UPDATE–It has been absolutely brutal week for Hacking Team. All of the company’s documents, internal communications, emails with customers, and invoices have been published, including its dealings with oppressive regimes and customers in sanctioned countries. But even with all that, company officials said they have no plans to cease operations, even as they’re asking customers to stop using their surveillance products for the time being.
The attack on Hacking Team has become the talk of both the security industry and in government circles, as researchers, contractors, and actual and potential customers of the company have made their way through the email spool and other documents that have been published. For some companies, the process has been an uncomfortable one, seeing their names in the communications or on invoices. For researchers, it’s been a case of poring over the details of the Hacking Team’s technology and discovering who the company was selling it to.
The details have not been pretty. Published documents have shown that Hacking Team had dealings with government agencies in several countries considered to have oppressive governments, including Egypt, Sudan, and Ethiopia, as well as several United States law enforcement agencies. The documents also have revealed evidence that the company had technology to help target Tor users. But with all of that out in the open, company officials say that Hacking Team will continue to run its business.
“Of course, but we have recommended that clients suspend surveillance while we make upgrades,” Hacking Team spokesman Eric Rabe said in an email.
In a separate statement sent Wednesday morning, Rabe said that company officials are concerned that the release of the Hacking Team source code has made it possible for anyone to deploy a version of the surveillance product.
“HackingTeam’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice,” the statement says.
“Before the attack, HackingTeam could control who had access to the technology that was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so. We believe this is an extremely dangerous situation.”
It’s not clear exactly when Hacking Team was compromised, but the documents harvested during the attack were published on torrent sites Sunday evening. Company executives have been quiet since then, with Rabe being the lone public voice. He said Tuesday that the company is in the middle of a forensic investigation into the attack, but officials believe they know how it happened.
“Still underway but we know that this was a sophisticated attack and understand how it was carried out,” Rabe said.
Rabe also denied media reports that the company has a method for connecting to and controlling its systems deployed by customers.
“There have been reports that HackingTeam has ‘backdoors’ in its systems that would allow us to control the systems remotely. This is simply not true. Clients operate our technology on their own computer systems, and so it is clients who must take action to suspend operations,” Rabe said in the statement.
As devastating as the attack on Hacking Team has been, researchers and other observers say that the appetite for this kind of surveillance and intrusion software is only increasing, and even if Hacking Team failed, other companies would pick up the slack quickly.
“Hacking Team is just one player in a big market. I suspect others will continue just fine, and probably Hacking Team itself will resurface in a while,” security researcher Claudio Guarnieri said.
This story was updated on July 8 to add the material from Hacking Team’s statement.
