Unidentified hackers recently released 400 GB of what they claim are internal documents belonging to the Italian company Hacking Team, which provides hacking tools (or, as the company puts it, "effective, easy-to-use offensive technology") to governments worldwide.
If they're legitimate, the Guardian notes, the documents indicate the company worked with the governments of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia, and the United Arab Emirates. Among the documents is an invoice for €480,000 to the Sudanese national intelligence service.
Wired reports that the documents also indicate the FBI has paid HackingTeam a total of €697,710 since 2011, when it first purchased HackingTeam's "Remote Control Service" hacking software through a shell company named CICOM USA.
"Congress has never explicitly granted law enforcement agencies the power to hack," ACLU principal technologist Christopher Soghoian told Wired. "And there have never been any congressional hearings on the topic."
"We need to have a national debate about whether we want law enforcement agencies to be able to hack into the computers of targets," Soghoian added. "This is too dangerous a tool for them to start using by themselves."
The full list of alleged Hacking Team customers, according to Privacy International, is as follows: Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, the United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, the Czech Republic, Germany, Hungary, Italy, Luxembourg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, and the UAE.
"Hacking Team is one of the most aggressive companies currently supplying governments with hacking tools," Privacy International deputy director Eric King said in a statement. "Yesterday's leak of materials reportedly shows how Hacking Team assisted some of the world's most repressive regimes - from Bahrain to Uzbekistan, Ethiopia to Sudan - to spy on their citizens."
"Surveillance companies like Hacking Team have shown they are incapable of responsibly regulating themselves, putting profit over ethics, time after time," King added. "Since surveillance companies continue to ignore their role in repression, democratic states must step in to halt their damaging business practices."
RedSeal CTO Dr. Mike Lloyd told eSecurity Planet by email that the breach also shows that even experts make mistakes. "Unfortunately, even the best run networks have defensive gaps, and relying on human experts to find and fix all the issues has once again proven to be insufficient," he said. "Increased automation is the necessary response to all the complexity of modern infrastructure."
"The great majority of breaches track back to basic, well-known issues that are obvious in hindsight, when filtered out from the vast amount of signal on what might go wrong," Lloyd added.
Photo courtesy of Shutterstock.