The Hacking Team has been hacked. The Italian company has made a name for itself helping governments and intelligence agencies spy on people. But now the tables have apparently been turned as the team’s private e-mails and other documents have been exposed online.
The Hacking Team’s Web site is also down, but it all started when the group’s Twitter account was hacked. In fact, the hackers changed the name on its Twitter account from “Hacking Team” to “Hacked Team.”
From there, it got really interesting as a tweet from the Hacking Team’s account offered a link to 400 GB of the company’s source code, e-mails and internal files. “Since we have nothing to hide, we’re publishing all our e-mails, files and source code,” the tweet said.
What This Reveals
Who could have done this? It’s still unclear. No individual or group of hackers has claimed responsibility for hacking the hackers.
What we do know is this: Reporters Without Borders, a non-profit organization that aims to defend the freedom to be informed and to inform others, has labeled Hacking Team an enemy of the Internet, explaining: “Hacking Team describes its lawful interception products as ‘offensive technology’ and has been called into question over deliveries to Morocco and the United Arab Emirates. The company’s ‘Remote Control System,’ called DaVinci, is able, it says, to break encryption on e-mails, files and Internet telephony protocols.”
The stolen internal documents reveal the locations of Hacking Group’s customers, including: Australia, Egypt, Ethiopia, Germany, Honduras, Hungary, Italy, Spain, Sudan, Switzerland, Thailand, UAE, United States, Uzbekistan, and Vietnam, according to Graham Cluley, an independent security analyst in the United Kingdom.
“A YouTube video acts as an advertisement for Hacking Team's services, although it's questionable just how many intelligence agencies would want to use the services [of] the firm now [that] it has been so seriously breached," Cluley said.
What Are the Implications?
We caught up with Tim Erlin, director of IT security and risk strategy at advanced threat detection firm Tripwire, to get his thoughts on the hack. While it’s tempting to focus on the potential for scandal spread throughout this data, the details disclosed also provide insight into a previously difficult to characterize economy around custom exploit development, he told us.
“From the data revealed, it appears that government and law enforcement agencies around the world are willing to spend millions of dollars for the type of services that Hacking Team provides,” Erlin said. “This data will provide fuel to privacy organizations to ask difficult questions of government agencies around the world. With so many interested, and conflicting, parties involved, the responses over the next couple of weeks will be revealing.”
Craig Young, a security researcher at Tripwire, also gave us some insights into the hack. He told us one concern with this breach is that there is now source code available for some pretty nasty malware, including what would appear to be functional exploit code.
“Although most users would not know what to do with the source code release, it would be surprising if we don’t very quickly start seeing underground malware authors branching and repackaging the [Hacking Team] malware and selling it without restriction,” Young said. “A more responsible action may have been for the hackers to release a document dump while sharing the malware source code only with reputable security vendors for the purpose of creating detection routines.”