Italian Spyware Pedlar Breached

An Italian company notorious for its lawful manufacture of spyware has found itself the victim of a major data breach, online media reported.

Milan-based Hacking Team, condemned by Reporters Without Borders on its Enemies of the Internet list, experienced a turning of tables yesterday as an unknown intrusion team made off with 400GB of sensitive documents, source code, and email communications.

The company operates legally under Italian laws, selling intrusion and surveillance software. It’s website includes splashes of phrases such as, “Thousands of encrypted communications per day. Get them in the clear”, “Invisible to the target. Evade computer security” and “Total control of your targets. Log everything you need. Always. Anywhere they are.”

Hacking Team’s Twitter account was also hijacked and used as a means to dump screenshots of some emails with supporting comments, including: “Since we have nothing to hide, we’re publishing all our e-mails, files, and source code.”

The company has drawn scorn from privacy advocates in the past, for its sale of legal software tools to governments and law enforcement agencies. One of its products, Da Vinci, has been tied to numerous cases of privacy invasion around the world.

The company’s customer list, leaked as part of yesterday’s trove, includes organisations in Italy, the US, the ex-Soviet bloc, South East Asia and the GCC.

Many of the locations on the list have accompanying invoices, which will be embarrassing to Hacking Team as it has denied doing business with many of those governments, including Sudan, which received an invoice for EUR480,000 and has been accused of multiple abuses by Human Rights Watch.