By Heini Järvinen

On 5 July, Italian surveillance technology company Hacking Team was hacked. 400GB of data from its servers was shared on BitTorrent, and Hacking Team employees’ emails, invoices and other documents posted publicly via the company’s own Twitter feed (that was renamed “Hacked Team” for the occasion). The authenticity of the documents has not been independently verified, but based on the scale of the breach and the data that the files contain, few experts are questioning the legitimacy of the documents.

Hacking Team is best known for its surveillance software Remote Control System (RCS, also known as Galileo, DaVinci and Ornella), which can be installed on a computer or a mobile phone without the user’s knowledge and is used to monitor the phone or Skype calls, text messages and emails.

Even though Hacking Team has repeatedly denied that its technology is being sold to repressive regimes, and has declared that they are not doing business with governments that are blacklisted by the EU, the US, NATO and other similar international organisations, invoices and contracts included in the hacked documents suggest that it has been selling its spyware to government agencies in countries such as Bahrain, Uzbekistan, Sudan, Azerbaijan, Saudi Arabia, Morocco, the United Arab Emirates, and Ethiopia. However, the company has also been in negotiations with Western countries like Germany and Poland. Last week, the head of the Cyprus Intelligence Service resigned following revelations that the island’s secret service had purchased Hacking Team’s software. The company has previously been accused of assisting repressive regimes in spying on their own citizens and of targeting human rights activists – for example, a 2013 report by Reporters Without Borders named Hacking Team as one of the “Corporate Enemies of the Internet”.

The company also claims that it is providing tools to “government agencies that can prevent crimes or terrorism”. The hacked data suggest, however, that the software may have been provided to non-state actors as well.

Spy Tech Company “Hacking Team” Gets Hacked (05.07.2015)
http://motherboard.vice.com/read/spy-tech-company-hacking-team-gets-hacked

For Arab Human Rights Defenders, Hacking Team Files Confirm Suspicions of State Surveillance
https://advocacy.globalvoicesonline.org/2015/07/08/for-arab-human-rights-defenders-hacking-team-files-confirm-suspicions-of-state-surveillance/

Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim (06.07.2015)
http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim

Intelligence Service chief steps down (11.07.2015)
http://in-cyprus.com/intelligence-service-chief-steps-down/

In Light of Hacking Team Leaks, EFF and Latin American Civil Society Groups Call for Greater Oversight of Surveillance Technology (07.07.2015)
https://www.eff.org/deeplinks/2015/07/eff-join-latin-american-civil-society-calls-greater-oversight-surveillance

A detailed look at Hacking Team’s emails about its repressive clients (07.07.2015)
https://firstlook.org/theintercept/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/

EDRi-gram_subscribe_banner

Twitter_tweet_and_follow_banner