My good friend Richard Adhikari has written yesterday a very good article about this incident. Read it here: Hacking Team’s Dingy Laundry Hung Out Online
Here is where I get quoted as founder of Sorin Mustaca IT Security Consulting:
A Black Bag Job?
“It could be that some government agency who’s a customer of Hacking Team decided to discredit them and force them to close their doors,” said Sorin Mustaca, founder of Sorin Mustaca IT Security Consulting.
“These special customers don’t like to leave traces of their acquisitions,” he told the E-Commerce Times.
Here are additional comments
Apparently, on Sunday night many people managed to download the content from bittorrent (before it was taken down).
The reports speak of confirmations of selling intrusion tools to various regimes and contract documents with some of their customers.
Here is the list of countries:
Please enjoy this list of @hackingteam's customers from their Wiki. Kazahkstan! Sudan! Russia! Saudi Arabia! pic.twitter.com/xdKGiRFV6f
— Eva (@evacide) July 6, 2015
Surprised to see Germany among the list of customers?
Eduard Snowden already warned of this, so this can be seen as a cross verification with other sources and not as a brand new piece of news. The consequences will show up in the European countries , especially Germany, where governments get severely scrutinized by various NGOs, privacy associations and the press. Also Italy should not like to see its name in the list since the company is Italian.
According to The Verge who is quoting others, they were indeed intercepting non encrypted HTTP traffic and were rewriting the URLs to redirect the targeted users to malicious links. Once clicked, the user would install a software that would spy on that particular user. Bad stuff… Very hard to detect.
What does the security services industry do about it?
This clearly shows that the security industry was, is at least a step behind the hackers.
And maybe it is time to start to think differently about IT security and how to apply it in corporations.
Let’s not forget that most corporations still think in compartmentalized security: network, workstation, server, mobile devices.
Tools like those created by Hacking Team are way beyond this reduced (and laughable) view on security.
It is not even a month since Kaspersky announced that they were infiltrated (Duqu 2) and this for a long time.
Leaving the marketing layer aside, this shows that pretty much anyone can become a victim of such tools.
Strangely, I haven’t read anything about this company [Hacking Team] creating tools to be used to perform corporate espionage. However, nothing would prevent someone (person or organization) to spy on various persons on high ranking positions in corporations.
As a conclusion, I think that everyone expects now to see governments on such disclosure lists. So, this is no longer big news since Snowden.
The situation would change radically if we would see a company like Google, Microsoft, or some retail giant on a disclosure list like this one. This would require another shift in how we think about Internet and computing.
Here are multiple links that talk about this incident (thanks to Richard for summing them up):
Hacking Team hit by breach; leak suggests it sold spyware to oppressive regimes – ZdNet.com 20150706
Hacking Team Breach Shows a Global Spying Firm Run Amok – Wired 20150706
Hacking Team spyware company hacked, embarrassing emails revealed – theverge.com 20150706
Hacking Team is spreading government malware through YouTube and Microsoft Live – theverge.com 20140815
Major Government Spying Service Supplier Hacked, 400GB of Data Stolen – Gizmodo 20150706
Tweet by EFF’s Eva Galperin listing Hacking Team’s customers
© Copyright Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch