On July 5, 2015 an anti-surveillance crusader blazoned a ginormous, 400 gigabyte chunk on Bit Torrent of internal documents from the mysterious Italian surveillance firm Hacking Team on the company’s official Twitter feed. Five days after suffering the massive attack, the security firm is still scrimmaging to cap the damage and figure out how exactly the perpetrators racked up the data breach.

The anonymous hacker hijacked HT’s official Twitter account and continued to post screenshots of email communications, client lists – including some such as the FBI, invoices, price lists, and other tons of critical data and, even passwords to crucial systems on Twitter. One such tweet, which has since been removed, claimed to show Hacking Team negotiating with a 3rd party reseller to export its malware to Nigeria. Another tweet, purports to show HT debating what to do following an independent investigation from the University of Toronto attacking it for selling unethical hacking tools to Ethiopian powers, which are then used to target activists and journalists in the U.S. and elsewhere.

Hacking Team Exposed

The hacker also used the same account, PhineasFisher (@GammaGroupPR), used in 2014 to publicize the Gamma International attack (surveillance firm, creator of FinFisher and FinSpy spyware) to Twitter to post a handful of tweets:

The hacker has even pledged to reveal how he/she hacked their systems, rubbing a little salt on the wounds.

On Monday morning, after regaining control over Twitter, Hacking Team notified all its customers with a “blast email” asking them to switch off all operations, such as its Remote Control System software, also known as Galileo. Although, the company can also kill their operations remotely as a part of a “crisis procedure”. In fact, the company has placed a “backdoor” into every client’s software, giving it the ability to suspend or shut it down at any given point of time, something that its clients aren’t told about.

According to sources, the hacker seems to have gotten his/her hands on more than 1 terabyte of data. Judging from the leaked files, it seems that the hacker broke into HT’s two systems administrators – Christian Pozzi and Mauro Romeo – who had access to all the company’s files.

Last year, the spy firm denied all claims of selling spy tools to oppressive governments, following a report from Citizen Lab, however, records of more than 400GB show government contracts with Middle East and central Asian countries. Moreover, it has also sold programming to privately owned businesses worldwide. Further, a report from Citizen Lab also showed email correspondence between Hacking Team acknowledging that it supplied cutting edge spying tools to Ethiopia to keep an eye on journalists. In 2013, the firm made a major push to bait U.S.-based agencies, which includes the FBI and Drug Enforcement Agency, both of which had engaged with its services at one point.

Perhaps, it’s not surprising, the Milan-based furtive organization has long since been stigmatized for unethical sales of exploits and digital weapons that helps draconian regimes worldwide break into target computers and phones.

If genuine, the leaked documents suggest that among Hacking Team’s list of clients are governments and agencies from countries including:

Australia, Azerbaijan, Bahrain, Chile, Colombia, Cyprus, Czech Republic, Ecuador, Egypt, Ethiopia, Germany, Honduras, Hungary, Italy, Kazakhstan, Luxemburg, Malaysia, Mexico, Mongolia, Morocco, Nigeria, Oman, Panama, Poland, Russia, Saudi Arabia, Singapore, South Korea, Spain, Sudan, Switzerland, Thailand, United States, Uzbekistan and UAE.

Among the leaked documents is an invoice for €480,000, which claims to be from the Sudanese national intelligence service, dated June 2012. In January 2015, Hacking Team told the UN’s Italian representative that it had no such business ties with the country. In a separate leaked documents in the trove appears to be Russia and Sudan, listed as “not officially supported”, rather than active or expired status held by most other nation states. One of the leaked documents, purports to show Hacking Team celebrating the demise of Gamma International, hacked by the same anti-surveillance crusador who would, a year later hack Hacking Team.

Hacking Team has long since appeared in the cyber espionage list since the explosion of the Snowden NSA surveillance debacle. The security community finally got a glimpse on Sunday night of the firms’ solid digital intrusion tools sold to governments worldwide. One such tool, known as Davinci, is a service offered to law enforcement agencies that can allegedly access SMS, emails, web browsing and more to locate specific targets. HT has garnered the attention of human rights advocates for its apparent willingness to work with oppressive regimes engaged in human rights violation, and those looking to spy on journalists, and people in opposition to the government.

If all of this sounds to grave, here are a few chunky bits pointed out by one reddit user:

Hacking Team’s spyware didn’t sanitize SQL input

Team members at Hacking Team used passwords that were variations of “P4$$w()rd”

Team Leader was browsing porn sites while at work

It’s quite unclear how HTs’ clients are going to react to the show, however, it’s much likely that clients from countries such as the U.S. will cancel their contracts. With too many government agencies sitting on the client list, the fallout from this breach is going to be one hell of a spectacle.

In a leaked note posted to Twitter, Hacking Team COO Giancarlo Russo acknowledged the potential that the customer had misused its software, however seemed to show least concerns around ethics by clarifying that a flag has been raised by “two of the newest guys… who may be frightened by this kind of press.”

While the security community may celebrate the incongruity that Hacking Team, which is also listed on Reporter’s Without Borders’ ‘Foes of the Internet’ list, is being exposed publicly in a humiliating breach. Albeit, it’s even more worrisome if the organization’s source codes are a part of the said leak, which, over time could have catastrophic consequences all over the world.

Hacking Team founder Christian Pozzi took to twitter to say that hackers falsified information regarding the companies’ clients and services, further adding that the company has joined forces with the police to look into the same. Christian Pozzi’s twitter account has been deactivated.

It’s a rare sight – Privacy advocates getting a glimpse of the working of a cyber-surveillance company such as Gamma International and Hacking Team. The newly exposed links to dodgy regimes call into question whether current regulations effectively preclude a private organization from selling malware and spyware technologies to any governments worldwide.