amuck-landowner

Hacking Team got... well... hacked.

joepie91

New Member
On Sunday, while most of Twitter was watching the Women's World Cup – an amazing game from start to finish – one of the world's most notorious security firms was being hacked.

 

Specializing in surveillance technology, Hacking Team is now learning how it feels to have their internal matters exposed to the world, and privacy advocates are enjoying a bit of schadenfreude at their expense.

 

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies.

 

The lawful interception tools developed by this company have been linked to several cases of privacy invasion by researchers and the media.

 

Reporters Without Borders has listed the company on its Enemies of the Internet index due largely to Hacking Teams' business practices and their primary surveillance tool Da Vinci.

[...]
Source: http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html

Apparently their security wasn't very good, so 400GB of their data was leaked:

Hacked Team  ‏@hackingteam

Our network security staff hard at work while 5 MB/s is transferred out of our internal network through his computer. 

 

CJNnMVIWoAA0GVJ.jpg
Hacked Team  ‏@hackingteam

Since we have nothing to hide, we're publishing all our e-mails, files, and source code https://mega.co.nz/#!Xx1lhChT!rbB-LQQyRypxd5bcQnqu-IMZN20ygW_lWfdHdqpKH3E

https://infotomb.com/eyyxo.torrent 
And then a senior engineer of Hacking Team started yelling on Twitter:

Christian Pozzi ‏ @christian_pozzi

@dandyhighwayman @Viss The attackers are spreading a lot of lies about our company that is simply not true. The torrent contains a virus.
Which is probably not a good idea if you haven't changed the password yet that was just leaked, because an hour later his account got 'hacked' as well:

Christian Pozzi  ‏@christian_pozzi

Uh Oh - my twitter account was also hacked.
And it looks like this may not be the last company of its sort to get compromised, either:

Phineas Fisher  ‏@GammaGroupPR

gamma and HT down, a few more to go :)
So... yeah. Grab your popcorn, looks like this is going to be another HBGary  :)
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
And it looks like this may not be the last company of its sort to get compromised, either:


Phineas Fisher ‏@GammaGroupPR


gamma and HT down, a few more to go

Gamma  is also on RSF's enemies of the Internet list.

Reporters without Borders description of Hacking Team and Gamma's businesses:

Today, 12 March, World Day Against Cyber-Censorship, we are publishing two lists. One is a list of five “State Enemies of the Internet,” five countries whose governments are involved in active, intrusive surveillance of news providers, resulting in grave violations of freedom of information and human rights. The five state enemies are Syria, China, Iran, Bahrainand Vietnam.


The other is a list of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” The five companies chosen are Gamma, Trovicor, Hacking Team, Amesys and Blue Coat, but the list is not exhaustive and will be expanded in the coming months. They all sell products that are liable to be used by governments to violate human rights and freedom of information.


Their products have been or are being used to commit violations of human rights and freedom of information. If these companies decided to sell to authoritarian regimes, they must have known that their products could be used to spy on journalists, dissidents and netizens. If their digital surveillance products were sold to an authoritarian regime by an intermediary without their knowledge, their failure to keep track of the exports of their own software means they did not care if their technology was misused and did not care about the vulnerability of those who defend human rights.
ZDNet on the hack: http://www.zdnet.com/article/hacking-team-hit-by-breach-files-suggest-it-sold-spyware-to-oppressive-regimes/


Motherboard/Vice.com describes one of HackingTeam's tools:

The software, known as Remote Control System or “RCS,” is capable of intercepting phone calls, texts, and social media messages, and can surreptitiously turn on a user’s webcam and microphone as well as collect passwords.
http://motherboard.vice.com/read/the-dea-has-been-secretly-buying-hacking-tools-from-an-italian-company
 

drmike

100% Tier-1 Gogent
Oh Hacking Team... I do recall thee...

http://www.theregister.co.uk/2014/03/06/hacking_team_snoopware_found_on_us_servers/


The governments it accuses of snooping are, in other words, using RCS to wiretap on individuals – for example, citizens in the US, journalists reporting on their countries' affairs, expats and activists – and send the data offshore. This violates US laws, such as the Computer Fraud and Abuse Act and the Wiretap Act, Citizen Lab writes.

Their name-and-shame list says names Linode, Internetserver, InMotion Hosting, GoDaddy, ColoCrossing, Sharktech, Endurance International, Infolink, NOC4Hosts and HostDime as having government customers who are operating, or have operated, RCS in US data centres.

^--- data centers / providers Hacking Team is using to do ill sh!t in the USofA.
 

drmike

100% Tier-1 Gogent
So if using this stuff to illegally hack and monitor US citizens, even if military / intelligence is involved, certainly should be a crime.  Unsure why citizen interest groups haven't stood up.

Folks ought to be calling for legal action against the DC's involved and seizure of company assets / banks belonging to Hacking Team and to seize ill gotten gains from such DCs....
 

drmike

100% Tier-1 Gogent
So some of their exploits at least for Android:

Index of /rcs-dev\share/CONTINUOUS INTEGRATION/TEST/ANDROID/Melt/APK_OK/


Name

Last Modified

Size

Type

Parent Directory/

 

-  

Directory

DailyBible.zip

2015-Jul-06 12:49:11

280.5K

application/zip

Quran.zip

2015-Jul-06 12:49:15

2.0M

application/zip

SoundRecorder.zip

2015-Jul-06 12:26:06

196.8K

application/zip

com.smz4.spycam.zip

2015-Jul-06 12:49:10

418.8K

application/zip

kr.sira.metal.zip

2015-Jul-06 12:49:12

459.6K

application/zip

uk.co.nickfines.RealCalcPlus_1.7.4.zip

2015-Jul-06 12:26:11

360.5K

application/zip
 

MannDude

Just a dude
vpsBoard Founder
Moderator
You may want to check in Linux for the following files:

  • /var/crash/.reports-%u-%s
  • /var/tmp/.reports-%u-%s

To determine HackingTeam infection
 

HN-Matt

New Member
Verified Provider
A bit late, but an interesting response appeared on nettime earlier this month: http://nettime.org/Lists-Archives/nettime-l-1507/msg00015.html

Quote said:
I say this because I believe that HT would have never become what it was and would have never sold to the regimes it sold to without the partnership of *very big* business players, whom I believe are the main responsible for the crimes committed, since they clearly knew what was happening. These big partners were driven by profit much more than those HT hackers were driven by passion for security research and they were crucial in helping such a young startup to scale and outreach well beyond kosherness.

Today an article gives a glimpes on the scope of this racket http://motherboard.vice.com/read/meet-the-companies-that-helped-hacking-team-sell-tools-to-repressive-governments but still omits the venture capitals in the list.

My point is that we should be now really careful before going berserk and blaming a rather small team of software developers for all this. Because their business would have never had such a big success without the profit-driven capital that really made it happen and shop around.
Reminds me of the GVH fiasco, where a simplistic scapegoat was created out of naive teenager when really, the problem was generated in large part by enablers and Dramathread concession stand peanut sales.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Reminds me of the GVH fiasco, where a simplistic scapegoat was created out of naive teenager when really, the problem was generated in large part by enablers and Dramathread concession stand peanut sales.

Totally misplaced.  

GVH guy knew what he was doing at all times.  All the skits were about his own financial enrichment and boosting his ego.  Nothing idealistic, rather sheer abusive capitalism, selfishness, greed and even some fraud conceptually.   No handlers no enablers.  No utopia of idealism.

Likewise HT wasn't 3 teenagers in their bedroom who some mega business interests found and abused.  The big vile companies outted for dealing with HT  were RESELLERS.  HT set those resellers up and supported them as their unhired salesforce.

So much insecure software.   People should be held liable for their shitware at mass.  Talking to you Google and your Android. 
 

HN-Matt

New Member
Verified Provider
The analogy wasn't quite to scale. I didn't mean they were literally naive teenagers. I'm not a fan of the logic of scapegoating, that's all.
 
Top
amuck-landowner