When they leap into the murky waters of cyber espionage, Australian agencies need to be very careful who they swim with.

Thanks to some 400 gigabytes of leaked documents released by hackers on Sunday night, we now know that the Australian Federal Police, ASIO and the Victorian corruption watchdog IBAC were among many government agencies from around the world to use the services of notorious Italian surveillance company Hacking Team.

The leaked emails and financial records show that Hacking Team has long been helping repressive regimes the world over to spy on dissidents and critics. The company’s software, which can “infect a target’s computer or phone from afar and steal files, read emails, take photos and record conversations”, has been sold to government agencies in such human rights abuse hot spots as Ethiopia, Bahrain, Egypt, Kazakhstan, Russia and Saudi Arabia. And it’s clear from internal communications that the company regards online activists, transparency advocates and critics of mass surveillance as its greatest enemies.

How many other firms are Australian agencies doing business with that sell to repressive regimes around the world? How much due diligence do these taxpayer-funded agencies do to check exactly who they are paying for exploits and spyware? Of course, we can never know. “Operational matters”, you see.