A Milan-based company called Hacking Team does exactly what their name implies: peddles malware and infectious spying software to oppressive governments around the world. And hackers have just leaked over 400 GB of data showing that the U.S. is among these slimy customers.

The extensive dump includes internal documents, sales data, huge troves of employee emails, and clear evidence that Hacking Team—notorious in the digital security community for selling software that can monitor what’s on your screen, in your messages, and even in front of your webcam—was supplying some of the world’s must brutal, draconian governments. One leaked client spreadsheet shows a who’s who of humans rights abusers:

Oman, Bahrain, Uzbekistan, Turkey, Kazakhstan, Thailand—exactly the sort of repressive governments with which Hacking Team has historically denied doing business. Also on the list is Sudan, which ACLU’s Chris Soghoian described to Wired as “one of the most strictly embargoed countries in the world.” But here’s their invoice:

American law enforcement agencies are a conspicuous presence in the hacked files: sales data shows the FBI bought almost $800,000 worth of spying software from Hacking Team, while the DEA was interested in surveillance in foreign countries. One email, flagged by The Intercept’s Ryan Gallagher, quotes a Hacking Team employee who says the DEA was planning “something that will receive all traffic for Colombian’s [sic] ISPs.” This online spying appears to have been taking place from inside the U.S. embassy.

The Intercept also reports that smaller U.S. police groups were interested in Hacking Team’s products:

The company, Hacking Team, has also been aggressively marketing the software to other U.S. law enforcement and intelligence agencies, demonstrating their products to district attorneys in New York, San Bernardino, California, and Maricopa, Arizona; and multi-agency task forces like the Metropolitan Bureau of Investigation in Florida and California’s Regional Enforcement Allied Computer Team...The company was also in conversation with various other agencies, including the CIA, the Pentagon’s Criminal Investigative Service, the New York Police Department, and Immigrations and Customs Enforcement.

An email between Hacking Team employees after a trip to D.C. notes, ominously, that one sales problem is the spy software being viewed as “too powerful” by cops.

Contact the author at biddle@gawker.com.
Public PGP key
PGP fingerprint: E93A 40D1 FA38 4B2B 1477 C855 3DEA F030 F340 E2C7