Italian cyber-security firm Hacking Team said a government might have been behind a massive hack of its systems and warned that the subsequent leaking of its computer codes could prove a field day for criminals.
Unknown hackers last week downloaded 400GB of data from the firm, which makes surveillance software that allows law enforcement and intelligence agencies to tap into the phones and computers of suspects.
Much of the data, including thousands of private corporate emails, has since been dumped onto the Wikileaks website. The source code of a number of its top secret programmes has also been published online.
“Given its complexity, I think that the attack must have been carried out at a government level, or by someone who has huge funds at their disposal,” David Vincenzetti, the CEO of Hacking Team, told Sunday’s La Stampa newspaper.
He did not speculate on who it might have been.
The company has advised clients to halt their use of its programmes until they can upgrade the compromised software, but warned that all computer systems might now be vulnerable.
“Hacking Team’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice,” the company said in a statement on its Internet site.
“Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.”
The same site still prominently promotes its now exposed products: “Total control over your targets. Log everything you need. Always. Anywhere they are,” it says.
The leaked emails show that the Hacking Team worked with numerous state institutions in an array of countries, including Italy, the United States and Australia.
It also had dealings with countries criticised for their human rights records, such as Libya, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Saudi Arabia and Sudan.
Breaking his silence almost a week after the hack was uncovered, Vincenzetti defended his choice of clients, saying he had never broken international trade law. He said that when his firm realised Ethiopia was using its software to spy on a journalist, it asked for an explanation and then ended the contract.
The 12-year-old Hacking Team was named as one of five private-sector “Corporate Enemies of the Internet” in a 2012 report by Reporters Without Borders.