Hacking Team

Surveillance software developer
Hacking Team

ORGANIZATION SUMMARY

Curious who made it possible for oppressive governments to defeat encryption and spy on citizens? The answer: Hacking Team.
Hacking Team
Hacking Team Overview ‧ read
Journalists have reported in great detail the true extent of U.S. and UK surveillance technologies. The Snowden files revealed how the NSA and GCHQ have spent millions developing techniques for hacking devices and spying on private citizens.

But what about governments that don’t have mega bucks to spend on R&D? Where do they get their surveillance systems from?

The answer, in many cases, is Hacking Team.

Hacking Team is a team of professionals “exclusively focused on offensive security.” Its Remote Control System (RCS) can “break encryption on emails, files and internet telephony protocols.” The RCS has been used by government agencies in more than 35 countries.

The company first hit the news in 2012, when the Moroccan government used its spyware to silence dissenting voices.

What's the story behind Hacking Team?

From defensive to offensive security

Hacking Team was founded by Italian programmers Alberto Ornaghi and Marco Valleri. They had previously created a set of software tools called Ettercap, which hackers and security professionals alike use to hack and monitor remote computers.

When police in Milan, Italy—where Hacking Team is headquartered—found out about Ettercap, they asked Ornaghi and Valleri to build a custom version for police to use to fight crime. And so the Milan police became the first paying customers of Hacking Team.

Hacking Team was incorporated in 2003 and initially focused on traditional, defensive security services, such as penetration testing. But according to a former employee, “Things changed when the customer base started to enlarge… They started to have physical security, there were cameras in the entrance and you needed a badge… I think that part of the reason was to avoid generating debates and discussions internally of who the customers were.”

I think that part of the reason was to avoid generating debates and discussions internally of who the customers were.
By 2016, the Hacking Team website claimed its staff had grown to over 50.

For sale: Intrusive spyware for surveillance states

Hacking Team began to increase its physical security when it started developing offensive security technology, which enables law enforcement and intelligence bodies around the world to access the encrypted devices, files, and communications of criminals and terrorists.

Hacking Team has helped governments beat encryption and spy on their surveillance targets. But, according to the company’s PR, Hacking Team never helped out the bad guys. The company claimed it never sold its services to countries blacklisted by international organizations like the EU and NATO. It also claimed that “an external committee of legal experts reviews each proposed sale to assure compliance with our policies.”

Hacking Team reportedly monitors and investigates abuses of all of its products and claimed that its spy software is “untraceable.”

The hackers hack the hackers

But all of those claims turned out to be false when Hacking Team was hacked in July 2015.

Before the hacks, Hacking Team had already been named one of the “Enemies of the Internet” by Reporters Without Borders in 2012. Reporters Without Borders documented Hacking Team’s supply of surveillance products to several states with poor human rights records.

Three years later, the full of extent of Hacking Team’s work with oppressive regimes was revealed when hackers released 400GB of the company’s files via Hacking Team’s own Twitter account.

The UN investigates Hacking Team

The leaked files included emails from the United Nations dating back to 2014, which showed that the UN had been investigating Hacking Team for supplying weapon-like software to Sudan. Hacking Team also supplied software to the FBI and the U.S. Department of Defense.

There are few countries [Hacking Team] aren’t willing to sell to. There are few lines they aren’t willing to cross.
After the revelations, Wired magazine described Hacking Team as “a global spying firm run amok.” Privacy International Deputy Director Eric King noted in the same article: “There are few countries [Hacking Team] aren’t willing to sell to. There are few lines they aren’t willing to cross.”

Hacking Team continues to supply government agencies

Hacking Team began with nobler intentions, it seems; it was built on the success of an open-source hacking tool. But once governments were willing to pay for its technology, Hacking Team didn’t let ethics triumph over commercial success.

Perhaps it was karma that Hacking Team got hacked. After all, Hacking Team did help oppressive governments do the same to private individuals. Either way, Hacking Team continues to provide spyware for government agencies around the world.