HackingTeam

HackingTeam was founded in 2003 by Italian entrepreneurs Vincenzetti and Valeriano Bedeschi. In 2007 the company was invested by two Italian VC: Fondo Next and Innogest.{{cite news|url=http://espresso.repubblica.it/attualita/cronaca/2011/12/02/news/noi-i-padri-del-cyber-007-br-1.37951|title=Noi, i padri del cyber-007|date=2 December 2011|access-date=19 April 2019|archive-date=19 April 2019|archive-url=https://web.archive.org/web/20190419095838/http://espresso.repubblica.it/attualita/cronaca/2011/12/02/news/noi-i-padri-del-cyber-007-br-1.37951|url-status=live}}

The Milan police department learned of the company. Hoping to use its tool to spy on Italian citizens and listen to their Skype calls, the police contacted Vincenzetti and asked him to help.{{Cite web|last=Jeffries|first=Adrianne|date=2013-09-13|title=Meet Hacking Team, the company that helps the police hack you|url=https://www.theverge.com/2013/9/13/4723610/meet-hacking-team-the-company-that-helps-police-hack-into-computers|access-date=2021-08-20|website=The Verge|language=en|archive-date=24 March 2016|archive-url=https://web.archive.org/web/20160324174834/http://www.theverge.com/2013/9/13/4723610/meet-hacking-team-the-company-that-helps-police-hack-into-computers|url-status=live}} HackingTeam became "the first sellers of commercial hacking software to the police”.

According to former employee Byamukama Robinhood, the company began as security services provider, offering penetration testing, auditing and other defensive capabilities to clients.{{Cite web |last=Farivar |first=Cyrus |date=2015-07-20 |title=Hacking Team goes to war against former employees, suspects some helped hackers |url=https://arstechnica.com/information-technology/2015/07/italian-prosecutors-investigate-former-hacking-team-employees-for-role-in-hack/ |access-date=2024-04-11 |website=Ars Technica |language=en-us |archive-date=13 April 2019 |archive-url=https://web.archive.org/web/20190413154514/https://arstechnica.com/information-technology/2015/07/italian-prosecutors-investigate-former-hacking-team-employees-for-role-in-hack/ |url-status=live }} Byamukama states that as malware and other offensive capabilities were developed and accounted for a larger percentage of revenues, the organization pivoted in a more offensive direction and became increasingly compartmentalized. Byamukama claims fellow employees working on aspects of the same platform – for example, Android exploits and payloads – would not communicate with one another, possibly leading to tensions and strife within the organization.

In February 2014, a report from Citizen Lab identified the organisation to be using hosting services from Linode, Telecom Italia, Rackspace, NOC4Hosts and bullet proof hosting company Santrex.{{cite news|title=HackingTeam's US Nexus|url=https://citizenlab.org/2014/02/hacking-teams-us-nexus/|access-date=2 August 2015|date=28 February 2014|archive-date=12 July 2015|archive-url=https://web.archive.org/web/20150712120529/https://citizenlab.org/2014/02/hacking-teams-us-nexus/|url-status=live}}

On 5 July 2015 the company suffered a major data breach of customer data, software code, internal documents and e-mails. (See: § 2015 data breach)

On 2 April 2019 HackingTeam was acquired by InTheCyber Group to create Memento Labs.{{cite news|title=Nasce Memento Labs|url=https://www.key4biz.it/cyber-intelligence-nasce-memento-labs-dalla-fusione-delle-attivita-di-inthecyber-group-e-la-storica-hacking-team/252368/|date=2 April 2019|access-date=19 April 2019|archive-date=19 April 2019|archive-url=https://web.archive.org/web/20190419095838/https://www.key4biz.it/cyber-intelligence-nasce-memento-labs-dalla-fusione-delle-attivita-di-inthecyber-group-e-la-storica-hacking-team/252368/|url-status=live}}

Hacking Team enables clients to perform remote monitoring functions against citizens via their RCS (remote control systems), including their Da Vinci and Galileo platforms:

• Covert collection of emails, text message, phone call history and address books
• Keystroke logging
• Uncover search history data and take screenshots
• Record audio from phone calls

:*Capture audio and video stream from device memory to bypass cryptography of Skype sessions{{cite web | title=Mideast Uses Western Tools to Battle the Skype Rebellion |url=https://www.wsj.com/articles/SB10001424052702304520804576345970862420038 |author1=Stecklow, Steve |author2=Sonne, Paul |author3=Bradley, Matt |date=1 June 2011 |newspaper=The Wall Street Journal |access-date=26 July 2015}}

:*Use microphones on device to collect ambient background noise and conversations

• Activate phone or computer cameras
• Hijack telephone GPS systems to monitor target's location
• Infect target computer's UEFI BIOS firmware with a rootkit{{Cite web|url=https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/|title=HackingTeam Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems|last=Lin|first=Philippe|date=July 13, 2015|work=TrendLabs Security Intelligence Blog|publisher=Trend Micro|access-date=July 26, 2015|archive-date=6 May 2019|archive-url=https://web.archive.org/web/20190506093220/https://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/|url-status=live}}
• Extract WiFi passwords[https://arstechnica.com/information-technology/2015/07/advanced-spyware-for-android-now-available-to-script-kiddies-everywhere/ "Advanced spyware for Android now available to script kiddies everywhere"] {{Webarchive|url=https://web.archive.org/web/20190418195209/https://arstechnica.com/information-technology/2015/07/advanced-spyware-for-android-now-available-to-script-kiddies-everywhere/ |date=18 April 2019 }}. Ars Technica. Retrieved 2 August 2015.
• Exfiltrate Bitcoin and other cryptocurrency wallet files to collect data on local accounts, contacts and transaction historiesFarivar, Cyrus (14 July 2015). "[https://arstechnica.com/information-technology/2015/07/hacking-team-broke-bitcoin-secrecy-by-targeting-crucial-wallet-file/ HackingTeam broke Bitcoin secrecy by targeting crucial wallet file] {{Webarchive|url=https://web.archive.org/web/20190417160958/https://arstechnica.com/information-technology/2015/07/hacking-team-broke-bitcoin-secrecy-by-targeting-crucial-wallet-file/ |date=17 April 2019 }}". Ars Technica. Retrieved 26 July 2015.

HackingTeam uses advanced techniques to avoid draining cell phone batteries, which could potentially raise suspicions, and other methods to avoid detection.{{cite news|last1=Schneier|first1=Bruce|title=More on HackingTeam's Government Spying Software|url=https://www.schneier.com/blog/archives/2014/06/more_on_hacking.html|access-date=28 June 2014|archive-date=31 October 2014|archive-url=https://web.archive.org/web/20141031151332/https://www.schneier.com/blog/archives/2014/06/more_on_hacking.html|url-status=live}}{{Cite web|url=https://www.ibtimes.co.uk/hacking-team-tools-allow-governments-take-full-control-your-smartphone-1453987|title=HackingTeam Tools Allow Governments To Take Full Control of Your Smartphone|date=2014-06-24|website=International Business Times UK|access-date=2016-05-15|archive-date=28 February 2019|archive-url=https://web.archive.org/web/20190228090240/https://www.ibtimes.co.uk/hacking-team-tools-allow-governments-take-full-control-your-smartphone-1453987|url-status=live}}

The malware has payloads for Android, BlackBerry, Apple iOS, Linux, Mac OS X, Symbian, as well as Microsoft Windows, Windows Mobile and Windows Phone class of operating systems.Guarnieri, Claudio; Marquis-Boire, Morgan (13 January 2014). [https://media.ccc.de/v/30C3_-_5439_-_en_-_saal_1_-_201312292105_-_to_protect_and_infect_-_claudio_guarnieri_-_morgan_marquis-boire "To Protect And Infect: The militarization of the Internet"] {{Webarchive|url=https://web.archive.org/web/20190623162543/https://media.ccc.de/v/30C3_-_5439_-_en_-_saal_1_-_201312292105_-_to_protect_and_infect_-_claudio_guarnieri_-_morgan_marquis-boire |date=23 June 2019 }}. At the 30th Chaos Communications Congress – "30C3". (Video or Audio). Chaos Computer Club. Retrieved 15 August 2015.

RCS is a management platform that allows operators to remotely deploy exploits and payloads against targeted systems, remotely manage devices once compromised, and exfiltrate data for remote analysis.

HackingTeam has been criticized for selling its products and services to governments with poor human rights records, including Sudan, Bahrain, Venezuela, and Saudi Arabia.{{Cite web|url=https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/|title=A Detailed Look at HackingTeam's Emails About Its Repressive Clients|last=Hay Newman|first=Lily|website=The Intercept|date=7 July 2015|access-date=2016-05-15|archive-date=7 March 2019|archive-url=https://web.archive.org/web/20190307162359/https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/|url-status=live}}

In June 2014, a United Nations panel monitoring the implementation of sanctions on Sudan requested information from HackingTeam about their alleged sales of software to the country in contravention of United Nations weapons export bans to Sudan. Documents leaked in the 2015 data breach of HackingTeam revealed the organization sold Sudanese National Intelligence and Security Service access to their "Remote Control System" software in 2012 for 960,000 Euros.

In response to the United Nations panel, the company responded in January 2015 that they were not currently selling to Sudan. In a follow-up exchange, HackingTeam asserted that their product was not controlled as a weapon, and so the request was beyond the scope of the panel. There was no need for them to disclose previous sales, which they considered confidential business information.

The U.N. disagreed. "The view of the panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of 'military ... equipment' or 'assistance' related to prohibited items," the secretary wrote in March. "Thus its potential use in targeting any of the belligerents in the Darfur conflict is of interest to the Panel."{{Cite web|url=https://gizmodo.com/hacking-teams-lame-excuse-for-selling-digital-weapons-t-1716375503|title=HackingTeam's Lame Excuse for Selling Digital Weapons to Sudan|last=Knibbs|first=Kate|date=2015-07-08|website=Gizmodo|access-date=2016-05-15|archive-date=25 December 2017|archive-url=https://web.archive.org/web/20171225203142/https://gizmodo.com/hacking-teams-lame-excuse-for-selling-digital-weapons-t-1716375503|url-status=live}}

In the fall of 2014, the Italian government abruptly froze all of HackingTeam's exports, citing human rights concerns. After lobbying Italian officials, the company temporarily won back the right to sell its products abroad.

On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who published an announcement of a data breach against HackingTeam's computer systems. The initial message read, "Since we have nothing to hide, we're publishing all our e-mails, files, and source code ..." and provided links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code; which were leaked via BitTorrent and Mega.{{cite web |url=https://twitter.com/hackingteam |title=Hacked Team (@hackingteam) |access-date=2015-07-06 |url-status=bot: unknown |archive-url=https://web.archive.org/web/20150706010312/https://twitter.com/hackingteam |archive-date=July 6, 2015 }} An announcement of the data breach, including a link to the bittorrent seed, was retweeted by WikiLeaks and by many others through social media.{{cite tweet |author= WikiLeaks |author-link= WikiLeaks |user= wikileaks|number= 617865712611233792 |date= July 6, 2015 |title= Inside malware makers "HackingTeam": hundreds of gigabytes of e-mails, files, and source code |access-date= July 6, 2015 }}{{Cite web|url=https://www.ibtimes.co.uk/hacking-team-hacked-spy-tools-sold-oppressive-regimes-sudan-bahrain-kazakhstan-1509460|title=HackingTeam hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan|date=2015-06-06|work=International Business Times|access-date=2015-07-06|archive-date=19 April 2019|archive-url=https://web.archive.org/web/20190419191315/https://www.ibtimes.co.uk/hacking-team-hacked-spy-tools-sold-oppressive-regimes-sudan-bahrain-kazakhstan-1509460|url-status=live}}

The material was voluminous and early analysis appeared to reveal that HackingTeam had invoiced the Lebanese Army{{Twitter|SynAckPwn/status/617955067006578689}} and Sudan and that spy tools were also sold to Bahrain and Kazakhstan. HackingTeam had previously claimed they had never done business with Sudan.{{Cite web|url=https://www.csoonline.com/article/2943968/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html|title=HackingTeam hacked, attackers claim 400GB in dumped data|last=Ragan|first=Steve|date=5 July 2015|access-date=2015-07-06}}

The leaked data revealed a zero-day cross-platform Flash exploit (CVE number: {{CVE|2015-5119}}.{{Cite web |title=Security Advisory for Adobe Flash Player |url=https://helpx.adobe.com/security/products/flash-player/apsa15-03.html |date=July 8, 2015 |website=helpx.adobe.com |publisher=Adobe Systems |access-date=August 30, 2016 |archive-date=9 July 2015 |archive-url=https://web.archive.org/web/20150709065838/https://helpx.adobe.com/security/products/flash-player/apsa15-03.html |url-status=live }} The dump included a demo of this exploit by opening Calculator from a test webpage.{{Cite web|url=https://thehackernews.com/2015/07/flash-zero-day-vulnerability.html|title=Zero-Day Flash Player Exploit Disclosed In 'HackingTeam' Data Dump|last=Khandelwal|first=Swati|access-date=2015-07-06|archive-date=22 June 2019|archive-url=https://web.archive.org/web/20190622142554/https://thehackernews.com/2015/07/flash-zero-day-vulnerability.html|url-status=live}}{{Cite web|url=https://thehackernews.com/2015/07/flash-zero-day-vulnerability.html|title=Unpatched Flash Player Flaw, More POCs Found in HackingTeam Leak|last=Pi|first=Peter|access-date=2015-07-08|archive-date=22 June 2019|archive-url=https://web.archive.org/web/20190622142554/https://thehackernews.com/2015/07/flash-zero-day-vulnerability.html|url-status=live}}{{Cite web|url=https://www.wicar.org/test-malware.html|title=WICAR test malware|access-date=2017-05-16|archive-date=31 August 2019|archive-url=https://web.archive.org/web/20190831221931/https://www.wicar.org/test-malware.html|url-status=live}} Adobe patched the hole on July 8, 2015.{{Cite web |title=Adobe Security Bulletin |url=https://helpx.adobe.com/security/products/flash-player/apsb15-16.html |url-status=live |archive-url=https://web.archive.org/web/20150710204543/https://helpx.adobe.com/security/products/flash-player/apsb15-16.html |archive-date=10 July 2015 |access-date=2015-07-11}} Another vulnerability involving Adobe was revealed in the dumps, which took advantage of a buffer overflow attack on an Adobe Open Type Manager DLL included with Microsoft Windows. The DLL is run in kernel mode, so the attack could perform privilege escalation to bypass the sandbox.{{Cite web|url=https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/|title=A Look at the Open Type Font Manager Vulnerability from the HackingTeam Leak|last=Tang|first=Jack|date=7 July 2015|access-date=2015-07-08|archive-date=14 April 2019|archive-url=https://web.archive.org/web/20190414211318/https://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/|url-status=live}}

Also revealed in leaked data was HackingTeam employees' use of weak passwords, including 'P4ssword', 'wolverine', and 'universo'.{{Cite web|url=https://www.zdnet.com/home-and-office/networking/no-wonder-hacking-team-got-hacked/|title=HackingTeam used shockingly bad passwords|last=Whittaker|first=Zack|website=ZDNet|access-date=2015-07-06|archive-date=12 February 2019|archive-url=https://web.archive.org/web/20190212093931/https://www.zdnet.com/article/no-wonder-hacking-team-got-hacked/|url-status=live}}

After a few hours without response from HackingTeam, member Christian Pozzi tweeted the company was working closely with police and "what the attackers are claiming regarding our company is not true."{{Cite web |author = Christian Pozzi |title=unknown |via=Twitter |url = https://twitter.com/christian_pozzi/status/617964180042190848|archive-url = https://web.archive.org/web/20210307202902/https://twitter.com/christian_pozzi/status/617964180042190848|url-status = dead|archive-date = 7 March 2021|access-date = 2015-07-06}}{{Cite web |author = Christian Pozzi |title=unknown |via=Twitter |url = https://twitter.com/christian_pozzi/status/617964660705234944|archive-url = https://web.archive.org/web/20210307215040/https://twitter.com/christian_pozzi/status/617964660705234944|url-status = dead|archive-date = 7 March 2021|access-date = 2015-07-06}} He also claimed the leaked archive "contains a virus" and that it constituted "false info".{{Cite web |author = Christian Pozzi |title=unknown |via=Twitter |url = https://twitter.com/christian_pozzi/status/617962663188926465|archive-url = https://web.archive.org/web/20201223092507/https://twitter.com/christian_pozzi/status/617962663188926465|url-status = dead|archive-date = 23 December 2020|access-date = 2015-07-06}} Shortly after these tweets, Pozzi's Twitter account itself was apparently compromised.{{Cite web|title=Christian Pozzi on Twitter: "Uh Oh - my twitter account was also hacked." |url=https://twitter.com/christian_pozzi/status/617977753250496512 |date=2015-07-06 |access-date=2015-07-06 |url-status=dead |archive-url=https://web.archive.org/web/20150706084837/https://twitter.com/christian_pozzi/status/617977753250496512 |archive-date=July 6, 2015 }}

Responsibility for this attack was claimed by the hacker known as "Phineas Fisher" (or Phisher) on Twitter.{{cite tweet | user=gammagrouppr | author=Phineas Fisher | number=617937092497178624 | title=gamma and HT down, a few more to go :) | date=6 July 2015}} Phineas has previously attacked spyware firm Gamma International, who produce malware, such as FinFisher, for governments and corporations.{{Cite web|url=https://www.zdnet.com/article/hacking-team-cyberattack-aftermath-interview/|title=HackingTeam: We won't 'shrivel up and go away' after cyberattack|last=Osbourne|first=Charlie|website=ZDNet|access-date=2015-07-06|archive-date=5 July 2018|archive-url=https://web.archive.org/web/20180705034543/https://www.zdnet.com/article/hacking-team-cyberattack-aftermath-interview/|url-status=live}} In 2016, Phineas published details of the attack, in Spanish and English, as a "how-to" for others, and explained the motivations behind the attack.{{Cite book|url=https://theanarchistlibrary.org/library/hack-back-subcowmandante-marcos-phineas-fisher-hack-back-a-diy-guide-hacking-team|title=Hack Back — A DIY Guide (Hacking Team)|website=the anarchist library|date=26 April 2017|access-date=8 January 2024|archive-date=8 January 2024|archive-url=https://web.archive.org/web/20240108133539/https://theanarchistlibrary.org/library/hack-back-subcowmandante-marcos-phineas-fisher-hack-back-a-diy-guide-hacking-team|url-status=live}}{{Cite web|url=https://arstechnica.com/security/2016/04/how-hacking-team-got-hacked-phineas-phisher/|title=How HackingTeam got hacked|website=Ars Technica|date=19 April 2016|access-date=2016-05-15|archive-date=18 June 2017|archive-url=https://web.archive.org/web/20170618021727/https://arstechnica.com/security/2016/04/how-hacking-team-got-hacked-phineas-phisher/|url-status=live}}

The internal documents revealed details of HackingTeam's contracts with repressive governments.{{Cite web|url=https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/|title=A Detailed Look at HackingTeam's Emails About Its Repressive Clients|website=The Intercept|date=7 July 2015|access-date=2016-05-15|archive-date=7 March 2019|archive-url=https://web.archive.org/web/20190307162359/https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/|url-status=live}} In 2016, the Italian government again revoked the company's license to sell spyware outside of Europe without special permission.{{Cite web|url=https://nakedsecurity.sophos.com/2016/04/08/hacking-team-loses-global-license-to-sell-spyware/|title=HackingTeam loses global license to sell spyware|last=Zorabedian|first=John|date=2016-04-08|website=Naked Security|access-date=2016-05-15|archive-date=6 June 2023|archive-url=https://web.archive.org/web/20230606055442/https://nakedsecurity.sophos.com/2016/04/08/hacking-team-loses-global-license-to-sell-spyware/|url-status=live}}{{Cite web|url=https://www.privacyinternational.org/blog/1042/hacking-teams-global-license-revoked-italian-export-authorities|title=Hacking Team's Global License Revoked by Italian Export Authorities|date=2016-04-08|website=Privacy International|archive-url=https://web.archive.org/web/20190505001143/https://www.privacyinternational.org/blog/1042/hacking-teams-global-license-revoked-italian-export-authorities|archive-date=2019-05-05|url-status=dead|access-date=2016-05-15}}

Corrupt Mexican officials have helped drug cartels obtain state-of-the-art spyware (including Hacking Team spyware). The software has been used to target and intimidate Mexican journalists by drug cartels and cartel-entwined government actors.{{cite web|url=https://www.theguardian.com/world/2020/dec/07/mexico-cartels-drugs-spying-corruption|title='It's a free-for-all': how hi-tech spyware ends up in the hands of Mexico's cartels|website=TheGuardian.com|date=7 December 2020|access-date=7 December 2020|archive-date=24 February 2022|archive-url=https://web.archive.org/web/20220224014534/https://www.theguardian.com/world/2020/dec/07/mexico-cartels-drugs-spying-corruption|url-status=live}}

HackingTeam's clientele include not just governments, but also corporate clients such as Barclays and British Telecom (BT) of the United Kingdom, as well as Deutsche Bank of Germany.

A full list of HackingTeam's customers were leaked in the 2015 breach. Disclosed documents show HackingTeam had 70 current customers, mostly military, police, federal and provincial governments. The total company revenues disclosed exceeded 40 million Euros.{{cite web|url=https://www.vice.com/en/article/here-are-all-the-sketchy-government-agencies-buying-hacking-teams-spy-tech/|title=Here Are All the Sketchy Government Agencies Buying HackingTeam's Spy Tech|author=Kopstein, Justin|date=6 July 2015|publisher=Vice Magazine|access-date=5 May 2019|archive-date=31 March 2019|archive-url=https://web.archive.org/web/20190331135251/https://motherboard.vice.com/en_us/article/nzeg5x/here-are-all-the-sketchy-government-agencies-buying-hacking-teams-spy-tech|url-status=live}}{{cite web|url=https://www.businessinsider.com/hacked-security-companys-document-2015-7|title=Hacked security company's documents show a laundry list of questionable clients|author=Weissman, Cale Guthrie|website=Business Insider|date=6 July 2015|access-date=5 May 2019|archive-date=6 October 2019|archive-url=https://web.archive.org/web/20191006124926/https://www.businessinsider.com/hacked-security-companys-document-2015-7|url-status=live}}{{cite web|url=https://www.cso.com.au/slideshow/579158/pictures-hacking-team-hack-curated/|title=In Pictures: HackingTeam's hack curated|author=Ragan, Steve|publisher=CSO Online (Australia)|access-date=5 May 2019|archive-date=9 April 2019|archive-url=https://web.archive.org/web/20190409190817/https://www.cso.com.au/slideshow/579158/pictures-hacking-team-hack-curated/|url-status=live}}{{cite web |title=HackingTeam hacked: firm sold spying tools to repressive regimes, documents claim |url=https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim |author=Hern, Alex |newspaper=The Guardian |date=6 July 2015 |access-date=22 July 2015}}{{cite web|url=https://www.csoonline.com/article/2944333/hacking-team-responds-to-data-breach-issues-public-threats-and-denials.html|title=HackingTeam responds to data breach, issues public threats and denials|author=Ragan, Steve|date=6 July 2015|publisher=CSO Online|access-date=22 July 2015|archive-date=1 March 2019|archive-url=https://web.archive.org/web/20190301182250/https://www.csoonline.com/article/2944333/hacking-team-responds-to-data-breach-issues-public-threats-and-denials.html|url-status=live}}{{cite web|url=https://www.businessinsider.com/hacking-team-promises-customers-they-can-resume-surveillance-operations-soon-2015-7|title=A whole bunch of downed government surveillance programs are about to go back online|author=Stevenson, Alastair|date=14 July 2015|publisher=Business Insider|access-date=22 July 2015|archive-date=23 July 2015|archive-url=https://web.archive.org/web/20150723000617/http://www.businessinsider.com/hacking-team-promises-customers-they-can-resume-surveillance-operations-soon-2015-7|url-status=live}}

On Sep 8, 2021, SentinelLABS released a research report about a Turkish threat actor EGoManiac, that used Remote Control System (RCS), software from the Italian infosec firm Hacking Team, which was operated between 2010 and 2016 and campaign run by Turkish TV journalists at OdaTV for spying Turkish police.{{cite news|url=https://zetter.substack.com/p/hacking-team-customer-in-turkey-was?s=r|title=Hacking Team Customer in Turkey Was Arrested for Spying on Police Colleagues [or: The Spy Story That Spun a Tangled Web]|author=Stevenson, Alastair|date=8 September 2021|publisher=Zetter|access-date=8 September 2021|archive-date=4 April 2022|archive-url=https://web.archive.org/web/20220404223734/https://zetter.substack.com/p/hacking-team-customer-in-turkey-was?s=r|url-status=live}}

• FinFisher
• MiniPanzer and MegaPanzer
• Vupen – 0-day exploit provider linked to HackingTeam[https://tsyrklevich.net/2015/07/22/hacking-team-0day-market/ HackingTeam: a zero-day market case study] {{Webarchive|url=https://web.archive.org/web/20150724210927/http://tsyrklevich.net/2015/07/22/hacking-team-0day-market/ |date=24 July 2015 }}, Vlad Tsyrklevich's blog
• Mamfakinch – a citizen media organization targeted with malware allegedly developed by HackingTeamPerlroth, Nicole (10 October 2012). [https://bits.blogs.nytimes.com/2012/10/10/ahead-of-spyware-conference-more-evidence-of-abuse/?_r=0 Ahead of Spyware Conference, More Evidence of Abuse] {{Webarchive|url=https://web.archive.org/web/20171226021833/https://bits.blogs.nytimes.com/2012/10/10/ahead-of-spyware-conference-more-evidence-of-abuse/?_r=0 |date=26 December 2017 }}. The New York Times (Bits).

{{Reflist}}

• {{Official website| http://www.hackingteam.it/}}
• [https://citizenlab.org/tag/hacking-team/ HackingTeam Archives] - investigative reports published by The Citizen Lab

{{Hacking in the 2010s}}

Category:Computer security software

Category:Spyware

Category:Surveillance

Category:Trojan horses

Category:Espionage techniques

Category:Espionage devices

Category:Malware toolkits

Category:Computer access control

Category:Cyberwarfare

Category:Espionage scandals and incidents

Category:Companies based in Milan

Category:Software companies established in 2003

Category:Italian companies established in 2003

Category:Spyware companies