Hacking Team was a Milan-based information technology company founded in 2003 by David Vincenzetti and Valeriano Bedeschi. Its flagship product, Remote Control System (RCS), also marketed as Galileo and Da Vinci, was a commercial spyware suite capable of intercepting communications, activating microphones and cameras, exfiltrating files, and harvesting passwords from infected devices. The company sold RCS exclusively to government clients — law enforcement, intelligence agencies, and military buyers — and described itself as offering "offensive technology" for lawful interception.
The firm drew sustained criticism from digital rights groups. Citizen Lab at the University of Toronto published research from 2012 onward documenting RCS command-and-control infrastructure and identifying its apparent use against journalists and dissidents, including in cases tied to Morocco, the United Arab Emirates, and Ethiopia. Reporters Without Borders named Hacking Team among its "Corporate Enemies of the Internet" in 2013.
In July 2015 the company was itself hacked: an attacker exfiltrated roughly 400 gigabytes of internal data — emails, source code, invoices, and client lists — and published them via the company's own Twitter account. The leak confirmed sales to clients including Sudan, Saudi Arabia, Egypt, Kazakhstan, and various Mexican state agencies, contradicting prior public statements and raising questions about compliance with EU dual-use export controls under the Wassenaar Arrangement. The Italian government briefly revoked the firm's global export license in 2016.
Hacking Team continued limited operations and in 2019 was acquired by Italian-Saudi-linked InTheCyber Group, with the merged entity rebranded as Memento Labs. The case is frequently cited in policy debates over the commercial spyware industry, alongside NSO Group's Pegasus, and informs ongoing discussions at the UN, EU, and within the Pall Mall Process launched in 2024 to regulate commercial cyber intrusion capabilities.
Example
In July 2015, an unidentified attacker leaked 400GB of Hacking Team's internal files, revealing the Italian firm had sold its Remote Control System spyware to clients including Sudan and Saudi Arabia.
Frequently asked questions
RCS, also sold as Galileo and Da Vinci, was Hacking Team's intrusion software that allowed clients to remotely monitor target devices, including reading messages, activating cameras and microphones, and stealing files.
Keep learning