When a Hacking Team Gets Hacked

Michael In the News

Earlier this week a company called ‘Hacking Team’ was, themselves, hacked. Hacking Team is an Italian based cyber security company that sells easy to use hacking software to governments and law enforcement agencies.

One of their most well known products is the ‘Remote Control System’ (RCS). Which they proclaim to be an “effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities.” As you might guess, this system is able to gain control of PCs using malware that the target has unknowingly introduced to their computer.

Once it gains access it can remotely control the PC’s camera, microphone, copy information from its hard drive, monitor encrypted internet communications including; capturing passwords, record skype calls, e-mails, and instant messages.

Another one of their other top selling products is known as Da Vinci, which essentially does the same thing as RCS, except on your cellphone: Windows Phone, iOS, Android, and BlackBerry included. It can even take control of the keyboard and services like WhatsApp and Skype.

Hacked Team

Earlier this week the Hacking Team was completely compromised, down to their invoices and Twitter accounts.  The attackers changed their company logo to “Hacked Team” on Twitter. Which was probably the easiest part, considering the attackers released information that the password for the company’s and employee’s accounts were almost universally ‘passw0rd.’

To further their humiliation, computing.co.uk reports, “not one single piece of sensitive information was encrypted, not even passwords, employee passports or customer lists were encrypted – and nobody noticed 400 gigabytes of data being extracted from the corporate network.” You’d expect something much more sophisticated coming from a company that calls themselves Hacking Team, right?

But the truly damaging part of the hack was much more serious. The attackers released the stolen 400GB in a torrent file that contained information about the company’s customers.

Hacking Team contacted all of their customers to tell them to discontinue using the RCS product as the hackers got ‘pretty much everything.’

Since last year, the company has been under investigation by the United Nations because of allegations by Citizen Lab that the company sold some of its software to less-than-noble countries.

While using RCS, the malware is routed through several different locations- much like the application TOR. What Citizen Lab attempted to do, in its lengthy report, is establish certain fingerprints that can positively identify the origin of the malware.

For the length of the investigation, Hacking Team has maintained that, “On the issue of repressive regimes, Hacking Team goes to great lengths to assure that our software is not sold to governments that are blacklisted by the EU, the US, NATO, and similar international organizations or any “repressive” regime.”

However, Citizen Lab’s report claimed that the company sold snooping software to ‘repressive regimes’ such as Azerbaijan, Kazakhstan, Uzbekistan, Saudi Arabia, Egypt, and Sudan.

The Truth about Hacking Team

… is that they straight up lied. They stonewalled the UN’s investigation for the better part of year, just flat-out denying all allegations. However, the released torrent file revealed that they have some explaining to do. Among some of the most damaging files was an invoice for a 50% payment for the RCS cyberweapon. A €480,000 (over half a million US) payment. Here’s a list of governments who reportedly bought cybertools:

Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, United Arab Emirates.

US customers include the FBI, DEA, and Department of Defense. Since 2011 the FBI alone has spent over $770,000 on cyberweapons from Hacking Team (it seems like the total from US agencies was around $2.4 million). From an American standpoint alone this is problematic, as Christopher Soghoian from the American Civil Liberties Union states,

Congress has never explicitly granted law enforcement agencies the power to hack. And there have never been any congressional hearings on the topic.

More Hot Water

Really, Hacking Team’s dealings with US agencies is small fish compared to the potential legal implications of their dealings with countries like Sudan and Russia.

Since 2004 the UN has had an arms embargo against Sudan, which is part of EU law, that bans the export of “arms and related material.” This embargo extends to technical assistance and military-related services as well.

The Italian government themselves might also have some questions to deal with. Knowing the dealings of the Hacking Team now, it seems unethical for the government to have provided public funds, over €1 million to the company.

The Hackers

In August of 2014 a hack against a similar company took place. That company’s name is Gamma International which sold cybertools by the name of FinFisher and FinSpy. 40Gb of data was stolen and leaked, including price lists and source code. Shortly thereafter, a Twitter and Reddit account by the name of Phineas Fisher took responsibility for the attack. On Reddit the statement read,

A couple days ago I hacked in [to Gamma International] and made off with 40GB of data from Gamma’s networks. I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists, along with a whole lot of other stuff in that 40GB.

The Twitter account hasn’t had much activity since then, until this week…

As is the case with most hacking events, the true identity is adequately obscured.

Stay tuned as we will bring you the latest on this story as it develops.

feature image courtesy of wikimedia commons


No Hacking Necessary, Leak this article!