Hacking Team Hacked: 400GB of Confidential Data, Malware and Customers Lists Leaked Online
Hackers got hacked!
Hacking Team, one of the most controversial company’s in the security world who sells sophisticated spyware and malware products to governments and law enforcement agencies all around the world has been hacked, with some 400 gigabytes of internal data being leaked online. Leaked information contains troves of confidential data and even fully functioning malware samples.
An unknown hacker, or possibly group of hackers, not only managed to hack into the Hacking Team’s internal network and make off with client information, financial documents and internal emails, the hacker also managed to hijack the Hacking Team’s official Twitter account alongside one of their security engineer’s Twitter account, Christian Pozzi. The hacker replaced the team’s Twitter logo with one that read “Hacked Team”.
Following the Twitter hacks, the company had their page taken offline for a brief period time while Pozzi deleted his account @Christian_Pozzi entirely.
During the time the Twitter account was compromised, the hacker changed their company description to:
“Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.”
Huge Hacking Team Data Breach
Hacking Team is an extremely controversial company as they sell their products to government agencies and oppressive regimes around the world, however, the company has never disclosed clients or countries who bought products from them as such information is extremely confidential. The only information the company would confirm is to clients, and it is if another country was using the software, and that was all.
Leaked emails show security engineers and employee’s consistently lying to potential clients, confirming certain countries had not purchased their products when they in fact did and even have the $1.1 million invoice to prove it.
Information on Hacking Team clients was limited, but even more, the entire company is extremely vague with what their products are able to perform and who can use them. If looking at the million dollar price tag for some malware wasn’t enough, Hacking Team has been spotted promoting their products at law enforcement conventions, meetings and even to government agencies directly.
As their million dollar price tag states, their clients are likely high-profile and wish to stay completely off the radar, however, this wish did not come true.
Hacking Team’s internal data leak first appeared online after the Twitter account was compromised with a tweet reading “Since we have nothing to hide, we are publishing all our emails, files, and source code” along with a link to a torrent file containing some 400GB of data.
The data was released through bittorrent and some of the data was found re-uploaded on random servers throughout the Internet.
Stolen data includes list of Hacking Team customers, including former and current clients, which was leaked through Pastebin. Customers affected in the Hacking Team breach include the Federal Bureau of Investigation (FBI), Drug Enforcement Administration (DEA), Egypt, Ethiopia, Morocco, Nigeria, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Spain, Switzerland, Bahrain, Oman, Saudi Arabia and the UAE.
Other information leaked in the Hacking Team data breach includes a zero-day Flash exploit, Android malware, Windows malware, client lists, financial operations, confidential emails, company procedures alongside a trove of information researchers have yet to fully comb through.
To make matters even worse, the company has sent out emails to all of its customers, requesting they shut down all operations linked to their Remote Control System (RCS) software known as Galileo. What’s particularly striking about this action is that according to Hacking Team’s Six Confidential Whitepapers (PDF), the company has “no way of connecting to or receiving any information from the Customer’s RCS installation”.
According to the Hacking Team’s “crisis procedure,” they could have killed their clients operations remotely. Meaning the company does in fact have a backdoor into every customer’s software, giving them the ability to shut down client operations, something customers are never told about.
And if this wasn’t enough, Hacking Team’s Galileo software is watermarked, meaning everyone that has access to the 400GB Hacking Team dump can identify who bought the software and who they targeted with the malware.
Hacking Team is aware of the breach and noted so when speaking with Motherboard Vice on how the hack may have occurred, where the company said “we don’t think this was the work of just some random guy.”
Another leaked file contained employee and customer passwords which are just terrible and one employee, Pozzi, was even found having a file called login.txt on his desktop. Passwords found in the .txt were extremely weak and some were even less than eight characters. Leaked passwords included several variations of the word password, among other extremely weak passwords containing just single words, all lowercase and easily guessable.
It remains unclear who the perpetrator was, but a hacker known as Phineas Fisher, who hacked one of the Hacking Team’s competitors Gamma International, the spyware firm behind FinFisher, remains a suspect after writing several tweets just minutes after the attack.
We will keep you updated as the Hacking Team leak is still being combed through.
Sources:
The Intercept
Forbes