Weekly Roundup Special Edition: all about Hacking Team!



Some articles that i read in the last days about the “Hacking Team breach” (in constant update).

HackedTeam

Last update: July 10, 2015 - 11:00 AM

General response to Hacking Team hack

HT Hack


The company

HT

Here in HackingTeam we believe that fighting crime should be easy: we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities. Technology must empower, not hinder.

http://www.hackingteam.it/index.php/about-us

On July 7, Marietje Schaake submitted the following Parliamentary Written Questions to the European Commission concerning the Italian company Hacking Team’s potential violations of EU sanctions.

Written Questions on the Italian company Hacking Team’s potential violations of EU sanctions - marietjeschaake.eu

Mapping HT Spyware Mapping Hacking Team’s “Untraceable” Spyware - citizenlab.org

A Global Campaign to Monitor the “Digital Weapons” Trade - techpresident.com


The attack

While the Italian surveillance company sells government agencies high-end zero-day proof-of-concept exploits, it secures root systems with the password ‘P4ssword.’ What’s vulnerability commoditization got to do with it?

Hacking Team Zero-Day Shows Wide-Spread Dangers Of All Offense, No Defense - darkreading.com

Yes, sometimes even the Hackers get Hacked. Hacking Team, one of the most controversial spyware and malware providers to governments and law enforcement agencies all around the world, allegedly been hacked, with some 500 gigabytes of internal data leaked over the Internet.

‘Hacking Team’ Gets Hacked! 500GB of Data Dumped Over the Internet - thehackernews.com

Stanotte Hacking Team, la controversa società italiana che vende software di sorveglianza a governi d’ogni sorta e per questo è etichettata come “nemica di Internet” da Reporter Senza Frontiere, è stata violata massicciamente

Lo spione spiato: Hacking Team si fa fregare 400 giga di dati. Compresi gli affari con governi impresentabili - attivissimo.blogspot.it

Italian surveillance software company Hacking Team has confirmed that it was hacked, resulting in the leak of 400GB worth of emails, documents, and other sensitive data on Monday.

Hacking Team confirms it was hacked - zdnet.com

Hacking Team, a major Italian manufacturer of malware for governmental use, appears to have been hacked. It is unknown how or by whom, but in theory it is possible it was hacked with help of its own products. Ironically, Hacking Team sells systems that allow its customers to hack. This incident underlines the risk of a boomerang effect as a result of allowing the unregulated sales of intrusion and surveillance technologies. Additionally, it underlines the need for companies to take effective action to ensure protection of data and systems.

Hacking Team company at receiving end of hacks - marietjeschaake.eu

Widely shared online, the stolen data includes a list of the countries that have bought Hacking Team’s main surveillance tool, Da Vinci, and emails suggesting intelligence agencies use it to spy on activists and journalists.

Hackers steal data from surveillance company - bbc.com

A leading cybersecurity firm was humiliated yesterday when its client database was stolen and published online by hackers.

Hackers expose secrets of cyber security experts: Leading firm is left humiliated after database is stolen and published on Twitter - dailymail.co.uk

At the end of last month, Hacking Team seemed untouchable. The company occupied a controversial niche in the security space, contracting out surveillance software to law enforcement agencies around the world.

The hack that took down a global spyware vendor - theverge.com


The day after…

Hacking Team’s reaction after getting hacked HT Reaction

[…] ci siamo trovati perplessi di fronte alla presenza, fra i file trafugati a uno degli amministratori di sistema di Hacking Team, di un file di testo contenente un elenco di link a video pornografici […]

Hacking Team e quei link a YouPorn: una possibile spiegazione non comica - attivissimo.blogspot.it

The digital security community has been reacting this week to leaked documents from italian surveillance company Hacking Team. The documents, which include lists of contracts and sales pitches to some of the worst authoritarian regimes and countries with weak democracies, show a global industry of sales to states of software that can invade and spy on personal computers and mobile devices almost without limit.

In Light of Hacking Team Leaks, EFF and Latin American Civil Society Groups Call for Greater Oversight of Surveillance Technology - eff.org

“Terroristi, estorsori ed altri possono implementare a volontà la nostra tecnologia”, spiega l’azienda milanese, che il 6 luglio è stata “derubata” di dati e documenti riservati. Il direttore del Dis, chiamato a riferire al Copasir sul caso, spiega che il rischio è infatti che dati della nostra intelligence siano stati hackerati. Prime conferme sull’utilizzo dei suoi software da parte dell’Aise, il nostro servizio per la sicurezza esterna

Hacking Team, servizi segreti: “Possibile impatto su software e dati della nostra intelligence” - ilfattoquotidiano.it

It’s one thing to have dissatisfied customers. It’s another to have dissatisfied customers with death squads. I don’t think the company is going to survive this.

More on Hacking Team - Schneier on Security

In capo a 24/48 ore gli antivirus inizieranno a rilevare RCS/Galileo come Virus e a notificarlo ai soggetti che ne hanno una copia installata. Il che significa che non solo in 24/48 ore tali soggetti saranno in grado di rimuovere le sonde e quindi non più sotto il controllo dell’organismo di intercettazione, ma anche e soprattutto che una volta individuato il trojan avranno la matematica certezza di essere stati attenzionati dalle Forze dell’Ordine e quindi saranno perfettamente in grado di prendere contromisure e di provvedere a proteggersi in modo più efficiente.

HackingTeam: di cosa dovete DAVVERO aver paura - mgpf.it

So the Internet has been blowing up for the last few days about an Italian information security company called Hacking Team getting pwned – they were already pretty famous for their software RCS (Remote Control Software) also known as Galileo.

Hacking Team Hacked – What You Need To Know - Darknet.org.uk

In un colloquio con La Stampa, l’azienda respinge le accuse, chiarisce alcune sue azioni, non risponde sul Sudan, il giorno dopo l’attacco che l’ha travolta

Hacking Team: “Non è la nostra fine” - lastampa.it

Not one person has been fired at Hacking Team as a result of the significant breach of its servers on Sunday, according to Eric Rabe, a company spokesman.

Days after Hacking Team breach, nobody fired, no customers lost - arstechnica.com

Flayed surveillance outfit Hacking Team is telling customers to suspend running instances of its software after 400GB of its source code and internal data was stolen and posted online

Pwned Hacking Team tells cops, govts to shut down software - theregister.co.uk

Milan-based Hacking Team tells customers to stop using its products after leaked documents reveal the product’s source code and the company’s history of selling to governments with records of human rights abuses.

Italian Surveillance Software Maker Falls Victim To Doxing Attack - darkreading.com

Continua la saga della colossale fuga di dati (almeno 400 gigabyte) dalla società di sicurezza informatica italiana Hacking Team, iniziata epicamente ieri mattina e descritta in questo mio articolo. Questo articolo verrà aggiornato man mano che arrivano nuovi dati.

Hacking Team, il giorno dopo - attivissimo.blogspot.it

Un nuevo escándalo por espionaje en Ecuador parece haberse puesto al descubierto luego de que la empresa italiana Hacking Team fuera atacada el pasado domingo por hackers que divulgaron información confidencial de la compañía, llegando incluso a publicar contratos con gobiernos a través de Twitter.

Ecuador Gobierno de Correa espía ciudadanos con empresa italiana #HackingTeam - ubicatv.com


The leak

HT Leak

Today WikiLeaks releases more than 1 million searchable emails from the Italian surveillance malware vendor Hacking Team, which first came under international scrutiny after WikiLeaks publication of the SpyFiles. These internal emails show the inner workings of the controversial global surveillance industry.

Hacking Team - wikileaks.org

Wikileaks ha messo online un archivio cercabile contenente oltre un milione di mail provenienti dalla fuga di dati che ha colpito Hacking Team.

È finita: WikiLeaks pubblica un milione di mail di Hacking Team. Con pratica funzione di ricerca

Hacking Team Leak Online Archive (MIRROR 1)

Hacking Team Leak Online Archive (MIRROR 2)

Sourcecode on GitHub


The 0-Day Vulnerabilities

Reading the HT coverage when suddenly a flash 0 day that works on Chrome appears 0Day Flash

The vulnerability‘s root cause is simple. When the application calls for some GDI API (e.g., GDI32!NamedEscape), it can specify which font driver can be used in the font processing. ATMFD.dll is one of the font drivers. While the module processes the font data, there exists a buffer underflow, which is caused by a signed number extending.

A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak - trendmicro.com

È importante non saltare a conclusioni affrettate, ma questa mail di Hacking Team del 20 marzo scorso sembra parlare dell’esistenza recente di malware dentro l’App Store, capace di catturare “audio e screenshot a distanza”, senza richiedere jailbreak. Il malware sarebbe realizzato da un’azienda italiana. Se quest’apparenza venisse confermata, sarebbe uno smacco notevole per il modello di sicurezza di Apple.

Perché Hacking Team discuteva di malware dentro l’App Store di Apple? - attivissimo.blogspot.it

It’s the worst-case scenario of the Hacking Team hack: the as-yet-unpatched Flash vulnerability revealed in the trove of source code leaked from the surveillance-ware company is being exploited in the wild.

Hacking Team-derived Flash exploit is now in the wild hijacking PCs - theregister.co.uk

Hacking Team is, indeed, into hacking – controversially, as it happens, because its main line of business is selling hacking and interception capabilities at a country level.

Flash zero-day leaks out from “Hacking Team” hack, patch expected Real Soon Now - nakedsecurity.sophos.com

Researchers sifting through the confidential material stolen from spyware developer Hacking Team have already uncovered a weaponized exploit for a currently unpatched vulnerability in Adobe Flash, and they also may have uncovered attack code targeting Microsoft Windows and a hardened Linux module known as SELinux.

Hacking Team leak releases potent Flash 0day into the wild - arstechnica.com

The Recent Cyber Attack that exposed 400GB of corporate data belonging to surveillance software firm Hacking Team has revealed that the spyware company have already discovered an exploit for an unpatched zero-day vulnerability in Flash Player.

Zero-Day Flash Player Exploit Disclosed in ‘Hacking Team’ Data Dump - thehackernews.com

Many companies have best practices and the Hacking Team, the “computer security experts” who sold hacking tools to various federal and state agencies around the world, are no exception. Their database of information includes a number of interesting hacking tips, including mention of a 0-day, unpatched hole in Adobe Flash that the company is currently closing.

Adobe Is Patching A Hole The Hacking Team Used To Exploit Flash - techcrunch.com

È importante aggiornare Flash appena possibile, se lo usate, e magari disattivare la sua esecuzione automatica: oggi è una giornata ad alto rischio.

Anche se non v’importa di Hacking Team, i suoi trucchi sono già in mano ai criminali: meglio impostare bene Flash - attivissimo.blogspot.ch

Confidential source code stolen from Hacking Team, and subsequently leaked online, has revealed new software vulnerabilities that are exploited by the spyware maker to infect victims’ computers.

Critical Adobe Flash, Windows zero-days leak from Hacking Team raid - theregister.co.uk

Adobe Systems Inc. says its plans to issue a patch on Wednesday to fix a zero-day vulnerability in its Flash Player software that is reportedly being exploited in active attacks.

Adobe to Patch Hacking Team’s Flash Zero-Day - krebsonsecurity.com

Adobe tomorrow is expected to release an updated version of Flash Player that will patch a zero-day vulnerability uncovered among the 400 GB of data stolen from Hacking Team. - See more at: https://threatpost.com/adobe-to-patch-hacking-team-zero-day-in-flash/113658#sthash.ysJxs0dS.dpuf

Adobe to Patch Hacking Team Zero Day in Flash - threatpost.com

More than 36 hours after the huge cache of data from Hacking Team’s corporate network was dumped online, researchers are continuing to find surprising bits and pieces in the documents. Among them is evidence that the company had an enterprise developer certificate from Apple, allowing it to develop internal apps, but could not get its malware onto iOS devices.

Hacking Team Couldn’t Hack Your iPhone - threatpost.com


The smoking guns

HT SG

THE FBI IS one of the clients who bought hacking software from the private Italian spying agency Hacking Team, which was itself the victim of a recent hack.

The FBI Spent $775K on Hacking Team’s Spy Tools Since 2011 - wired.com

Un potere quasi assoluto. Non solo di controllo e di intrusione, ma anche di manipolazione e creazione della realtà, attraverso l’alterazione a distanza delle memorie dei computer. Un delitto perfetto, reso possibile dalle potenzialità offensive del software della società milanese Hacking Team, usato dalle polizie e dai governi di tutto il mondo, il Remote control system (Rcs).

Hacking Team, il software Rcs che può truccare il computer con false prove: dubbi sull’uso nelle inchieste - ilfattoquotidiano.it

“Ci sono aziende che hanno abbandonato la Ue per non rispettare i vincoli sulla sicurezza. Noi siamo rimasti. Abbiamo subìto un furto e finiamo sotto accusa, incredibile”

Hacking Team: “I clienti che abusano del nostro software vengono cancellati” - repubblica.it

Hacking Team and FinSpy Clients

These revelations, which Privacy International’s Deputy Director Eric King has called “the equivalents of the Edward Snowden leaks for the surveillance industry,” have clear geopolitical significance, and it’s likely the story will continue to unfold as journalists and researchers around the world begin to unpack the trove of documents and emails contained within the leak and put them in context.

Hacking Team Leaks Reveal Spyware Industry’s Growth, Negligence of Human Rights - eff.org

E’ il malware punta di diamante dei prodotti della società milanese: è in grado di infiltrarsi in tutti i sistemi ed è invisibile per gli antivirus. Intercetta anche le conversazioni su Skype: i pirati in possesso dei file sottratti possono così entrare nei device già sotto sorveglianza

Hacking Team, cos’è il virus Da Vinci: spia email, sms e web su qualsiasi dispositivo

Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance technology to countries with dubious human rights records.

A DETAILED LOOK AT HACKING TEAM’S EMAILS ABOUT ITS REPRESSIVE CLIENTS - firstlook.org

Hacking Team ha venduto il proprio malware di sorveglianza di massa ai servizi di sicurezza del Sudan, il cui governo ha una lunga e ben nota storia di abusi dei diritti umani: schiavitù, genocidio e uso di bambini come soldati, oltre che persecuzione di chi si batte per il rispetto di questi diritti.

Hacking Team e la fattura al Sudan: nuovi documenti smontano la difesa dell’azienda - attivissimo.blogspot.it

Realtime