Hacking Team
HackingTeam is a Milan-based information technology company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor human rights records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe.
HackingTeam employs around 40 people in its Italian office, and has subsidiary branches in Annapolis, Washington, D.C., and Singapore. Its products are in use in dozens of countries across six continents.
History
HackingTeam was founded in 2003 by two Italian entrepreneurs: David Vincenzetti and Valeriano Bedeschi. In 2007 the company was invested by two Italian VC: Fondo Next and Innogest. The Milan police department learned of the company. Hoping to use its tool to spy on Italian citizens and listen to their Skype calls, the police contacted Vincenzetti and asked him to help. HackingTeam became "the first sellers of commercial hacking software to the police”.According to former employee Alberto Pelliccione, the company began as security services provider, offering penetration testing, auditing and other defensive capabilities to clients. Pelliccione states that as malware and other offensive capabilities were developed and accounted for a larger percentage of revenues, the organization pivoted in a more offensive direction and became increasingly compartmentalized. Pelliccione claims fellow employees working on aspects of the same platform – for example, Android exploits and payloads – would not communicate with one another, possibly leading to tensions and strife within the organization.
In February 2014, a report from Citizen Lab identified the organisation to be using hosting services from Linode, Telecom Italia, Rackspace, NOC4Hosts and bullet proof hosting company Santrex.
On 5 July 2015 the company suffered a major data breach of customer data, software code, internal documents and e-mails. See: [|§ 2015 data breach]
On 2 April 2019 Hackingteam was acquired by InTheCyber to create Memento Labs
Products and capabilities
HackingTeam enables clients to perform remote monitoring functions against citizens via their RCS, including their Da Vinci and Galileo platforms:- Covert collection of emails, text message, phone call history and address books
- Keystroke logging
- Uncover search history data and take screenshots
- Record audio from phone calls
- Activate phone or computer cameras
- Hijack telephone GPS systems to monitor target's location
- Infect target computer's UEFI BIOS firmware with a rootkit
- Extract WiFi passwords
- Exfiltrate Bitcoin and other cryptocurrency wallet files to collect data on local accounts, contacts and transaction histories.
The malware has payloads for Android, BlackBerry, Apple iOS, Linux, Mac OS X, Symbian, as well as Microsoft Windows, Windows Mobile and Windows Phone class of operating systems.
RCS is a management platform that allows operators to remotely deploy exploits and payloads against targeted systems, remotely manage devices once compromised, and exfiltrate data for remote analysis.
Controversies
Use by repressive governments
HackingTeam has been criticized for selling its products and services to governments with poor human rights records, including Sudan, Bahrain, Venezuela, and Saudi Arabia.In June 2014, a United Nations panel monitoring the implementation of sanctions on Sudan requested information from HackingTeam about their alleged sales of software to the country in contravention of United Nations weapons export bans to Sudan. Documents leaked in the 2015 data breach of HackingTeam revealed the organization sold Sudanese National Intelligence and Security Service access to their "Remote Control System" software in 2012 for 960,000 Euros.
In response to the United Nations panel, the company responded in January 2015 that they were not currently selling to Sudan. In a follow-up exchange, HackingTeam asserted that their product was not controlled as a weapon, and so the request was beyond the scope of the panel. There was no need for them to disclose previous sales, which they considered confidential business information.
The U.N. disagreed. "The view of the panel is that as such software is ideally suited to support military electronic intelligence operations it may potentially fall under the category of 'military... equipment' or 'assistance' related to prohibited items," the secretary wrote in March. "Thus its potential use in targeting any of the belligerents in the Darfur conflict is of interest to the Panel."
In the fall of 2014, the Italian government abruptly froze all of HackingTeam's exports, citing human rights concerns. After lobbying Italian officials, the company temporarily won back the right to sell its products abroad.
2015 data breach
On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who published an announcement of a data breach against HackingTeam's computer systems. The initial message read, "Since we have nothing to hide, we're publishing all our e-mails, files, and source code..." and provided links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code; which were leaked via BitTorrent and Mega. An announcement of the data breach, including a link to the bittorrent seed, was retweeted by WikiLeaks and by many others through social media.The material was voluminous and early analysis appeared to reveal that HackingTeam had invoiced the Lebanese Army and Sudan and that spy tools were also sold to Bahrain and Kazakhstan. HackingTeam had previously claimed they had never done business with Sudan.
The leaked data revealed a zero-day cross-platform Flash exploit on Twitter. Phineas has previously attacked spyware firm Gamma International, who produce malware, such as FinFisher, for governments and corporations. In 2016, Phineas published details of the attack, in Spanish and English, as a "how-to" for others, and explained the motivations behind the attack.
The internal documents revealed details of HackingTeam's contracts with repressive governments. In 2016, the Italian government again revoked the company's license to sell spyware outside of Europe without special permission.
Customer list
HackingTeam's clientele include not just governments, but also corporate clients such as Barclay's Bank and British Telecom of the United Kingdom, as well as Deutsche Bank of Germany.A full list of HackingTeam's customers were leaked in the 2015 breach. Disclosed documents show HackingTeam had 70 current customers, mostly military, police, federal and provincial governments. The total company revenues disclosed exceeded 40 million Euros.
| Customer | Country | Area | Agency | Year First Sale | Annual Maintenance Fees | Total Client Revenues |
| Polizia Postale e delle Comunicazioni | Italy | Europe | LEA | 2004 | €100,000 | €808,833 |
| Centro Nacional de Inteligencia | Spain | Europe | Intelligence | 2006 | €52,000 | €538,000 |
| Infocomm Development Authority of Singapore | Singapore | APAC | Intelligence | 2008 | €89,000 | €1,209,967 |
| Information Office | Hungary | Europe | Intelligence | 2008 | €41,000 | €885,000 |
| CSDN | Morocco | MEA | Intelligence | 2009 | €140,000 | €1,936,050 |
| UPDF, ISO, Office of the President | Uganda | Africa | Intelligence | 2015 | €831,000 | €52,197,100 |
| Italy - DA - Rental | Italy | Europe | Other | 2009 | €50,000 | €628,250 |
| Malaysian Anti-Corruption Commission | Malaysia | APAC | Intelligence | 2009 | €77,000 | €789,123 |
| PCM | Italy | Europe | Intelligence | 2009 | €90,000 | €764,297 |
| SSNS - Ungheria | Hungary | Europe | Intelligence | 2009 | €64,000 | €1,011,000 |
| CC - Italy | Italy | Europe | LEA | 2010 | €50,000 | €497,349 |
| Al Mukhabarat Al A'amah | Saudi Arabia | MEA | Intelligence | 2010 | €45,000 | €600,000 |
| IR Authorities | Luxembourg | Europe | Other | 2010 | €45,000 | €446,000 |
| La Dependencia y/o CISEN | Mexico | LATAM | Intelligence | 2010 | €130,000 | €1,390,000 |
| UZC | Czech Republic | Europe | LEA | 2010 | €55,000 | €689,779 |
| Egypt - MOD | Egypt | MEA | Other | 2011 | €70,000 | €598,000 |
| Federal Bureau of Investigation | USA | North America | LEA | 2011 | €100,000 | €697,710 |
| Oman - Intelligence | Oman | MEA | Intelligence | 2011 | €30,000 | €500,000 |
| President Security | Panama | LATAM | Intelligence | 2011 | €110,000 | €750,000 |
| Turkish National Police | Turkey | Europe | LEA | 2011 | €45,000 | €440,000 |
| UAE - MOI | UAE | MEA | LEA | 2011 | €90,000 | €634,500 |
| National Security Service | Uzbekistan | Europe | Intelligence | 2011 | €50,000 | €917,038 |
| Department of Defense | USA | North America | LEA | 2011 | €190,000 | |
| Bayelsa State Government | Nigeria | MEA | Intelligence | 2012 | €75,000 | €450,000 |
| Estado del Mexico | Mexico | LATAM | LEA | 2012 | €120,000 | €783,000 |
| Information Network Security Agency | Ethiopia | MEA | Intelligence | 2012 | €80,000 | €750,000 |
| State security | Luxemburg | Europe | Other | 2012 | €38,000 | €316,000 |
| Italy - DA - Rental | Italy | Europe | Other | 2012 | €60,000 | €496,000 |
| MAL - MI | Malaysia | APAC | Intelligence | 2012 | €77,000 | €552,000 |
| Direction générale de la surveillance du territoire | Morocco | MEA | Intelligence | 2012 | €160,000 | €1,237,500 |
| National Intelligence and Security Service | Sudan | MEA | Intelligence | 2012 | €76,000 | €960,000 |
| Russia - KVANT | Russia | Europe | Intelligence | 2012 | €72,000 | €451,017 |
| Saudi - GID | Saudi | MEA | LEA | 2012 | €114,000 | €1,201,000 |
| SIS of National Security Committee of Kazakhstan | Kazakhstan | Europe | Intelligence | 2012 | €140,000 | €1,012,500 |
| The 5163 Army Division | S. Korea | APAC | Other | 2012 | €67,000 | €686,400 |
| UAE - Intelligence | UAE | MEA | Other | 2012 | €150,000 | €1,200,000 |
| Central Intelligence Agency | USA | North America | Intelligence | 2011 | ||
| Drug Enforcement Administration | USA | North America | Other | 2012 | €70,000 | €567,984 |
| Central Anticorruption Bureau | Poland | Europe | LEA | 2012 | €35,000 | €249,200 |
| MOD Saudi | Saudi | MEA | Other | 2013 | €220,000 | €1,108,687 |
| PMO | Malaysia | APAC | Intelligence | 2013 | €64,500 | €520,000 |
| Estado de Qeretaro | Mexico | LATAM | LEA | 2013 | €48,000 | €234,500 |
| National Security Agency | Azerbaijan | Europe | Intelligence | 2013 | €32,000 | €349,000 |
| Gobierno de Puebla | Mexico | LATAM | Other | 2013 | €64,000 | €428,835 |
| Gobierno de Campeche | Mexico | LATAM | Other | 2013 | €78,000 | €386,296 |
| AC Mongolia | Mongolia | APAC | Intelligence | 2013 | €100,000 | €799,000 |
| Dept. of Correction Thai Police | Thailand | APAC | LEA | 2013 | €52,000 | €286,482 |
| National Intelligence Secretariat | Ecuador | LATAM | LEA | 2013 | €75,000 | €535,000 |
| Police Intelligence Directorate | Colombia | LATAM | LEA | 2013 | €35,000 | €335,000 |
| Guardia di Finanza | Italy | Europe | LEA | 2013 | €80,000 | €400,000 |
| Intelligence | Cyprus | Europe | LEA | 2013 | €40,000 | €375,625 |
| MidWorld | Bahrain | MEA | Intelligence | 2013 | €210,000 | |
| Mexico - PEMEX | Mexico | LATAM | LEA | 2013 | €321,120 | |
| Malysia K | Malaysia | APAC | LEA | 2013 | €0 | |
| Honduras | Honduras | LATAM | LEA | 2014 | €355,000 | |
| Mex Taumalipas | Mexico | LATAM | 2014 | €322,900 | ||
| Secretaría de Planeación y Finanzas | Mexico | LATAM | LEA | 2014 | €91,000 | €371,035 |
| AREA | Italia | Europe | 2014 | €430,000 | ||
| Mexico Yucatán | Mexico | LATAM | LEA | 2014 | €401,788 | |
| Mexico Durango | Mexico | LATAM | LEA | 2014 | €421,397 | |
| Investigations Police of Chile | Chile | LATAM | LEA | 2014 | €2,289,155 | |
| Jalisco Mexico | Mexico | LATAM | LEA | 2014 | €748,003 | |
| Royal Thai Army | Thailand | APAC | LEA | 2014 | €360,000 | |
| Vietnam GD5 | Vietnam | APAC | 2014 | €281,170 | ||
| Kantonspolizei Zürich | Switzerland | Europe | LEA | 2014 | €486,500 | |
| Vietnam GD1 | Vietnam | APAC | LEA | 2015 | €543,810 | |
| Egypt TRD GNSE | Egypt | MEA | LEA | 2015 | €137,500 | |
| Lebanese Army | Lebanon | MEA | LEA | 2015 | ||
| Federal Police Department | Brazil | LATAM | LEA | 2015 | ||
| National Anticorruption Directorate | Romania | DNA | Intelligence | 2015 | ||
| State Informative Service | Albania | Europe | SHIK | 2015 |