'Hacking Team' Asks Customers to Stop Using Its Software After Hack

After suffering a massive hack, the controversial surveillance tech company Hacking Team is scrambling to limit the damage as well as trying to figure out exactly how the attackers hacked their systems.

But the hack hasn’t just ruined the day for Hacking Team’s employees. The company, which sells surveillance software to government customers all over the world, from Morocco and Ethiopia to the US Drug Enforcement Agency and the FBI, has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned.

“They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.

6 Likes

:smiley: It’s a wee shame, never mind who watches the watchmen, it’s who hacks the hackers. They say you reap what you sow, this seems to back that up nicely.

12 Likes

I only followed the tweets on this, but I think one reason HT are panicking, and their customers are panicking, might be that they had put a backdoor in their code, with a watermark that identifies the software package being used with the customer.

Tut tut tut, a backdoor being found and exploited in ways unintended. Who’d have thought. Please note, FBI, GCHQ, David Cameron!

Backdoor = insecure.

So essentially, the hackers of HT will have had access to their customers systems. For how long I wonder. Oops!

And of course, HT are toast.

8 Likes

I’m sure, and deservedly. But do you doubt that their design was directed by NSA, GCHQ, Mossad, or all of the above? They just weren’t supposed to be hoist by their own petard.

2 Likes

Its starting to happen, the global spy system will find its not a bunch of silos but one massive container busting like a dam. Dumped, locked out and searched- instant transparency. And searched for the good stuff quickly. When they lose credibilty and prove themselves ineffective and inefficient they get defunded and that makes room for a new start. They’ve come to depend on this unnatural advantage and are going to be stumbling in the dark without it.

2 Likes

The day the few gave control (Dependant on computers) to the geniuses was truly the last day they owned the world. I still question whether the few have realized it yet?

2 Likes

Maybe the whole sordid lot gets busted wide open and stored on SAFE for some Big Data analysis of our own…before they wipe and move to an actual secure system over the next 10 years.

1 Like

Behind the curtain of the Hacking Team hack

The world watched on as Hacking Team was publicly stripped and flogged—virtually at least—over the last couple days. My colleague Steve Ragan covered the unfolding events in exquisite detail and today the dust continues to settle as we sift through the 400GB of leaked data and find the salacious, juicy tidbits.

It does seem like Hacking Team has some explaining to do regarding its client list. The leaked data lists a number of oppressive nations as customers despite Hacking Team’s very vocal claims that it does not do business with such governments. Aside from the obvious discrepancy between Hacking Team’s assertions and the list of clients leaked from this hack, though, is there really anything to “hang” Hacking Team for?

For example, just because Saudi Arabia is listed as a client does that mean the Saudi Arabian government itself is the client? If so, which department or office? Or, is it possible that it just means Hacking Team has customers in that country, which may or may not be the actual government itself? I have not studied the leaked data personally, so perhaps those questions answer themselves if you just review the data.

The software itself isn’t the problem. This type of surveillance / monitoring tool is widely used. According to Craig Young, security researcher at Tripwire, “These tools could be used by a private corporation to monitor employees. For example, a company concerned about employees stealing trade secrets may pre-load employee computing devices with monitoring software. It could also be the case that some companies would like to glean information from competitors. In some cases the software may also be used to gain intelligence on customers like a bank validating whether funds are coming from an illegal enterprise.”

“It could be just as simple as a client of a company that delivers network monitoring software for internal use. Whether that’s for internal use or to warn of a potential hack, all the hype around the Hacking Team is to do with “bad” software that put them on the map. They had to start somewhere and this client list makes no indication of exactly what does and does not make them a client for,” explained Mark James, security specialist at ESET.

Ultimately, if Hacking Team is dealing with shady governments or customers it’s certainly not unique or alone. If it wasn’t Hacking Team then some other developer would step in to fill the void. We’ve entered into an era of unbridled cyber espionage, bordering on cyberwar, and security vendors like Hacking Team seem to have emerged as the mercenary arms dealers of the digital battlefield.

“One important take away from all of this is that governments around the world are focusing their resources on offensive techniques,” notes Mark Kraynak, chief product officer at Imperva. “Ironically, this means they are doing many of the same things – building malware and surveillance tools similar to spyware – that the “bad” guys are doing but for different purposes. Also ironically, it means that the incremental exposure represented by this breach might not actually be so big, as the “bad” guys already are doing many of the same things.”

Kraynak points out that in the end it really means that businesses and individuals are left to their own devices to defend themselves. Unfortunately the only place to turn is to the same developers and security vendors that are selling the surveillance tools in the first place.

“The software itself isn’t the problem. This type of surveillance / monitoring tool is widely used. According to Craig Young, security researcher at Tripwire, “These tools could be used by a private corporation to monitor employees. For example, a company concerned about employees stealing trade secrets may pre-load employee computing devices with monitoring software. It could also be the case that some companies would like to glean information from competitors”

The surveilance software is the problem. It trades useful privacy for useless secrecy and conflates the two. No privacy with secrecy, the two are almost in inverse relation.

I’d say these companies don’t have any right to or expectation of secrecy. Seems like they will just have to treat employees right as we move toward fixing the courts and laws so effort isn’t wasted on trying to enforce secrecy. The mind isnt about silos either.

Reminds me of Greece. Those with the money want to resist having skin in the game. They dont want bankruptcy or other means that make debt more constructive. No, they want zero risk pure extraction and they want austerity or fraud as a back up to socialize all risk and loss. And as above the people with the bs secrets think everyone else should forfeit their lives over it.

You might find this site interesting in unraveling current world events…I like the guys approach as it highlights some of the more esoteric aspects of world governance.

He’s brought to my attention the importance of Multilateral/Multi-Polar Vs Unilateral

How the globalists will play the coming Greek disorder

2 Likes

Only their customers systems? What about all the people their customers have under surveillance? Does the backdoor let the hackers know exactly who is under the surveillance? I would not be shocked if they did.

This would mean Eve could soon morph into Mallory.

Is Eve a friend of Alice and Bob? I’m useless with names, especially the security team. Can you give me some references for Eve and Mallory so I can go google it? Ta :smiley:

Usually Alice and Bob are friends (good guys) Eve is the (Evesdropper) bad person. Mallory is generally a more aggressive Eve (so changes stuff or is active). Ah hang on it’s all here in WikiPedia Alice and Bob - Wikipedia

2 Likes

FFS, theres hunners o them… Ahm no buying a round for that lot.

1 Like

Seems like the significance of this should not be underestimated.

This is not just the erosion of the tool maker and tools that entities like the NSA use, it is the public outing of this information. This suggests the NSA and entities like it have had a bunch of holes in their hulls and taking on water for a long time but they don’t necessarily know how long. When the hack got a hold of all the fed employee records and when this hack appeared they collective add up to a gag order on these agencies.

These entities can now be black mailed on their current roster of employees by entities outside the agency. That may have always been the case but this type of stuff seems bigger than the Wikileaks stuff in a way. These entities own contractors were spying on them and in doing so who knows how many Mallory(s) to do the same. And just because they shut down this huge hole in their hulls there may now be countless others that they don’t know about because these outside entities got a look at their innards.

Over and over again we’ve seen the big entities like Sony get hacked again and again and no matter how much the ratchet up security they can’t stop it and they can’t even spin it. They are taking hit after hit in fire at will fashion. Hacking is over-riding sponsorship its overriding money. Its a new kind of very forceful speech, you’re making a statement when you break the instruments of censorship. This in itself is changing the world narrative.

Turn off the software… its like a sub without periscope or sonar. All it can do is surface.

NSA? Tools? On Github?

System Integrity Management Platform (SIMP)

Something hilarious about this. Maybe “puppet” is well known stuff that my lack of specialized knowledge makes me unaware of but its funny because the readme talks about “puppet server,” puppet this and puppef that, even has “puppet labs” and the disclaimer talks about the USG not being held account able if someone blows up the universe with spaceship rocket fuel:

"In no event shall the United States Government be liable for any direct, indirect, incidental, special, exemplary or consequential damages (including, but not limited to, procurement of substitute goods or services, loss of use, data or profits, or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this Guidance, even if advised of the possibility of such damage.

The User of this Work agrees to hold harmless and indemnify the United States Government, its agents, and employees from every claim or liability (whether in tort or in contract), including attorneys’ fees, court costs, and expenses, arising in direct consequence of Recipient’s use of the item, including, but not limited to, claims or liabilities made for injury to or death of personnel of User or third parties, damage to or destruction of property of User or third parties, and infringement or other violations of intellectual property or technical data rights.

Nothing in this Work is intended to constitute an endorsement, explicit of …any private manufacturers wares…"

https://puppetlabs.com/ fairly mainstream configuration tool

2 Likes

But it stands that their spy tool(s) are spying on them by unknown parties and the people they bought them from. We dont know if this is an isolated case but seems improbable that it would be especially since it got out into the public. Maybe if Federal employees were better paid and treated they would have less of an issue. They get pissed about one spy but they have automated leaks. Sounds like the USG would like to wipe their data and the incriminating evidence Dick Cheny style but they may be losing that option depending on how wide spread this type of situation is.

I keep thinking of the East German government trying to dump data as the wall was coming down but latter getting what they tried to shred scanned and searched.

How “Phineas Fisher” took down Hacking Team.

http://pastebin.com/raw/0SNSvyjJ

1 Like