Hacking Team Hacked – What You Need To Know

So the Internet has been blowing up for the last few days about an Italian information security company called Hacking Team getting pwned – they were already pretty famous for their software RCS (Remote Control Software) also known as Galileo.

In modern digital communications, encryption is widely employed to protect users from eavesdropping. Unfortunately, encryption also prevents law enforcement and intelligence agencies from being able to monitor and prevent crimes and threats to the country security. Remote Control System (RCS) is a solution designed to evade encryption by means of an agent directly installed on the device to monitor. Evidence collection on monitored devices is stealth and transmission of collected data from the device to the RCS server is encrypted and untraceable.

Hacking Team Hacked - What You Need To Know

They’ve been selling RCS, exploit kits and more shady darkweb tools exclusively to governments, and have done some pretty shady deals – including selling to Sudan who are basically committing genocide and Saudi Arabia. Reports Without Borders lists them as an enemy of the Internet – https://surveillance.rsf.org/en/

The other is a list of five “Corporate Enemies of the Internet,” five private-sector companies that are “digital era mercenaries.” The five companies chosen are Gamma, Trovicor, Hacking Team, Amesys and Blue Coat, but the list is not exhaustive and will be expanded in the coming months. They all sell products that are liable to be used by governments to violate human rights and freedom of information.

The countries it’s known to have sold to include Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea, Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia, Sudan, Thailand, Turkey, UAE, and Uzbekistan…and probably others as well.

There’s an in-depth report here from 2014 on the usage of RCS – Mapping Hacking Team’s “Untraceable” Spyware.

Remote Control System (RCS) is sophisticated computer spyware marketed and sold exclusively to governments by Milan-based Hacking Team. Hacking Team was first thrust into the public spotlight in 2012 when RCS was used against award-winning Moroccan media outlet Mamfakinch, and United Arab Emirates (UAE) human rights activist Ahmed Mansoor. Most recently, Citizen Lab research found that RCS was used to target Ethiopian journalists in the Washington DC area.

And more here including RCS manuals and analysis – Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide.

We’re publishing in full, for the first time, manuals explaining the prominent commercial implant software “Remote Control System,” manufactured by the Italian company Hacking Team. Despite FBI director James Comey’s dire warnings about the impact of widespread data scrambling — “criminals and terrorists would like nothing more,” he declared — Hacking Team explicitly promises on its website that its software can “defeat encryption.”

So they’ve been known about, and in the limelight for quite some time – but why this blew is up is they actually got hacked. From some initial analysis, it looks like they’ve been compromised since January or so but just this week whoever penetrated them released what they’d collected.

A mammoth 415GB cache of goodies including source code, customer lists, documents, confidential e-mails, password lists, private keys and MUCH more was unleashed and set the infosec community on fire. Mirror here – https://ht.transparencytoolkit.org/

It’s also causing some security fall-out panic as an Adobe Flash 0-day leaked during the dump has gone into the wild, already integrated into common exploit kits.

The vulnerability is cataloged as CVE-2015-5119 and is active in Flash versions and earlier. According to security firm Rapid 7, it stems from a use-after-free bug that can be exploited while Flash is handling ByteArray objects. The update is available for Windows, Mac OS X, and Linux systems. Adobe has credited Google’s Project Zero and Morgan Marquis-Boire, director of security, First Look Media, for reporting the critical bug and working to protect Flash users.

Coined by many now as ‘Hacked Team’ there is a Github repo of the same name with all the source code from the leak: https://github.com/hackedteam

I don’t know if anyone else noticed, but some of the imported repos actually link to an active Github account called ‘alor‘ – which is Hacking Team employee Alberto Ornaghi (an active Software Architect at Hacking Team according to his LinkedIn).

Another fascinating part of the leak is the price list of their software, you view the full RCS price list here: Remote Control System – Price Scheme

And also the FULL RCS 9 admin guide here – RCS 9 Administrator’s Guide

There’s an almost non-stop stream of chatter about this on Twitter too, where you can see various people exploring various parts of the dump: #hackingteam

More from Wired: Hacking Team Breach Shows a Global Spying Firm Run Amok

Few news events can unleash more schadenfreude within the security community than watching a notorious firm of hackers-for-hire become a hack target themselves. In the case of the freshly disemboweled Italian surveillance firm Hacking Team, the company may also serve as a dark example of a global surveillance industry that often sells to any government willing to pay, with little regard for that regime’s human rights record.

The Guardian: Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim

The cybersecurity firm Hacking Team appears to have itself been the victim of a hack, with documents that purport to show it sold software to repressive regimes being posted to the company’s own Twitter feed.

The Italy-based company offers security services to law enforcement and national security organisations. It offers legal offensive security services, using malware and vulnerabilities to gain access to target’s networks.

And well anywhere you search now basically will be shouting about Hacking Team Hacked, Google News for example – just search “Hacking Team”:

Hacking Team

Currently the front page + 192 more articles are available. So go read some more!

It’ll be interesting to see what else is uncovered from this treasure trove of illicit software and governmental communications. I’d personally be scared if I had some really pissed clients that have their own personal armies..

Posted in: Exploits/Vulnerabilities, Legal Issues

Latest Posts:

Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.

Comments are closed.