Spyware maker Hacking Team just asked its customers to stop using its software in the wake of a large data breach. Good! Because Hacking Team is a corrupt trashcan company that provides weapons to criminals.
The information exposed by hackers this week makes it clear that the Italian company doesn’t give a shit if groups with horrible human rights track records use its software. Hacking Team has had a reputation for being impressively sketchy for years. Reporters Without Borders named it one of its “enemies of the internet” and called it a “digital mercenary” for its role supplying repressive governments with intrusive spy tools, which allow customers to remotely access cameras and microphones, record phone calls and keystrokes, and track internet use and messages. It’s as invasive as a spyware can get. It’s also the favored spyware of several domestic law enforcement agencies, including the FBI, DEA, and US Army.
But the hacked data trove reveals so much more information about the shady dealings of the company. Like emails documenting Hacking Team employees actively pursuing notorious government agencies, including Bangladesh’s anti-terrorism unit RAB, known for torture and unlawful killing. It shows a $480,000 invoice to Sudan’s National Intelligence and Security Services. (Hacking Team previously denied selling to Sudan.) The UN has an arms embargo on Sudan, but clearly Hacking Team doesn’t count its powerful tracking tool as a cyberweapon—or if it does, nobody at the company cares enough to stop selling to embargoed states.
The data confirms that Hacking Team sold powerful spy software to Ethiopia’s Information Network Security Agency, which uses its spyware to snoop on journalists, including journalists within the US. And that’s not all—as The Guardian points out, the data theft shows a creepy who’s who roster of human rights violators:
Leaked documents suggest that among Hacking Teams clients are the governments and security services of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia, and the UAE, many of whom have been criticized by international human rights organizations for their aggressive surveillance of citizens, activists and journalists both domestically and overseas.
This company is a digital arms dealer with zero qualms about selling to customers that have proven track records of using its software to violate citizens’ privacy.
Contact the author at kate.knibbs@gizmodo.com.
Public PGP key
PGP fingerprint: FF8F 0D7A AB19 6D71 C967 9576 8C12 9478 EE07 10C