Yesterday the internet went ablaze with news that a controversial security firm known Hacking Team has been hacked. Hacking Team, who were for the most part unheard of a week ago, are a company that sells surveillance equipment to governments and security agencies so that those entities can then more easily monitor communications and decipher encrypted data. And in a case of almost blinding irony, they were in turn hacked and found to have wanting security. The Italian firm, which created software called ‘Da Vinci’ that assist governments and security agencies in the surveillance of encrypted data, found that 400GB of data that had been taken from them was made public via a torrent file.
The leaked information revealed that Hacking Teams has in the past had involvement with many governments which some would consider oppressive. It has as well been revealed that the firm has lied about whom they have and have not had business dealings with, as when they claimed not to have had any dealings with the Sudanese government. Clearly, Hacking Team is not well received by many people, and have even made the list of Enemies of the Internet put out by Reporters without Borders. The commercials they made for their product, to which the nicest thing I can say is that they are almost comically bad, certainly are not helping their image.
In that the hack yielded such a large amount of data, the repercussions of what is being discovered will reverberate for some time. What was immediately revealed was the rather long list of nations who have utilized the services of Hacking Team, a list which includes Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, UAE. Today those sifting through the data have brought to light that jailbreaking Apple products weakens them to vulnerabilities, that Hacking Team was spreading malware via Youtube and Microsoft Live, as well as exposing previously unknown Zero Day vulnerability, which Hacking Team refereed to as the “most beautiful Flash bug of the past four years”.
It is as of yet unclear who is responsible for hacking Hacking Team. As of this writing, ‘Hacking Team’ is still trending on Twitter with over 46k tweets. The irresistible irony is clear in the amount of enjoyment the internet is having over the exposed incompetence (and by extension, hubris) of Hacking Team. As if to add insult to injury as well as to show the incompetence of a team that has such an arrogant name, it was revealed to twitter that one of Hacking team’s security Engineers used variations of ‘password’ as many of his passwords.
Nothing screams "TRUST US, WE'RE A SECURITY COMPANY" like leaving text files on your desktop FULL OF CREDS pic.twitter.com/WCJCrWA5IM
— Dan Tentler (@Viss) July 6, 2015
ALL HIS PASSWORDS ARE PASSWORD.
This is *DEFINITELY* "good enough for government work". Hooooly craaaaap pic.twitter.com/eshIurqky2
— Dan Tentler (@Viss) July 6, 2015
It is clear that whomever hacked Hacking Team certainly enjoyed themselves in the process.
— Eliot Higgins (@EliotHiggins) July 6, 2015
Clearly, 400GB of data is a lot to sift through, and it is likely that the revelations from this hack will keep flowing.