{ "id": "aae75531-b0a3-4921-84e0-5c04b721647c", "created_at": "2026-04-06T00:19:49.924845Z", "updated_at": "2026-04-10T03:25:23.13128Z", "deleted_at": null, "sha1_hash": "ee759f6dbef5cf8f79749cc4a2962a63b79a79fd", "title": "Spy Tech Company ‘Hacking Team’ Gets Hacked", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49406, "plain_text": "Spy Tech Company ‘Hacking Team’ Gets Hacked\r\nBy Lorenzo Franceschi-Bicchierai\r\nPublished: 2015-07-06 · Archived: 2026-04-05 13:16:32 UTC\r\nSometimes even the cops get robbed.\r\nThe controversial Italian surveillance company Hacking Team, which sells spyware to governments all around the\r\nworld, including agencies in Ethiopia, Morocco, the United Arab Emirates, as well as the US Drug Enforcement\r\nAdministration, appears to have been seriously hacked.\r\nVideos by VICE\r\nHackers have made 500 GB of client files, contracts, financial documents, and internal emails, some as recent as\r\n2015, publicly available for download.\r\nHacking Team’s spokesperson Eric Rabe did not immediately respond to Motherboard’s calls and email asking for\r\nverification that the hacked information is legitimate. Without confirmation from the company itself, it’s difficult\r\nto know what percentage of the files are real—however, based on the sheer size of the breach and the information\r\nin the files, the hack appears to be authentic.\r\nWhat’s more, the unknown hackers announced their feat through Hacking Team’s own Twitter account.\r\nThe hackers composed the tweets as if they were written by Hacking Team. “Since we have nothing to hide, we’re\r\npublishing all our e-mails, files, and source code,” the hackers wrote in a tweet, which included the link to around\r\n500 Gb of files.\r\nThe hackers also started tweeting a few samples of internal emails from the company. One of the screenshots\r\nshows an email dated 2014 from Hacking Team’s founder and CEO David Vincenzetti to another employee. In the\r\nemail, titled “Yet another Citizen Lab attack,” Vincenzetti links to a report from the online digital rights research\r\ncenter Citizen Lab, at the University of Toronto’s Munk School of Global Affairs, which has exposed numerous\r\ncases of abuse from Hacking Team’s clients.\r\nHacking Team has never revealed a list of its clients, and has always and repeatedly denied selling to sketchy\r\ngovernments, arguing that it has an internal procedure to address human rights concerns about prospective\r\ncustomers.\r\nThe email about Citizen Lab is filed in a folder called “Anti HT activists.” Claudio Guarnieri, a security researcher\r\nwho has investigated Hacking Team along with others at the Citizen Lab, was quick to point this out.\r\nInteresting, we fall under the\r\nClaudioJuly 6, 2015\r\nhttps://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked\r\nPage 1 of 3\n\nIt’s unclear exactly how much the hackers got their hands on, but judging from the size of the files, it’s certainly a\r\nlarge collection of internal files. A source who asked to speak anonymously due to the sensitivity of the issue, told\r\nme that based on the file names and folders in the leak, the hackers who hit Hacking Team “got everything.”\r\nA few hours after the initial hack, a list of alleged Hacking Team customers was posted on Pastebin. The list\r\nincludes past and current customers. Among the most notable, there are a few that were previously unknown, such\r\nas the FBI, Chile, Australia, Spain, and Iraq, among others.\r\nWe reached out to the hackers via direct message on Twitter, asking if they could comment. Their initial response,\r\n“sure, we got such good publicity from your last story!” referred to Motherboard’s report from April, which\r\nrevealed that the DEA had secretly purchased Hacking Team’s software for $2.4 million.\r\nThe hacker, or hackers, however, declined to comment for now.\r\nMany security researchers and human rights activists reacted to the hack with sarcasm.\r\nWe also reached out to Vincenzetti, asking for his comments and reactions, and will update when and if we hear\r\nback. (In the past, Vincenzetti wrote on a mailing list that “[Motherboard] never reports on Hacking Team without\r\nsmug editorial comment,” so we’re not holding out our breath.)\r\nThe breach on Hacking Team comes almost a year after another surveillance tech company, the competing\r\nFinFisher, was hacked in a similar way, with a hacker leaking 40 Gb of internal files.\r\nFinFisher, like Hacking Team, sells surveillance software to law enforcement agencies across the world. Their\r\nsoftware, once surreptitiously installed on a target’s cell phone or computer, can be used to monitor the target’s\r\ncommunications, such as phone calls, text messages, Skype calls, or emails. Operators can also turn on the target’s\r\nwebcam and exfiltrate files from the infected device.\r\nIn one alleged internal email leaked today, Hacking Team’s Vincenzetti gloated over FinFisher’s hack, writing that\r\n“a wannabe competitor of ours has been severely hacked.”\r\nhttps://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked\r\nPage 2 of 3\n\nIt seems that Hacking Team has suffered the same fate.\r\nThis story has been updated to include information about the list of Hacking Team customers, and to add a\r\ncomment from a source on the extent of the damage.\r\nSource: https://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked\r\nhttps://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "MISPGALAXY", "Malpedia" ], "references": [ "https://www.vice.com/en_us/article/gvye3m/spy-tech-company-hacking-team-gets-hacked" ], "report_names": [ "spy-tech-company-hacking-team-gets-hacked" ], "threat_actors": [ { "id": "a3687241-9876-477b-aa13-a7c368ffda58", "created_at": "2022-10-25T16:07:24.496902Z", "updated_at": "2026-04-10T02:00:05.010744Z", "deleted_at": null, "main_name": "Hacking Team", "aliases": [], "source_name": "ETDA:Hacking Team", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "e90c06e4-e3e0-4f46-a3b5-17b84b31da62", "created_at": "2023-01-06T13:46:39.018236Z", "updated_at": "2026-04-10T02:00:03.183123Z", "deleted_at": null, "main_name": "Hacking Team", "aliases": [], "source_name": "MISPGALAXY:Hacking Team", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434789, "ts_updated_at": 1775791523, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/ee759f6dbef5cf8f79749cc4a2962a63b79a79fd.pdf", "text": "https://archive.orkl.eu/ee759f6dbef5cf8f79749cc4a2962a63b79a79fd.txt", "img": "https://archive.orkl.eu/ee759f6dbef5cf8f79749cc4a2962a63b79a79fd.jpg" } }