||Other||2013||€78,000||€386,296|
|Dept. of Correction Thai Police||Thailand||APAC||LEA||2013||€52,000||€286,482|
|National Intelligence Secretariat||Ecuador||LATAM||LEA||2013||€75,000||€535,000|
|Police Intelligence Directorate||Colombia||LATAM||LEA||2013||€35,000||€335,000|
|Guardia di Finanza||Italy||Europe||LEA||2013||€80,000||€400,000|
|Mexico - PEMEX||Mexico||LATAM||LEA||2013||€321,120|
|Secretaría de Planeación y Finanzas||Mexico||LATAM||LEA||2014||€91,000||€371,035|
|Investigations Police of Chile||Chile||LATAM||LEA||2014||€2,289,155|
|Royal Thai Army||Thailand||APAC||LEA||2014||€360,000|
|Egypt TRD GNSE||Egypt||MEA||LEA||2015||€137,500|
|Lebanon Army Forces||Lebanon||MEA||LEA||2015|
|Federal Police Department||Brazil||LATAM||LEA||2015|
|State Informative Service||Albania||Europe||SHIK||2015|
- Vupen, 0-day exploit provider linked to Hacking Team.
- Mamfakinch, a citizen media organization targeted with malware allegedly developed by Hacking Team
- Batey, Angus (24 November 2011). "The spies behind your screen". The Telegraph. Retrieved 26 July 2015.
- "Enemies of the Internet: Hacking Team". Reporters Without Borders. Retrieved 24 April 2014.
- Marczak, Bill; Gaurnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (February 17, 2014). "Mapping Hacking Team's "Untraceable" Spyware".
- Kopstein, Joshua (10 March 2014). "Hackers Without Borders". The New Yorker. Retrieved 24 April 2014.
- Marquis-Boire, Morgan; Gaurnieri, Claudio; Scott-Railton, John; Kleemola, Katie (June 24, 2014). "Police Story: Hacking Team’s Government Surveillance Malware". Citizen Lab. University of Toronto. Retrieved August 3, 2014.
- Human Rights Watch (25 March 2014). "They Know Everything We Do". Retrieved 1 August 2015.
- Jeffries, Adrianne (13 September 2013). "Meet Hacking Team, the company that helps the police hack you". The Verge. Retrieved 21 April 2014.
- Farivar, Cyrus (20 July 2015) "Hacking Team goes to war against former employees, suspects some helped hackers". Ars Technica. Retrieved 26 July 2015.
- "Hacking Team’s US Nexus". 28 February 2014. Retrieved 2 August 2015.
- Stecklow, Steve; Sonne, Paul; Bradley, Matt (1 June 2011). "Mideast Uses Western Tools to Battle the Skype Rebellion". Wall Street Journal. Retrieved 26 July 2015.
- Lin, Philippe (July 13, 2015). "Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems". TrendLabs Security Intelligence Blog. Trend Micro. Retrieved July 26, 2015.
- "Advanced spyware for Android now available to script kiddies everywhere". Ars Technica. Retrieved on 2 August 2015.
- Farivar, Cyrus (14 July 2015). "Hacking Team broke Bitcoin secrecy by targeting crucial wallet file". Ars Technica. Retrieved 26 July 2015.
- Schneier, Bruce. "More on Hacking Team's Government Spying Software".
- "Hacking Team Tools Allow Governments To Take Full Control of Your Smartphone". Retrieved 2015-07-06.
- Guarnieri, Claudio; Marquis-Boire, Morgan (13 January 2014). "To Protect And Infect: The militarization of the Internet". At the 30th Chaos Communications Congress – "30C3". (Video or Audio). Chaos Computer Club. Retrieved on 15 August 2015.
- Currier, Cora; Marquis-Boire, Morgan. "A Detailed Look at Hacking Team’s Emails About Its Repressive Clients". Retrieved 7 July 2015.
- Hay Newman, Lily. "A Company That Sells Surveillance Software to Authoritarian Regimes Got Hacked Itself". Retrieved 2015-07-06.
- Myers West, Sarah. "Hacking Team Leaks Reveal Spyware Industry's Growth, Negligence of Human Rights". Retrieved 8 July 2015.
- Knibbs, Kate. "Hacking Team's Lame Excuse for Selling Digital Weapons to Sudan". Retrieved 2015-07-08.
- Hacked Team (@hackingteam) at the Wayback Machine (archived July 6, 2015)
- Inside malware makers "Hacking Team": hundreds of gigabytes of e-mails, files, and source code WikiLeaks on Twitter. July 6, 2015. Retrieved July 6, 2015.
- "Hacking Team hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan". Retrieved 2015-07-06.
- Hacking Team on Twitter[dead link]
- Ragan, Steve. "Hacking Team hacked, attackers claim 400GB in dumped data". Retrieved 2015-07-06.
- Khandelwal, Swati. "Zero-Day Flash Player Exploit Disclosed In 'Hacking Team' Data Dump". Retrieved 2015-07-06.
- Pi, Peter. "Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak". Retrieved 2015-07-08.
- Adobe Systems (corporate author). "Adobe Security Bulletin". Retrieved 2015-07-11.
- Tang, Jack. "A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak". Retrieved 2015-07-08.
- Whittaker, Zack. "Hacking Team used shockingly bad passwords". Retrieved 2015-07-06.
- "Christian Pozzi on Twitter". Retrieved 2015-07-06.
- "Christian Pozzi on Twitter". Retrieved 2015-07-06.
- "Christian Pozzi on Twitter". Retrieved 2015-07-06.
- "Christian Pozzi on Twitter: "Uh Oh - my twitter account was also hacked."". 2015-07-06. Retrieved 2015-07-06.
- Phineas Fisher [gammagrouppr] (6 July 2015). "gamma and HT down, a few more to go :)" (Tweet).
- Osbourne, Charlie. "Hacking Team: We won't 'shrivel up and go away' after cyberattack". Retrieved 2015-07-06.
- Kopstein, Justin (6 July 2015). "Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech". Vice Magazine.
- Weissman, Cale Guthrie (6 July 2015). "Hacked security company's documents show a laundry list of questionable clients".
- Ragan, Steve. "In Pictures: Hacking Team's hack curated". CSO Online (Australia).
- Hern, Alex (6 July 2015). "Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim". The Guardian. Retrieved 22 July 2015.
- Ragan, Steve (6 July 2015). "Hacking Team responds to data breach, issues public threats and denials". CSO Online. Retrieved 22 July 2015.
- Stevenson, Alastair (14 July 2015). "A whole bunch of downed government surveillance programs are about to go back online". Business Insider. Retrieved 22 July 2015.
- Jone Pierantonio. "Ecco chi ha bucato Hacking Team". International Business Times. Retrieved on 2 August 2015.
- Ediciones El País (8 July 2015). "Hacking Team: “Ofrecemos tecnología ofensiva para la Policía”". EL PAÍS. Retrieved on 2 August 2015.
- "The Hacking Team leak shows Mexico was its top client, but why?". Fusion. Retrieved on 2 August 2015.
- "Leaked emails from security firm Hacking Team show government use - Fortune". Fortune. Retrieved on 2 August 2015.
- "Leaked Documents Show FBI, DEA and U.S. Army Buying Italian Spyware". The Intercept. Retrieved on 2 August 2015.
- "Hacking Team's Equipment Got Stolen in Panama". Motherboard. Retrieved on 2 August 2015.
- Molina, Thabata (13 August 2015). "Panama to Investigate Martinelli in Hacking Team Spying Scandal". Panama Post. Retrieved 15 August 2015.
- "Hacking Team apparently violated EU rules in sale of spyware to Russian agency". Ars Technica. Retrieved on 2 August 2015.
- "How Hacking Team Created Spyware that Allowed the FBI To Monitor Tor Browser". The Intercept. Retrieved on 2 August 2015.
- McGrath, Ben (25 July 2015). "Further revelations in South Korean hacking scandal". World Socialist Web Site. Retrieved 26 July 2015.
- "The DEA Just Cancelled Its Contract With Hacking Team". Motherboard. Retrieved on 2 August 2015.
- Podour, Justin (23 July 2015). "#HackedTeam y Colombia: Cómo la vigilancia ayuda a un Estado violento". Telesur. Retrieved 26 July 2015.
- In Cyprus (11 July 2015)."Intelligence Service chief steps down". Retrieved 26 July 2015.
- Bahrain Center for Human Rights (15 July 2015). "Hacking Team's troubling connections to Bahrain" IFEX. Retrieved 26 July 2015.
- Lexime (14 July 2015). "Burime të sigurta, SHISH përdor programet përgjuese që prej 2015. Hacking Teams: Nuk e kemi nën kontroll sistemin!" (video). BalkanWeb. Retrieved 27 July 2015.
- Hacking Team: a zero-day market case study, Vlad Tsyrklevich's blog
- Perlroth, Nicole (10 October 2012). Ahead of Spyware Conference, More Evidence of Abuse. New York Times (Bits).
- Official website
- Hacking Team Archives - investigative reports published by The Citizen Lab
- WikiLeaks: The Hackingteam Archives - searchable database of 1 million internal emails
- Hacking Team presentations in the WikiLeaks "Spy Files"