The Strategist

Hackers That Got Hacked

07/10/2015 - 17:01

An Italian company, which sells computer software for tracking and espionage, has itself become a victim of hackers. More than 400 gigabytes of private information got public.

Hacker attacks, or in other words, hacking other people's computer systems are outlawed. Nevertheless, this did not restrained the police and intelligence agencies around the world from the use of such methods - mostly infect other people's computers with malware to finally be able to listen to the conversations you have on Skype, read email, browse the hard drive contents, steal all kinds of documents stored on a computer or even possibly add new ones. Also, activate the built-in camera and microphone to discreetly spy on what is happening around.

Highly specialized firms develop all the necessary software tools for such a surveillance. And one of the most well-known companies with the characteristic title Hacking Team, based in Milan, suddenly became a victim of a hacker attack.

It is unknown when and how the attack happened. Information about this appeared in the night of Monday, July 6, when unknown persons broke into the company's account in Twitter and changed ‘Hacking Team’ to ‘Hacked-Team’. Afterwards, the hackers have posted something extremely unpleasant for the non-public Italian company: "Since we have nothing to hide, we publish all our e-mails, documents and source code."

And it actually happened: about 400 gigabytes of internal company information were made available to all the Internet users. Even a cursory analysis makes it clear: the Italian firm, which employs about 40 people, was not very picky in choosing clients. Apparently, tools for conducting surveillance were sold to governments of various countries, including those where human rights violated, civil activists persecuted, journalists intimidated and harassed.

Nearly 40 countries, including Kazakhstan, Uzbekistan, Ethiopia and Vietnam, have become Hacking Team’s clients. The list also features Sudan - despite the fact that in March of this year, the representatives of the Italian company claimed the opposite on the meeting of the UN Security Council in Sudan. The most important Hacking Team’s customers were Mexico, Italy and Morocco, followed by Saudi Arabia. Russia is also presented in this list, although sales of software for espionage are not allowed under the current EU sanctions.

It was not the first time when Hacking Team have been accused of selling software for surveillance and spying to countries, where civic engagement is stifled. Already in 2012, the international human rights organization "Reporters without borders" said that, among others, Italians of Hacking Team are "enemies of the Internet". Last year, a research group of the University of Toronto Citizen Lab has published the results of its own investigation on the distribution of Hacking Team’s programs in 21 countries.

Among other things, the Canadian cyberactivists indicate that spyware were used against at least one Moroccan journalist and against human rights activists in the United Arab Emirates. They also refute Hacking Team’s slogan that their programs are supposedly undetectable.

Getting in the limelight, together with a full list of their clients, is unpleasant enough in itself. But what even more painful is that hackers published the spying software’s source code. "Everyone who has ever bought and used Hacking Team’s software, now, in fact, can just throw it away" - says cybercrime specialist Sandro Gaycken.

According to him, since the program code has been revealed, one can simply fix the software flaws used for espionage. This drain of information means that all Hacking Team’s tools become useless, and the company will have to start all over again. And, in fact - as soon as they became aware of the hack, the Italian company called on its customers to stop using spyware software.