Online hackers have released more than 400 GB of internal data, including staff emails and company documents, stolen from Hacking Team, a company in northern Italy that sells online spying software to governments and security services around the world.

It was named as a corporate “enemy of the internet” in 2013 by press-freedom advocacy group Reporters Without Borders, after developing software that it says can circumvent certain encryption schemes.

The software is designed to remotely record every keystroke made on a target device, vacuuming up passwords and, in certain instances, capturing messages before they are encrypted.

On its website, Hacking Team boasts that it offers “total control over your targets. Log everything you need. Always. Anywhere they are.”

Hacking Team has denied selling its spy software to repressive regimes, saying in February: "We rely on our own due diligence, published reports, international black lists and conversations with potential clients to assure ourselves to the extent possible that our software will be used legally and responsibly.”

And yet academic organisation CitizenLab published research earlier this year claiming Hacking Team software has been found in a number of repressively run countries including Azerbaijan, Egypt, Ethiopia, Kazakhstan, Morocco, Saudi Arabia, Sudan, Turkey and Uzbekistan.

In 2012, Slate magazine reported that Hacking Team-related spyware might be linked to an attempt to compromise the computers of award-winning independent Moroccan news website Mamfakinch.com. CitizenLab has also claimed there is evidence suggesting Hacking Team software was linked to cyberattacks on Ethiopian journalists living in the US.

A list that claims to show Hacking Team clients was posted online as part of the Hacking Team breach. It shows Mongolian, Uzbek, Sudanese, Russian, Ethiopian, Bahrain, Turkey, Moroccan and Kazakh security and police services patronized the company, alongside the American FBI. European Union member country police and security agencies from Poland, Cyprus and Hungary were also Hacking Team customers, according to the list.

Some of the leaked emails appear to show Hacking Team employees discussing how to deal with the negative media coverage arising from the use of their software by some of their customers. According to the Intercept, Daniele Milan, Hacking Team’s operations chief, suggested the Ethiopian intelligence agency’s account could be closed, commenting that its “reckless and clumsy usage of our solution (has) caused us enough damage.” However, Milan noted in another email, “I know that 700k is a relevant sum.”

According to the BBC, Hacking Team employee Christian Pozzi responded to the current hack on Twitter, writing, "We are awake. The people responsible for this will be arrested. We are working with the police at the moment.” He subsequently deleted his account on the micro-blogging site.

Hacking Team has been forced to ask customers to stop using the services it provides to governments, and an insider was quoted by Vice Magazine’s Motherboard project saying, “They’re in full-on emergency mode.” Security analytics site Schneier on Security commented, “It's one thing to have dissatisfied customers. It's another to have dissatisfied customers with death squads. I don't think the company is going to survive this.”

The hacked data includes source code, which has already led to the detection of a major vulnerability in Adobe Flash not previously known to its manufacturer, which was allegedly discovered but not revealed to the public by Hacking Team. Adobe has released a fix after warning that “successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.”

OCCRP and its affiliates are analyzing the data, and will produce a continuing series of stories investigating Hacking Team’s conduct and contracts.

OCCRP LOOKS AT HACKING TEAM DATA.

RISE Project (Romania) reported that Hacking Team demonstrated its software to Romanian intelligence on Jan. 16 of last year. The visit was organized by the Institute for Advanced Technologies (IAT), a department of the Romanian Intelligence Service (SRI). A representative of the company reported in an email, “My feeling is they were evaluating the product for the intelligence services.  [IAT project manager] Marius [Moise] often raised their concerns about ‘trusting’ private companies and also slightly referred to some of our leaks happened in the past.” The RISE Project also discovered that Hacking Team had exchanged emails with the Romanian firm FinRo SRL, headed by Ion Toader.

Bivol.bg (Bulgaria) revealed that Hacking Team had been asked by Dmitrov Kumanov of Bulgaria’s National Security Agency (DANS) to demonstrate its products, in particular how to “hack iPhone 6” and Android. An email from Milko Milenov of DANS stated, “I hope to have a budget for our future cooperation.”

Meydan TV (Azerbaijan) reported Wednesday that Azerbaijan's Ministry of Defense bought a license for Hacking Team's Remote Control System (RCS) surveillance spyware via a California-based intermediary called Horizon Global Group in 2013, despite the software company’s claim it never did business with intermediaries or repressive regimes. The software can secretly log “any action performed by … a personal computer … or smartphone,” including recording keystrokes and harvesting passwords, or turning on cameras or microphones without alerting the user.

occrp.org