The Italian Hacking Team, which sells software tools with zero-day exploits for secret surveillance purposes to law enforcement agencies, woke up to a living nightmare as anti-surveillance people rejoiced.
The Hacking Team’s Twitter named changed to “Hacked Team” as unknown attackers took control of the company’s Twitter account. The bio was changed as well, reading, “Developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.” All tweets were given in a first-person point-of-view as if the Hacking Team (HT) were tweeting. The first tweet said, “Since we have nothing to hide, we’re publishing all our e-mails, files and source code.” From there on out, tweets included internal company info supplied by unknown attackers and the stolen information went viral via a 400GB torrent.
Example of the Hacked Team’s tweets before they were deleted.
For several hours, some people’s tweets included #IsHackingTeamAwakeYet while other tweets claimed the Hacking Team’s engineer Christian Pozzi’s Gmail account password had been changed, implying he was awake now. Eventually Pozzi responded with a yes and that the company was “currently working closely with the police;” another tweet vowed that “the people responsible for this will be arrested.”
As CSO’s Steve Ragan pointed out, Pozzi’s Twitter account was hijacked after he threatened security researchers.
As you can see in the tweets, Pozzi claimed the attackers were spreading lies and that the torrent includes a virus.
John Adams, a former Twitter security dude, fired back that it contains all of their viruses and that those holes will finally get patched. A fine example of this came from Mozilla security guru Daniel Veditz, who tweeted that the first person who filed the Firefox vulnerabilities that HT was exploiting would get the bug bounty.
You could try to see Pozzi’s tweets for yourself, but he has since deleted his Twitter account.
Many groups, including Kaspersky Lab and Citizen Lab, have claimed the Hacking Team’s Remote Control System toolkits were being sold to nations known for killing citizens and journalists who opposed them. HT has always denied selling to oppressive regimes, but EFF Global Policy Analyst Eva Galperin tweeted a list of countries which are the Hacking Team’s customers and @SynAckPwn linked the Hacking Team to Sudan, Ethiopia, Lebanon and Egypt.
Christopher Soghoian, the ACLU’s principal technologist for the Speech, Privacy and Technology project, tweeted a screenshot of a letter showing the Hacking Team did sell to Sudan, but told the UN the company “did not consider the Remote Control Software to be a weapon.” He also tweeted a screenshot showing HT pirates “security research tools.”
Maybe Microsoft will get huffy since HT was supposedly using pirated copies of Office and other software. The Hacking Team also allegedly sold exploits for Word, PowerPoint, IE, Excel as well as malware to pwn mobile devices for surveillance purposes.
Before deleting his account, Pozzi claimed HT does not create viruses, but instead creates “custom software solutions.”
It’s been reported that “the managing director of the company used the password ‘Passw0rd’ across every system.” Pozzi’s passwords stored in Firefox were included in the data dump as well as some passwords of HT’s clients which Ragan said included “HTPassw0rd, Passw0rd!81, Passw0rd, Passw0rd! and Pas$w0rd.”
One of the leaked emails showed the Hacking Team gloating about its “wannabe competitor” FinFisher getting “severely hacked.” It’s just as likely other companies who sell zero-day exploits and surveillance software are secretly pleased that unknown attackers pressed their feet to the Hacking Team’s throats, but those companies might also be sweating a bit, wondering if they might be breached next.
According the alleged client renewal list, HT’s contract with the DEA expired in Dec. 2014 and the FBI’s expired but a week ago on June 30, 2015. The Department of Defense is listed as “not active.” Perhaps after people have more time to pour through the files some additional questions such if the NSA sent any reports to or had any contracts with the Hacking Team will be answered, since the NSA responded to a Nov. 2013 Freedom of Information Act request by asking the filer to pay $1,000 up front for the request to be processed.
Before you tweet or otherwise post a link to stolen files, consider what happened to Barret Brown and remember that could land you in prison. Nevertheless, there are torrents, magnets, breakdowns with indexed files and mirrors galore; the looted booty should deliver insight into the Hacking Team and its tools and provide fodder for hundreds of articles.