Hacking Team data leak 'reveals links to Sudan and Russia'
Cyber criminals hack spy tool vendor to 'show it sold products to UN-embargoed Sudan'


A surveillance and exploit tool vendor has been hacked, with documents revealing commercial links to countries it has denied doing business with.
The Italian company, Hacking Team, specialises in "offensive security", providing software to gain access to systems and collect data undetected.
However, its network was compromised at some point on Sunday evening by unknown cyber criminals, who hijacked its Twitter page to rename it 'Hacked Team', and posted a link to a torrent containing 400GB of stolen information.
The leaked files appear to show links between Hacking Team and countries such as Sudan and the United Arab Emirates.
Both governments have been criticised by Human Rights Watch in the past for oppressive regimes, and Sudan in particular is currently under a UN trade embargo.
A report by Citizen Lab in 2014 suggested that Hacking Team's Remote Control software was in use in the Sudan despite the embargo banning this, and a UN investigation has been ongoing for around a year.
Hacking Team has previously stated that it "has no business relations or any agreements that would allow the Sudan or any entity in its territory to use the software", but the leaked files suggest this is not true.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
An invoice dated 5 September 2012 references a contract signed on 29 June that year between Sudan and Hacking Team.
The contract, apparently for the vendor's Remote Control software, was worth 960,000.
An internal maintenance document listing customers' subscription statuses also lists Sudan as "not officially supported" a category it shares with Russia.
Speaking with IBTimes in 2013, Eric Rabe, Hacking Team's head of communications, was keen to emphasise the legality of the company's dealings.
"The process under which Hacking Team sells its products is designed to make sure they are not abused and they are used in accordance with the applicable laws and international standards such as black lists that restrict where some products like this can be sold," he told the site.
Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.
Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.
You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.
-
What is polymorphic malware?
Explainer Polymorphic malware constantly changes its code to avoid detection, making it a top cybersecurity threat that demands advanced, behavior-based defenses
-
Outgoing Kaseya CEO teases "this is just the beginning" for the company
Opinion We spoke to Fred Voccola who remains a key figurehead at the firm as it enters its next chapter...
-
Capita tells pension provider to 'assume' nearly 500,000 customers' data stolen
Capita told the pension provider to “work on the assumption” that data had been stolen
-
2022 Public Sector Identity Index Report
Whitepaper UK Report
-
UK, US condemn Iran for ‘unprecedented’ cyber attack against Albania
News The Balkan nation has cut ties with Iran following the hack, which took down national infrastructure and exposed government information
-
Gumtree site code made personal data of users and sellers publicly accessible
News Anyone could scan the website's HTML code to reveal personal information belonging to users of the popular second-hand classified adverts website
-
Pizza chain exposed 100,000 employees' Social Security numbers
News Former and current staff at California Pizza Kitchen potentially burned by hackers
-
Majority of UK's top business leaders are failing to manage supply chain security risks
News New findings from a DCMS review have sparked concern in government which could see new laws introduced to protect Britain's digital supply chains
-
83% of critical infrastructure companies have experienced breaches in the last three years
News Survey finds security practices are weak if not non-existent in critical firms
-
Identity Automation launches credential breach monitoring service
News New monitoring solution adds to the firm’s flagship RapidIdentity platform