When hackers get hacked: Secretive spy software team falls victim to attack

Unhappy with Hacking Team for allegedly selling software to repressive governments, hackers publish stolen data.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala
3 min read

It seems no one is safe on the Internet.

The latest example: hackers claimed to breach the files of Italian spy software company Hacking Team and then used the company's own Twitter account to broadcast the information publicly Sunday.

The 400GB of files released on the Internet -- the equivalent of nearly 70 copies of the movie "Independence Day" in HD -- purported to reveal client lists and closely guarded software code, information that raised eyebrows in the world of cybersecurity and privacy.

Hacking Team, which sells software that can secretly take over a target's computer, has drawn criticism from privacy activists in the past. Various reports from activists and journalists accused the company of selling its product to governments that spied on dissidents.

The hack shows just how vulnerable we all are to data breaches. If anyone should have been able to prevent an intruder from compromising their files, you'd think it would be the people who sell spy software that steals other people's files. Apparently they weren't prepared, though. Of course, the company's fraught status in the hacking world might have made them more of a target to attackers than a regular person would be.

Interest in the hack spread quickly among activists and journalists, some of whom showed outright excitement at a controversial security company's embarrassment. The entire incident showed companies can expect scant pity from the hacking world if they are suspected of crossing certain ethical lines, such as helping governments spy on political dissidents.

Even Hacking Team can get hacked. CNET
As of Monday, activists and writers were jubilantly tweeting about the attack and poring over Hacking Team's internal files, trying to assemble as complete a list as possible of governments that use the company's spy software. Among the countries mentioned was Ethiopia, a government named by the Human Rights Watch as having suppressed political dissent prior to its elections in May, among other things.

Some on Twitter noted the very poor passwords apparently used on Hacker Team's systems, including variations on the word "password," such as "passw0rd," spelled with a zero instead of the letter o (Normal Internet users aren't much better, but hackers and security experts are expected to be more cautious).

What's more, a sense of revenge permeated the discussion.

"I hope whoever popped @hackingteam also drops a list of those targeted and exploited. Especially the journalists and human rights activists," tweeted cybersecurity journalist and commentator Jacob Applebaum.

The tweets from the hacked Hacking Team Twitter account mocked the company. The company logo and the name appearing next to the @HackerTeam Twitter handle in its messages were both changed to say "Hacked Team." One of the tweets featured a screenshot of an email about Sudan and human rights lawyers, under which the hacker tweeted sarcastically, "friends don't let friends get investigated for human rights violations." Activists said the country Sudan was named in company documents although Hacker Team had denied it was ever a client.

All the tweets were removed from the Hacking Team Twitter account by Monday. An archive of them is still online.

Christian Pozzi, a Hacking Team senior system and security engineer, tweeted several responses to the hack before disabling his account. Among the them, he said, "A lot of what the attackers are claiming regarding our company is not true. Please stop spreading false lies about the services we offer."