# Hacking Team got... well... hacked.



## joepie91 (Jul 6, 2015)

> On Sunday, while most of Twitter was watching the Women's World Cup – an amazing game from start to finish – one of the world's most notorious security firms was being hacked.
> 
> 
> 
> ...


Source: http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html

Apparently their security wasn't very good, so 400GB of their data was leaked:



> *Hacked Team  ‏@hackingteam*
> 
> Our network security staff hard at work while 5 MB/s is transferred out of our internal network through his computer.





> *Hacked Team  ‏@hackingteam*
> 
> Since we have nothing to hide, we're publishing all our e-mails, files, and source code https://mega.co.nz/#!Xx1lhChT!rbB-LQQyRypxd5bcQnqu-IMZN20ygW_lWfdHdqpKH3E
> 
> https://infotomb.com/eyyxo.torrent


And then a senior engineer of Hacking Team started yelling on Twitter:



> *Christian Pozzi **‏ @christian_pozzi*
> 
> @dandyhighwayman @Viss The attackers are spreading a lot of lies about our company that is simply not true. The torrent contains a virus.


Which is _probably_ not a good idea if you haven't changed the password yet that was just leaked, because an hour later his account got 'hacked' as well:



> *Christian Pozzi  ‏@christian_pozzi*
> 
> Uh Oh - my twitter account was also hacked.


And it looks like this may not be the last company of its sort to get compromised, either:



> *Phineas Fisher  ‏@GammaGroupPR*
> 
> gamma and HT down, a few more to go


So... yeah. Grab your popcorn, looks like this is going to be another HBGary


----------



## DomainBop (Jul 6, 2015)

joepie91 said:


> And it looks like this may not be the last company of its sort to get compromised, either:
> 
> 
> Phineas Fisher ‏@GammaGroupPR
> ...



Gamma  is also on RSF's enemies of the Internet list.

Reporters without Borders description of Hacking Team and Gamma's businesses:



> Today, 12 March, World Day Against Cyber-Censorship, we are publishing two lists. One is a list of five “State Enemies of the Internet,” five countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. The five state enemies are Syria, China, Iran, Bahrainand Vietnam.
> 
> 
> The other is a list of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” The five companies chosen are Gamma, Trovicor, Hacking Team, Amesys and Blue Coat, but the list is not exhaustive and will be expanded in the coming months. They all sell products that are liable to be used by governments to violate human rights and freedom of information.
> ...


ZDNet on the hack: http://www.zdnet.com/article/hacking-team-hit-by-breach-files-suggest-it-sold-spyware-to-oppressive-regimes/


Motherboard/Vice.com describes one of HackingTeam's tools:



> The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.


http://motherboard.vice.com/read/the-dea-has-been-secretly-buying-hacking-tools-from-an-italian-company


----------



## HN-Matt (Jul 6, 2015)

Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech



> They say what goes around comes around, and there's perhaps nowhere that rings more true than in the world of government surveillance.


----------



## drmike (Jul 6, 2015)

Oh Hacking Team... I do recall thee...

http://www.theregister.co.uk/2014/03/06/hacking_team_snoopware_found_on_us_servers/


The governments it accuses of snooping are, in other words, using RCS to wiretap on individuals – for example, citizens in the US, journalists reporting on their countries' affairs, expats and activists – and send the data offshore. This violates US laws, such as the Computer Fraud and Abuse Act and the Wiretap Act, Citizen Lab writes.

Their name-and-shame list says names Linode, Internetserver, InMotion Hosting, GoDaddy, ColoCrossing, Sharktech, Endurance International, Infolink, NOC4Hosts and HostDime as having government customers who are operating, or have operated, RCS in US data centres.

^--- data centers / providers Hacking Team is using to do ill sh!t in the USofA.


----------



## MannDude (Jul 6, 2015)

Leaked Docs Show FBI, DEA and U.S. Army Buying Italy's Hacking Team Spyware


----------



## drmike (Jul 6, 2015)

So if using this stuff to illegally hack and monitor US citizens, even if military / intelligence is involved, certainly should be a crime.  Unsure why citizen interest groups haven't stood up.

Folks ought to be calling for legal action against the DC's involved and seizure of company assets / banks belonging to Hacking Team and to seize ill gotten gains from such DCs....


----------



## telephone (Jul 6, 2015)

Found an HTTPS mirror of the released data on Reddit:

Link: HackingTeam


----------



## drmike (Jul 6, 2015)

So some of their exploits at least for Android:

Index of /rcs-dev\share/CONTINUOUS INTEGRATION/TEST/ANDROID/Melt/APK_OK/


Name

Last Modified

Size

Type

Parent Directory/

 

-  

Directory

DailyBible.zip

2015-Jul-06 12:49:11

280.5K

application/zip

Quran.zip

2015-Jul-06 12:49:15

2.0M

application/zip

SoundRecorder.zip

2015-Jul-06 12:26:06

196.8K

application/zip

com.smz4.spycam.zip

2015-Jul-06 12:49:10

418.8K

application/zip

kr.sira.metal.zip

2015-Jul-06 12:49:12

459.6K

application/zip

uk.co.nickfines.RealCalcPlus_1.7.4.zip

2015-Jul-06 12:26:11

360.5K

application/zip


----------



## k0nsl (Jul 6, 2015)

Have a look here (GH) as well.



telephone said:


> Found an HTTPS mirror of the released data on Reddit:
> 
> Link: HackingTeam


----------



## drmike (Jul 6, 2015)

k0nsl said:


> Have a look here (GH) as well.


Sigaint email there... Looks like journalists are getting in on the action, as they should.

There is a ton of data with this... Big collection.


----------



## MannDude (Jul 7, 2015)

You may want to check in Linux for the following files:


/var/crash/.reports-%u-%s
/var/tmp/.reports-%u-%s

To determine HackingTeam infection


----------



## joepie91 (Jul 7, 2015)

telephone said:


> Found an HTTPS mirror of the released data on Reddit:
> 
> 
> Link: HackingTeam


There's a few of them. The only other one that's still alive seems to be http://ht.swr.sx/, though.

The TransparencyToolkit one got hit with a good bit of DDoS. It's behind DDoS mitigation now, though.

There's also still this GitHub mirror: https://github.com/informationextraction


----------



## HN-Matt (Jul 29, 2015)

A bit late, but an interesting response appeared on nettime earlier this month: http://nettime.org/Lists-Archives/nettime-l-1507/msg00015.html



Quote said:


> I say this because I believe that HT would have never become what it was and would have never sold to the regimes it sold to without the partnership of *very big* business players, whom I believe are the main responsible for the crimes committed, since they clearly knew what was happening. These big partners were driven by profit much more than those HT hackers were driven by passion for security research and they were crucial in helping such a young startup to scale and outreach well beyond kosherness.
> 
> Today an article gives a glimpes on the scope of this racket http://motherboard.vice.com/read/meet-the-companies-that-helped-hacking-team-sell-tools-to-repressive-governments but still omits the venture capitals in the list.
> 
> My point is that we should be now really careful before going berserk and blaming a rather small team of software developers for all this. Because their business would have never had such a big success without the profit-driven capital that really made it happen and shop around.


Reminds me of the GVH fiasco, where a simplistic scapegoat was created out of naive teenager when really, the problem was generated in large part by enablers and Dramathread concession stand peanut sales.


----------



## drmike (Jul 30, 2015)

> Reminds me of the GVH fiasco, where a simplistic scapegoat was created out of naive teenager when really, the problem was generated in large part by enablers and Dramathread concession stand peanut sales.



Totally misplaced.  

GVH guy knew what he was doing at all times.  All the skits were about his own financial enrichment and boosting his ego.  Nothing idealistic, rather sheer abusive capitalism, selfishness, greed and even some fraud conceptually.   No handlers no enablers.  No utopia of idealism.

Likewise HT wasn't 3 teenagers in their bedroom who some mega business interests found and abused.  The big vile companies outted for dealing with HT  were RESELLERS.  HT set those resellers up and supported them as their unhired salesforce.

So much insecure software.   People should be held liable for their shitware at mass.  Talking to you Google and your Android.


----------



## HN-Matt (Aug 1, 2015)

The analogy wasn't quite to scale. I didn't mean they were literally naive teenagers. I'm not a fan of the logic of scapegoating, that's all.


----------

