Hacking Team was a

Milan Milan ( , , ; ) is a city in northern Italy, regional capital of Lombardy, the largest city in Italy by urban area and the List of cities in Italy, second-most-populous city proper in Italy after Rome. The city proper has a population of nea ...

-based

information technology Information technology (IT) is a set of related fields within information and communications technology (ICT), that encompass computer systems, software, programming languages, data processing, data and information processing, and storage. Inf ...

company that sold offensive intrusion and

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing, or directing. This can include observation from a distance by means of electronic equipment, such as ...

capabilities to governments, law enforcement agencies and corporations. Its "''Remote Control Systems''" enable governments and corporations to monitor the communications of internet users, decipher their

encrypted In cryptography, encryption (more specifically, encoding) is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plain ...

files and emails, record

Skype Skype () was a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for IP-based videotelephony, videoconferencing and voice calls. It also had instant messaging, file transfer, ...

and other

Voice over IP Voice over Internet Protocol (VoIP), also known as IP telephony, is a set of technologies used primarily for voice communication sessions over Internet Protocol (IP) networks, such as the Internet. VoIP enables voice calls to be transmitted as ...

communications, and remotely activate microphones and camera on target computers. The company has been criticized for providing these capabilities to governments with poor

human rights Human rights are universally recognized Morality, moral principles or Social norm, norms that establish standards of human behavior and are often protected by both Municipal law, national and international laws. These rights are considered ...

records, though HackingTeam states that they have the ability to disable their software if it is used unethically. The Italian government has restricted their licence to do business with countries outside Europe. HackingTeam employs around 40 people in its Italian office, and has subsidiary branches in

Annapolis Annapolis ( ) is the capital of the U.S. state of Maryland. It is the county seat of Anne Arundel County and its only incorporated city. Situated on the Chesapeake Bay at the mouth of the Severn River, south of Baltimore and about east o ...

Washington, D.C. Washington, D.C., formally the District of Columbia and commonly known as Washington or D.C., is the capital city and federal district of the United States. The city is on the Potomac River, across from Virginia, and shares land borders with ...

, and

Singapore Singapore, officially the Republic of Singapore, is an island country and city-state in Southeast Asia. The country's territory comprises one main island, 63 satellite islands and islets, and one outlying islet. It is about one degree ...

.''

Human Rights Watch Human Rights Watch (HRW) is an international non-governmental organization that conducts research and advocacy on human rights. Headquartered in New York City, the group investigates and reports on issues including War crime, war crimes, crim ...

'' (25 March 2014)
"They Know Everything We Do"
. Retrieved 1 August 2015. Its products are in use in dozens of countries across six continents.

Company foundation

HackingTeam was founded in 2003 by Italian entrepreneurs Vincenzetti and Valeriano Bedeschi. In 2007 the company was invested by two Italian VC: Fondo Next and Innogest. The Milan police department learned of the company. Hoping to use its tool to spy on Italian citizens and listen to their Skype calls, the police contacted Vincenzetti and asked him to help. HackingTeam became "the first sellers of commercial hacking software to the police”. According to former employee Byamukama Robinhood, the company began as security services provider, offering

penetration testing A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed ...

, auditing and other defensive capabilities to clients. Byamukama states that as malware and other offensive capabilities were developed and accounted for a larger percentage of revenues, the organization pivoted in a more offensive direction and became increasingly compartmentalized. Byamukama claims fellow employees working on aspects of the same platform – for example, Android exploits and payloads – would not communicate with one another, possibly leading to tensions and strife within the organization. In February 2014, a report from

Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness an ...

identified the organisation to be using hosting services from

Linode Linode () is an American cloud hosting provider that focused on providing Linux-based virtual machines and cloud infrastructure. From the time of its launch in 2003, Linode provided virtual private server (VPS) hosting. Linode was acquired by ...

Telecom Italia TIM S.p.A. (formerly Telecom Italia S.p.A.) is an Italian telecommunications company with headquarters in Rome, Milan, and Naples (with the Telecom Italia Tower), which provides fixed, public and mobile telephony, and DSL data services. It is ...

Rackspace Rackspace Technology, Inc. is an American cloud computing company based in San Antonio, Texas. It also has offices in Blacksburg, Virginia, Blacksburg, Virginia and Austin, Texas, as well as in Australia, Canada, United Kingdom, India, Dubai, Sw ...

, NOC4Hosts and bullet proof hosting company Santrex. On 5 July 2015 the company suffered a major data breach of customer data, software code, internal documents and e-mails. (''See: § 2015 data breach'') On 2 April 2019 HackingTeam was acquired by InTheCyber Group to create Memento Labs.

Products and capabilities

Hacking Team enables clients to perform remote monitoring functions against citizens via their RCS (remote control systems), including their Da Vinci and Galileo platforms: *Covert collection of emails, text message, phone call history and address books *

Keystroke logging Keystroke logging, often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard, typically covertly, so that a person using the keyboard is unaware that their actions are being monitore ...

*Uncover search history data and take screenshots *Record audio from phone calls :*Capture audio and video stream from device memory to bypass

cryptography Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...

sessions :*Use microphones on device to collect ambient background noise and conversations *Activate phone or computer cameras *Hijack telephone GPS systems to monitor target's location *Infect target computer's

UEFI Unified Extensible Firmware Interface (UEFI, as an acronym) is a Specification (technical standard), specification for the firmware Software architecture, architecture of a computing platform. When a computer booting, is powered on, the UEFI ...

BIOS In computing, BIOS (, ; Basic Input/Output System, also known as the System BIOS, ROM BIOS, BIOS ROM or PC BIOS) is a type of firmware used to provide runtime services for operating systems and programs and to perform hardware initialization d ...

firmware In computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, h ...

with a

rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...

*Extract WiFi passwords"Advanced spyware for Android now available to script kiddies everywhere"
. ''Ars Technica''. Retrieved 2 August 2015. *Exfiltrate

Bitcoin Bitcoin (abbreviation: BTC; Currency symbol, sign: ₿) is the first Decentralized application, decentralized cryptocurrency. Based on a free-market ideology, bitcoin was invented in 2008 when an unknown entity published a white paper under ...

and other

cryptocurrency wallet A cryptocurrency wallet is a device, physical medium, program or an online service which stores the Public-key cryptography, public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cr ...

files to collect data on local accounts, contacts and transaction historiesFarivar, Cyrus (14 July 2015). "
HackingTeam broke Bitcoin secrecy by targeting crucial wallet file
''". ''Ars Technica''. Retrieved 26 July 2015. HackingTeam uses advanced techniques to avoid draining cell phone batteries, which could potentially raise suspicions, and other methods to avoid detection. The malware has payloads for Android,

BlackBerry BlackBerry is a discontinued brand of handheld devices and related mobile services, originally developed and maintained by the Canadian company Research In Motion (RIM, later known as BlackBerry Limited) until 2016. The first BlackBerry device ...

, Apple

iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

Mac OS X macOS, previously OS X and originally Mac OS X, is a Unix, Unix-based operating system developed and marketed by Apple Inc., Apple since 2001. It is the current operating system for Apple's Mac (computer), Mac computers. With ...

Symbian Symbian is a discontinued mobile operating system (OS) and computing platform designed for smartphones. It was originally developed as a proprietary software OS for personal digital assistants in 1998 by the Symbian Ltd. consortium. Symbian OS ...

, as well as

Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

Windows Mobile Windows Mobile is a discontinued mobile operating system developed by Microsoft for smartphones and personal digital assistants (PDA). Designed to be the portable equivalent of the Windows desktop OS in the emerging Mobile device, mobile/port ...

and

Windows Phone Windows Phone (WP) is a discontinued mobile operating system developed by Microsoft Mobile for smartphones as the replacement successor to Windows Mobile and Zune. Windows Phone featured a new user interface derived from the Metro design languag ...

class of

operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...

s.Guarnieri, Claudio; Marquis-Boire, Morgan (13 January 2014)
"To Protect And Infect: The militarization of the Internet"
. At the 30th

Chaos Communications Congress The Chaos Communication Congress is an annual hacker conference organized by the Chaos Computer Club. The congress features a variety of lectures and workshops on technical and political issues related to security, cryptography, privacy and ...

– "30C3". (Video or Audio).

Chaos Computer Club The Chaos Computer Club (CCC) is Europe's largest association of Hacker (computer security), hackers with 7,700 registered members. Founded in 1981, the association is incorporated as an ''eingetragener Verein'' in Germany, with local chapters ...

. Retrieved 15 August 2015. RCS is a management platform that allows operators to remotely deploy exploits and payloads against targeted systems, remotely manage devices once compromised, and exfiltrate data for remote analysis.

Controversies

Use by repressive governments

HackingTeam has been criticized for selling its products and services to governments with poor human rights records, including

Sudan Sudan, officially the Republic of the Sudan, is a country in Northeast Africa. It borders the Central African Republic to the southwest, Chad to the west, Libya to the northwest, Egypt to the north, the Red Sea to the east, Eritrea and Ethiopi ...

Bahrain Bahrain, officially the Kingdom of Bahrain, is an island country in West Asia. Situated on the Persian Gulf, it comprises a small archipelago of 50 natural islands and an additional 33 artificial islands, centered on Bahrain Island, which mak ...

Venezuela Venezuela, officially the Bolivarian Republic of Venezuela, is a country on the northern coast of South America, consisting of a continental landmass and many Federal Dependencies of Venezuela, islands and islets in the Caribbean Sea. It com ...

, and

Saudi Arabia Saudi Arabia, officially the Kingdom of Saudi Arabia (KSA), is a country in West Asia. Located in the centre of the Middle East, it covers the bulk of the Arabian Peninsula and has a land area of about , making it the List of Asian countries ...

. In June 2014, a

United Nations The United Nations (UN) is the Earth, global intergovernmental organization established by the signing of the Charter of the United Nations, UN Charter on 26 June 1945 with the stated purpose of maintaining international peace and internationa ...

panel monitoring the implementation of sanctions on Sudan requested information from HackingTeam about their alleged sales of software to the country in contravention of United Nations weapons export bans to Sudan. Documents leaked in the 2015 data breach of HackingTeam revealed the organization sold Sudanese National Intelligence and Security Service access to their "Remote Control System" software in 2012 for 960,000 Euros. In response to the United Nations panel, the company responded in January 2015 that they were not currently selling to Sudan. In a follow-up exchange, HackingTeam asserted that their product was not controlled as a weapon, and so the request was beyond the scope of the panel. There was no need for them to disclose previous sales, which they considered confidential business information. The U.N. disagreed. "The view of the panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of 'military ... equipment' or 'assistance' related to prohibited items," the secretary wrote in March. "Thus its potential use in targeting any of the belligerents in the Darfur conflict is of interest to the Panel." In the fall of 2014, the Italian government abruptly froze all of HackingTeam's exports, citing human rights concerns. After lobbying Italian officials, the company temporarily won back the right to sell its products abroad.

2015 data breach

On July 5, 2015, the

Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...

account of the company was compromised by an unknown individual who published an announcement of a

data breach A data breach, also known as data leakage, is "the unauthorized exposure, disclosure, or loss of personal information". Attackers have a variety of motives, from financial gain to political activism, political repression, and espionage. There ...

against HackingTeam's computer systems. The initial message read, "''Since we have nothing to hide, we're publishing all our e-mails, files, and source code ...''" and provided links to over 400

gigabyte The gigabyte () is a multiple of the unit byte for digital information. The SI prefix, prefix ''giga-, giga'' means 109 in the International System of Units (SI). Therefore, one gigabyte is one billion bytes. The unit symbol for the gigabyte i ...

s of data, including alleged internal e-mails, invoices, and

source code In computing, source code, or simply code or source, is a plain text computer program written in a programming language. A programmer writes the human readable source code to control the behavior of a computer. Since a computer, at base, only ...

; which were leaked via

BitTorrent BitTorrent is a Protocol (computing), communication protocol for peer-to-peer file sharing (P2P), which enables users to distribute data and electronic files over the Internet in a Decentralised system, decentralized manner. The protocol is d ...

and Mega. An announcement of the data breach, including a link to the bittorrent seed, was retweeted by

WikiLeaks WikiLeaks () is a non-profit media organisation and publisher of leaked documents. It is funded by donations and media partnerships. It has published classified documents and other media provided by anonymous sources. It was founded in 2006 by ...

and by many others through social media. The material was voluminous and early analysis appeared to reveal that HackingTeam had invoiced the

Lebanese Army The Lebanese Armed Forces (LAF; ), also known as the Lebanese Army (), is the national military of the Republic of Lebanon. It consists of three branches, the ground forces, the air force, and the navy. The motto of the Lebanese Armed Forces is ...

and

and that spy tools were also sold to

and

Kazakhstan Kazakhstan, officially the Republic of Kazakhstan, is a landlocked country primarily in Central Asia, with a European Kazakhstan, small portion in Eastern Europe. It borders Russia to the Kazakhstan–Russia border, north and west, China to th ...

. HackingTeam had previously claimed they had never done business with Sudan. The leaked data revealed a zero-day cross-platform Flash exploit ( CVE number: . The dump included a demo of this exploit by opening

Calculator An electronic calculator is typically a portable electronic device used to perform calculations, ranging from basic arithmetic to complex mathematics. The first solid-state electronic calculator was created in the early 1960s. Pocket-si ...

from a test webpage. Adobe

patched Patched (Ptc) is a conserved 12-pass transmembrane protein receptor that plays an obligate negative regulatory role in the Hedgehog signaling pathway in insects and vertebrates. Patched is an essential gene in embryogenesis for proper segme ...

the hole on July 8, 2015. Another vulnerability involving Adobe was revealed in the dumps, which took advantage of a buffer overflow attack on an Adobe Open Type Manager DLL included with

. The DLL is run in

kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...

, so the attack could perform

privilege escalation Privilege escalation is the act of exploiting a Software bug, bug, a Product defect, design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resource (computer science), resources that ar ...

to bypass the

sandbox A sandbox is a sandpit, a wide, shallow playground construction to hold sand, often made of wood or plastic. Sandbox or sand box may also refer to: Arts, entertainment, and media * Sandbox (band), a Canadian rock music group * Sandbox (Gu ...

. Also revealed in leaked data was HackingTeam employees' use of weak passwords, including 'P4ssword', 'wolverine', and 'universo'. After a few hours without response from HackingTeam, member Christian Pozzi tweeted the company was working closely with police and "''what the attackers are claiming regarding our company is not true.''" He also claimed the leaked archive "contains a virus" and that it constituted "false info". Shortly after these tweets, Pozzi's Twitter account itself was apparently compromised. Responsibility for this attack was claimed by the hacker known as "Phineas Fisher" (or Phisher) on Twitter. Phineas has previously attacked spyware firm

Gamma International Gamma Group is an Anglo-German technology company that sells surveillance software to governments and police forces around the world. The company has been strongly criticised by human rights organisations for selling its FinFisher software to ...

, who produce malware, such as

FinFisher FinFisher, also known as FinSpy, is surveillance software marketed by Lench IT Solutions plc, which markets the spyware through law enforcement channels. FinFisher can be covertly installed on targets' computers by exploiting security lapses in ...

, for governments and corporations. In 2016, Phineas published details of the attack, in Spanish and English, as a "how-to" for others, and explained the motivations behind the attack. The internal documents revealed details of HackingTeam's contracts with repressive governments. In 2016, the Italian government again revoked the company's license to sell spyware outside of Europe without special permission.

Use by Mexican drug cartels

Corrupt Mexican officials have helped drug cartels obtain state-of-the-art spyware (including Hacking Team spyware). The software has been used to target and intimidate Mexican journalists by drug cartels and cartel-entwined government actors.

Customer list

HackingTeam's clientele include not just governments, but also corporate clients such as

Barclays Barclays PLC (, occasionally ) is a British multinational universal bank, headquartered in London, England. Barclays operates as two divisions, Barclays UK and Barclays International, supported by a service company, Barclays Execution Services ...

and

British Telecom BT Group plc (formerly British Telecom) is a British Multinational corporation, multinational telecommunications holding company headquartered in London, England. It has operations in around 180 countries and is the largest provider of fixed-li ...

(BT) of the

United Kingdom The United Kingdom of Great Britain and Northern Ireland, commonly known as the United Kingdom (UK) or Britain, is a country in Northwestern Europe, off the coast of European mainland, the continental mainland. It comprises England, Scotlan ...

, as well as

Deutsche Bank Deutsche Bank AG (, ) is a Germany, German multinational Investment banking, investment bank and financial services company headquartered in Frankfurt, Germany, and dual-listed on the Frankfurt Stock Exchange and the New York Stock Exchange. ...

Germany Germany, officially the Federal Republic of Germany, is a country in Central Europe. It lies between the Baltic Sea and the North Sea to the north and the Alps to the south. Its sixteen States of Germany, constituent states have a total popu ...

. A full list of HackingTeam's customers were leaked in the 2015 breach. Disclosed documents show HackingTeam had 70 current customers, mostly military, police, federal and provincial governments. The total company revenues disclosed exceeded 40 million

Euro The euro (currency symbol, symbol: euro sign, €; ISO 4217, currency code: EUR) is the official currency of 20 of the Member state of the European Union, member states of the European Union. This group of states is officially known as the ...

s. On Sep 8, 2021, SentinelLABS released a research report about a Turkish threat actor EGoManiac, that used Remote Control System (RCS), software from the Italian infosec firm Hacking Team, which was operated between 2010 and 2016 and campaign run by Turkish TV journalists at OdaTV for spying Turkish police.

References

External links

*
HackingTeam Archives
- investigative reports published by The

{{Hacking in the 2010s Computer security software Spyware Surveillance Trojan horses Espionage techniques Espionage devices Malware toolkits Computer access control Cyberwarfare Espionage scandals and incidents Companies based in Milan Software companies established in 2003 Italian companies established in 2003 Spyware companies