Last week it was revealed that hackers have leaked over 400GB of personal emails, source code, and other confidential information from the controversial Italy-based security company Hacking Team. The company has been known to supply malicious spyware to governmental agencies and organizations across the world, including many deemed to have a poor human rights records, like Egypt, Russia, Saudi Arabia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.
The company first came into public view in 2011 when WikiLeaks obtained material from various organizations across the world that revealed “the global mass surveillance industry,” all of which was published under WikiLeaks’ “Spy Files” series. Among the documents, it was revealed that Hacking Team had been working closely with governments to develop spyware, including “a highly innovative IT security system which…allows Law Enforcement Agencies to attack and control target PCs from a remote location.”
Since Tuesday, researchers and civil rights advocates have been pouring over the leaked data, which is now available on WikiLeaks and which appears to contradict the notorious spyware-peddler’s carefully constructed PR image, while uncovering several dangerous spywares as well as numerous shady transactions with large corporations, law enforcement agencies, and other governmental organizations.
Aside from their well-known reputation for dealings with repressive governments, the leaked documents have revealed a darker side to the company’s operation, particularly their relationship with Western governments. According to leaked spreadsheets and emails, Hacking Team’s past customers include the US Drug Enforcement Administration, the US Army, the FBI, the the UK police and the UK’s Customs and Excise agency.
According to one spreadsheet initially reported by Wired, the FBI paid Hacking Team more than $773,226.64 since 2011 for services relating to the Hacking Team product known as “Remote Control Service,” which is also marketed under the name “Galileo.” One spreadsheet column listed simply as “Exploit” is marked “yes” for a sale in 2012, an indication that Hacking Team may have bundled attack code that remotely hijacked targets’ computers or smartphones.
According to leaked emails dating from 2011 to early this year, the UK Metropolitan Police, the Serious and Organised Crime Squad (now part of the National Crime Agency), and the UK’s Customs and Excise agency (part of HM Revenue & Customs) have all considered purchasing Hacking Team spyware, which can be used to monitor users and organisations via Wi-Fi access points.
Hacking Team has been repeatedly condemned by human rights groups, including Reporters Without Borders, who named Hacking Team as one of the “enemies of the Internet” because its software was employed by governments with explicit hostility to press freedom. The recent leak has put mounting pressure both on the company and critics have suggested that Hacking Team may not recover from the damage inflicted by the leak, which is uncovering fresh allegations almost daily.
Hacking Team Malware
Since 2011, Hacking Team has secured a reputation for developing ominous malware, including spyware which tracks user behavior remotely and malware that identifies weaknesses in well-known software. As of Friday, researchers found new data on the so-called “Flash 0-Day” malware, which targets a zero-day vulnerability in Adobe Flash and which the company described as “the most beautiful Flash bug for the last four years.” If users navigate to a page with a corrupt Flash player, the malware can be added through the browser without the user’s knowledge. What’s more, users of Internet Explorer are especially susceptible to the bug and even users of Chrome, with its advanced security defenses, have fallen victim to the malware. At the time of writing, Adobe has not released a fix.
Hacking Team has also employed remote access spyware tools to compromise various hardware, including Android and Blackberry phones and Windows devices. Following the leak, researchers analyzing the data from antivirus provider Trend Micro uncovered malicious code that specifically targets Microsoft Windows and a hardened Linux module known as SELinux.
As if their backroom transactions with governments and their development of malware wasn’t enough to destroy their reputation for good, the leak also revealed worrying Hacking Team source code related to the codename Galileo that shows embedded references to child porn.
Hackers Against Hackers
This is the first time that a controversial surveillance firm has been hacked. In 2014, documents leaked online showed that software created by the controversial UK-based Gamma Group International was used to spy on computers that appeared to be located in the US, the UK, Germany, Russia, Iran, and Bahrain. The hack sheds new light on the capabilities of hackers to combat malicious online practices and could herald the beginning of an exciting resource to locate and disable malware.