Some articles that i read in the last days about the “Hacking Team breach” (in constant update).
Last update: July 10, 2015 - 11:00 AM
General response to Hacking Team hack
Here in HackingTeam we believe that fighting crime should be easy: we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities. Technology must empower, not hinder.
On July 7, Marietje Schaake submitted the following Parliamentary Written Questions to the European Commission concerning the Italian company Hacking Team’s potential violations of EU sanctions.
I'll writeup how hacking team got hacked once they've had some time to fail at figuring out what happened and go out of business— Phineas Fisher (@GammaGroupPR) 7 Luglio 2015
While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password ‘P4ssword.’ What’s vulnerability commoditization got to do with it?
Yes, sometimes even the Hackers get Hacked. Hacking Team, one of the most controversial spyware and malware providers to governments and law enforcement agencies all around the world, allegedly been hacked, with some 500 gigabytes of internal data leaked over the Internet.
Stanotte Hacking Team, la controversa società italiana che vende software di sorveglianza a governi d’ogni sorta e per questo è etichettata come “nemica di Internet” da Reporter Senza Frontiere, è stata violata massicciamente
Italian surveillance software company Hacking Team has confirmed that it was hacked, resulting in the leak of 400GB worth of emails, documents, and other sensitive data on Monday.
Hacking Team, a major Italian manufacturer of malware for governmental use, appears to have been hacked. It is unknown how or by whom, but in theory it is possible it was hacked with help of its own products. Ironically, Hacking Team sells systems that allow its customers to hack. This incident underlines the risk of a boomerang effect as a result of allowing the unregulated sales of intrusion and surveillance technologies. Additionally, it underlines the need for companies to take effective action to ensure protection of data and systems.
Widely shared online, the stolen data includes a list of the countries that have bought Hacking Team’s main surveillance tool, Da Vinci, and emails suggesting intelligence agencies use it to spy on activists and journalists.
A leading cybersecurity firm was humiliated yesterday when its client database was stolen and published online by hackers.
At the end of last month, Hacking Team seemed untouchable. The company occupied a controversial niche in the security space, contracting out surveillance software to law enforcement agencies around the world.
The day after…
[…] ci siamo trovati perplessi di fronte alla presenza, fra i file trafugati a uno degli amministratori di sistema di Hacking Team, di un file di testo contenente un elenco di link a video pornografici […]
The digital security community has been reacting this week to leaked documents from italian surveillance company Hacking Team. The documents, which include lists of contracts and sales pitches to some of the worst authoritarian regimes and countries with weak democracies, show a global industry of sales to states of software that can invade and spy on personal computers and mobile devices almost without limit.
“Terroristi, estorsori ed altri possono implementare a volontà la nostra tecnologia”, spiega l’azienda milanese, che il 6 luglio è stata “derubata” di dati e documenti riservati. Il direttore del Dis, chiamato a riferire al Copasir sul caso, spiega che il rischio è infatti che dati della nostra intelligence siano stati hackerati. Prime conferme sull’utilizzo dei suoi software da parte dell’Aise, il nostro servizio per la sicurezza esterna
It’s one thing to have dissatisfied customers. It’s another to have dissatisfied customers with death squads. I don’t think the company is going to survive this.
In capo a 24/48 ore gli antivirus inizieranno a rilevare RCS/Galileo come Virus e a notificarlo ai soggetti che ne hanno una copia installata. Il che significa che non solo in 24/48 ore tali soggetti saranno in grado di rimuovere le sonde e quindi non più sotto il controllo dell’organismo di intercettazione, ma anche e soprattutto che una volta individuato il trojan avranno la matematica certezza di essere stati attenzionati dalle Forze dell’Ordine e quindi saranno perfettamente in grado di prendere contromisure e di provvedere a proteggersi in modo più efficiente.
So the Internet has been blowing up for the last few days about an Italian information security company called Hacking Team getting pwned – they were already pretty famous for their software RCS (Remote Control Software) also known as Galileo.
In un colloquio con La Stampa, l’azienda respinge le accuse, chiarisce alcune sue azioni, non risponde sul Sudan, il giorno dopo l’attacco che l’ha travolta
Not one person has been fired at Hacking Team as a result of the significant breach of its servers on Sunday, according to Eric Rabe, a company spokesman.
Flayed surveillance outfit Hacking Team is telling customers to suspend running instances of its software after 400GB of its source code and internal data was stolen and posted online
Milan-based Hacking Team tells customers to stop using its products after leaked documents reveal the product’s source code and the company’s history of selling to governments with records of human rights abuses.
Continua la saga della colossale fuga di dati (almeno 400 gigabyte) dalla società di sicurezza informatica italiana Hacking Team, iniziata epicamente ieri mattina e descritta in questo mio articolo. Questo articolo verrà aggiornato man mano che arrivano nuovi dati.
Un nuevo escándalo por espionaje en Ecuador parece haberse puesto al descubierto luego de que la empresa italiana Hacking Team fuera atacada el pasado domingo por hackers que divulgaron información confidencial de la compañía, llegando incluso a publicar contratos con gobiernos a través de Twitter.
Today WikiLeaks releases more than 1 million searchable emails from the Italian surveillance malware vendor Hacking Team, which first came under international scrutiny after WikiLeaks publication of the SpyFiles. These internal emails show the inner workings of the controversial global surveillance industry.
Wikileaks ha messo online un archivio cercabile contenente oltre un milione di mail provenienti dalla fuga di dati che ha colpito Hacking Team.
Just from Torrent File listing, Hacking Team's customers includes South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia.— Christopher Soghoian (@csoghoian) 6 Luglio 2015
Holy smokes, the HT dump includes an .xls spreadsheet listing every government client, when they first bought HT, and revenue to date.— Christopher Soghoian (@csoghoian) 6 Luglio 2015
The 0-Day Vulnerabilities
The vulnerability‘s root cause is simple. When the application calls for some GDI API (e.g., GDI32!NamedEscape), it can specify which font driver can be used in the font processing. ATMFD.dll is one of the font drivers. While the module processes the font data, there exists a buffer underflow, which is caused by a signed number extending.
È importante non saltare a conclusioni affrettate, ma questa mail di Hacking Team del 20 marzo scorso sembra parlare dell’esistenza recente di malware dentro l’App Store, capace di catturare “audio e screenshot a distanza”, senza richiedere jailbreak. Il malware sarebbe realizzato da un’azienda italiana. Se quest’apparenza venisse confermata, sarebbe uno smacco notevole per il modello di sicurezza di Apple.
It’s the worst-case scenario of the Hacking Team hack: the as-yet-unpatched Flash vulnerability revealed in the trove of source code leaked from the surveillance-ware company is being exploited in the wild.
Hacking Team is, indeed, into hacking – controversially, as it happens, because its main line of business is selling hacking and interception capabilities at a country level.
Researchers sifting through the confidential material stolen from spyware developer Hacking Team have already uncovered a weaponized exploit for a currently unpatched vulnerability in Adobe Flash, and they also may have uncovered attack code targeting Microsoft Windows and a hardened Linux module known as SELinux.
The Recent Cyber Attack that exposed 400GB of corporate data belonging to surveillance software firm Hacking Team has revealed that the spyware company have already discovered an exploit for an unpatched zero-day vulnerability in Flash Player.
Many companies have best practices and the Hacking Team, the “computer security experts” who sold hacking tools to various federal and state agencies around the world, are no exception. Their database of information includes a number of interesting hacking tips, including mention of a 0-day, unpatched hole in Adobe Flash that the company is currently closing.
È importante aggiornare Flash appena possibile, se lo usate, e magari disattivare la sua esecuzione automatica: oggi è una giornata ad alto rischio.
HackingTeam's android tools use Alephzain's framaroot and GeoHot's Towelroot, as fi01'sputuser exploits. We need reconsider how we publish— Justin Case (@jcase) 6 Luglio 2015
@disinformatico We did block them, even without the source code. This is confirmed by their internal wiki (which is now in the public).— Mikko Hypponen (@mikko) 7 Luglio 2015
Confidential source code stolen from Hacking Team, and subsequently leaked online, has revealed new software vulnerabilities that are exploited by the spyware maker to infect victims’ computers.
Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks.
Adobe tomorrow is expected to release an updated version of Flash Player that will patch a zero-day vulnerability uncovered among the 400 GB of data stolen from Hacking Team. - See more at: https://threatpost.com/adobe-to-patch-hacking-team-zero-day-in-flash/113658#sthash.ysJxs0dS.dpuf
More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to develop internal apps, but could not get its malware onto iOS devices.
The smoking guns
THE FBI IS one of the clients who bought hacking software from the private Italian spying agency Hacking Team, which was itself the victim of a recent hack.
Un potere quasi assoluto. Non solo di controllo e di intrusione, ma anche di manipolazione e creazione della realtà, attraverso l’alterazione a distanza delle memorie dei computer. Un delitto perfetto, reso possibile dalle potenzialità offensive del software della società milanese Hacking Team, usato dalle polizie e dai governi di tutto il mondo, il Remote control system (Rcs).
“Ci sono aziende che hanno abbandonato la Ue per non rispettare i vincoli sulla sicurezza. Noi siamo rimasti. Abbiamo subìto un furto e finiamo sotto accusa, incredibile”
These revelations, which Privacy International’s Deputy Director Eric King has called “the equivalents of the Edward Snowden leaks for the surveillance industry,” have clear geopolitical significance, and it’s likely the story will continue to unfold as journalists and researchers around the world begin to unpack the trove of documents and emails contained within the leak and put them in context.
E’ il malware punta di diamante dei prodotti della società milanese: è in grado di infiltrarsi in tutti i sistemi ed è invisibile per gli antivirus. Intercetta anche le conversazioni su Skype: i pirati in possesso dei file sottratti possono così entrare nei device già sotto sorveglianza
Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.
Hacking Team ha venduto il proprio malware di sorveglianza di massa ai servizi di sicurezza del Sudan, il cui governo ha una lunga e ben nota storia di abusi dei diritti umani: schiavitù, genocidio e uso di bambini come soldati, oltre che persecuzione di chi si batte per il rispetto di questi diritti.
The whole code-signing/walled-garden thing is supposedly to make you safer but Apple issued a cert for Hacking Team. https://t.co/1jBYP2sh3r— Frederic Jacobs (@FredericJacobs) 6 Luglio 2015
WTF? Why does the Hackingteam have this reference to child porn in their code? https://t.co/b32K3liM5y— Kevin Mitnick (@kevinmitnick) 6 Luglio 2015
- OpenSSL Security Advisory, 3rd May 2016: Patch, Patch ASAP!
- Tor in a company network: how to detect and block it?
- Mazar BOT campaign in Denmark and Italy
- BadLock: let's take stock of situation!
- The Panama Papers Leak – What You Need To Know
- Frederike Kaltheuner @ #IJF16: understanding predictive privacy harms