Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

The hackers were hacked
SECURITY SHELF

The hackers were hacked 

Hacking Team develops cyber weapons for governments. According to their website, they specialize in endpoint exploitation: “In modern digital communications, encryption is widely employed to protect users from eavesdropping. Unfortunately, encryption also prevents law enforcement and intelligence agencies from being able to monitor and prevent crimes and threats to the country security. Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.”

Ironically, in July 2015, Hacking Team was hacked. The intruder made publicly available approximately 400 GB of client files, contracts, financial documents, internal emails, and source code, tweeting the URL from Hacking Team’s own twitter account.

Hacking Team has remained silent on how they were hacked. In his blog post entitled, “How was the Hacking Team hacked?”, blogger Simon Edwards pointed to data suggesting that an employee’s computer was compromised while logged in, allowing the intruder to retrieve passwords from a text file stored on an encrypted volume. “The lesson to learn from this story,” wrote Edwards, “is that even excellent encryption has its limits. Hard disk encryption is great for protecting lost or stolen computers and disks, but it won’t hinder attackers who have access to your computer while you are logged in. Whether they creep over to your desk during a rest break, or install malware remotely over the internet, it amounts to the same thing.”

If Edwards is correct, the hack is even more ironic: Hacking Team was likely hacked using endpoint exploitation techniques similar to those they sell to their clients. The hacker claiming responsibility, known online as “Phineas Fisher”, also claimed responsibility for the 2014 hacking Gamma International, the maker of FinFisher spyware. FinFisher source code, pricing, support history, and other related data were also published on the Internet.

According to The Guardian, leaked documents suggest that Hacking Team’s clients include the governments of Azerbaijan, Sudan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia and the UAE. Many of these governments have been criticised by international human rights organizations for their aggressive surveillance of citizens, activists, and journalists.

The publication of Hacking Team source code rapidly lead to the identification of the exploits used to attack endpoints, including three zero-day Adobe Flash vulnerabilities. Documents also suggest that Hacking Team routinely purchases zero-day exploits for use in their product.

Hacking Team’s responded in their July 7, 2015 news release, highlighting the danger of the compromise, “It is now apparent that a major threat exists because of the posting by cyber criminals of Hacking Team proprietary software on the Internet the night of July 6. Hacking Team’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.” It also reiterated their intent to remain in the business of providing hacking tools, “Hacking Team engineers are working around the clock to provide an update to the Remote Control System that will allow clients to resume criminal and intelligence investigations.”

So, the hackers were hacked. There is little doubt that Hacking Team was the victim of a criminal intrusion, but it is difficult to feel sorry for a company whose sole mission is to create intrusive cyberweapons.

Have a security question you’d like answered in a future column? Email eric.jacksch@iticonline.ca

Related posts