Hacking Team Fallout

On July 5th, 400GB of stolen data from an Italian company known as Hacking Team was released. Hacking Team is best known for selling surveillance tools like Remote Control System (RCS) that infiltrates a targets computer, or mobile device. Once infected the attacker can essentially take over the device; they can monitor all activity, encrypted or not. The software can also take control of the target’s camera and microphone on infected devices.

The CEO, David Vincenzitti, claims to have sold software to countries on ‘all 5 continents’ (old teachings in Europe said that there were 5 continents not 7).

In an interview with IBtimes UK the spokesman for Hacking Team, Eric Rabe, said; “We don’t have anything to hide about what we are doing and we don’t think that there is any evidence in this 400GB of data that we have violated any laws and I would even go so far as to argue that there is no evidence that we have behaved in anything but a completely ethical way.”

Which is a stark contrast to what Hacking Team’s CEO, David Vincenzitti, had to say about a possible leak less than a month before the hack…

Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-). You would be demonised by our dearest friends the activists, and normal people would point their fingers at you.

Oh dear.

Hacking Team’s Clientele

And who are the main consumers of the “evilest technology on Earth”? Mexico leads the way in record purchases with Brazil being set to be Hacking Team’s biggest customer in 2015.

htcustomersIn Mexico alone, documents released in the 400GB file identifies 14 different contracts to federal and state governments, many of whom don’t have the legal authority to hack private communications.

And contrary to Hacking Team’s claim that they have a team dedicated to screening purchases by researching the perspective customers, they have sold to many repressive regimes.

You don’t get on Reporters Without Borders list of “Enemies of the Internet” for nothing: a list they have been on since 2013.

Citizen Lab, a company headquartered in Toronto, Canada, has had its eyes set on monitoring network surveillance and content filtering measures since 2001.

In a report they released in 2014 they map different uses of Hacking Team’s software by using different fingerprints left behind by the company.

In the Middle East and Africa, Hacking Team’s dealings with countries who have a poor human rights record have yeilded expected results. In Ethiopia, a country that jails the 2nd most amount of journalists in Africa, a private television, radio, and online news outlet was targeted by software with fingerprints that point to Hacking Team’s RCS software (remote control system).

In Morocco, a website called Mamfakinch.com, that was born out of the Arab Spring and is often critical of Morocco’s authoritarian presence, was targeted. The attempt was made via a fake email claiming to reveal a fresh political scandal.

Furthermore, Hacking Team has been under investigation by the UN about having a relationship with the blacklisted Sudanese government. Hacking Team has outright denied these accusations.

However,  documents released in the hack revealed an invoice from Sudan in 2012. And internal emails show that the company had been providing technical support as recently as November 2014.

But the cutoff of service wasn’t likely because some sort of new ethical epiphany by Hacking Team; no, it was a result of a training exercise where the trainer noted, “The main problem is the lack of basic computer usage, followed by a complete lack of English: 90% of them had problems just for typing a username on a keyboard and serious difficulties in moving the mouse.”

A Monster in the Wild

The biggest issues are not those that Hacking Team is facing, it is the threat faced by the general public.

One of the 0-day exploits kits that finds its way in through Adobe Flash, has already been included in commercial web-based kits. Jerome Segura from Malwarebytes says, “This is one of the fastest documented case of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by Hacking Team.”

And several of the exploits are lethal, one of them cracks into the previously thought ironclad environment of Chrome. The vulnerability is now patched (to make sure yours is, ensure this version is installed by typing chrome://version).

An Adobe Flash patch will be available Monday, July 13th. Until then Adobe recommends that you disable it.

As if that wasn’t enough, when ran through antivirus software none of Hacking Team’s 56 surveillance tools were flagged.

Enemies of the Enemy

If anything we can look at who Hacking Team’s own perceived enemies are to gain an idea of where they stand. In another internal email Hacking Team listed: Privacy International, Human Rights Watch, Citizen Lab, and Anonymous as its top threats to business.

When the major threats to your business are human rights groups, you’re either an oppressive dictator, Vladimir Putin, or Hacking Team.

feature image courtesy of wikimedia commons

No Hacking Necessary, Leak this article!