Italian-based company “Hacking Team,” a notorious security firm accused of selling surveillance tech to corrupt governments, had a large trove of internal data leaked online late Sunday evening.

The hacker believed to be responsible, who goes by the Twitter handle Phineas Fisher, commandeered the company’s Twitter account before posting a link to a torrent file containing more than 400GB of data.


Changing the account’s name to “Hacked Team,” the hacker proceeded to mock the company’s poor security standards while posting screenshots of the obtained data.

One such email sent by Hacking Team CEO David Vincenzetti ironically mentions the infamous hack of “wannabe competitor” FinFisher, which lost 40G worth of internal data in 2014. Incredibly, Phineas Fisher also took credit for the FinFisher hack that year after posting the data to Reddit and Twitter.

“FinFisher, a wannabe competitor of ours, has been severely hacked,” Vincenzetti wrote at the time.

The data dump also revealed Hacking Team’s current battle with the United Nations, which recently began investigating the company for its dealings with Sudan.

“By the looks of it, Hacking Team has been stonewalling a 1-year UN investigation of the sale of their tech to Sudan,” noted Christopher Soghoian, Principal Technologist and Senior Policy Analyst with the ACLU.

Despite Hacking Team repeatedly denying the existence of business relationships with third-world regimes in the past, exposure of the documents has clearly proven otherwise.

An invoice from the data showed a €480,000 charge sent by Hacking Team to the Sudanese government for a down payment on the Remote Control System surveillance tool.

According to the torrent file listing, Hacking Team holds contracts with a multitude of despotic nations such as Saudi Arabia and Kazakhstan.

Another leaked invoice also revealed a $1,000,000 Birr (ETB) contract with Ethiopia, a country accused of surveilling journalists with Hacking Team technology just last year.

Lorenzo Franceschi-Bicchierai, an investigative journalist specializing in information security, stated that the hacker may have taken every single file on Hacking Team’s server.

Hacking Team employees, seemingly unable to take back the company’s Twitter account, eventually responded to the breach after some time, telling Twitter users not to download the documents due to an alleged virus.

Shortly after, the employee, who poorly chose to store his passwords in plaintext, had his Twitter account hacked as well.


Given the amount of information released, Hacking Team will undoubtedly be reeling from the leak for weeks to come as more secrets appear online.

Email: [email protected] (PGP Key)
OTR: [email protected]

Our 4th of July Super Sale has been extended! Get double Patriot Points and free shipping on the hottest items!

Related Articles