An Italian developer of surveillance software, Hacking Team, which has previously been sharply criticized by digital activists, has apparently suffered a large data breach.
Hacking Team develops surveillance tools that it has maintained are legally sold to governments for law-abiding investigations. But critics contend the company’s software has been used to spy on dissidents, human rights activists and journalists.
On Sunday, it appeared that Hacking Team’s Twitter feed was taken over. The banner on the page had been changed to “Hacked Team.” Several posts contained screenshots that are purportedly of the stolen data, which included emails sent by Hacking Team’s founder and CEO, Vincent Vincenzetti.
Hacking Team officials could not be immediately reached for comment.
The data stolen amounts to some 400GB, according to Christopher Soghoian, principal technologist for the Speech, Privacy and Technology project of the American Civil Liberties Union.
Soghoian, who has frequently criticized Hacking Team, wrote in another Twitter post that the data “dump includes an .xls spreadsheet listing every government client, when they first bought HT and revenue to date.”
That kind of data, if accurate, could be immensely damaging to Hacking Team, which has sought to defend its operations amid a variety of accusations from critics over who buys its software and how it’s used.
Hacking Team has been under consistent fire from organizations such as the University of Toronto’s Citizen Lab. One of Hacking Team’s main products is the Remote Control System, which is a suite of tools that enables secret remote access of a computer.
In a February 2014 study, Citizen Lab said RCS appears to have been used by 21 countries such as Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE and Uzbekistan.
Some of those countries, Citizen Lab noted, have questionable human rights records, and it’s believed that some governments may have used RCS to monitor the activities of civil rights activists.