HackingTeam
Latest
With Khashoggi, tech confronts its blood money
In 2015 we laughed at Hacking Team for getting hacked. Their profit-driven facilitation of human rights abuses around the world was somehow barely competent, but notorious. They sold illegal hackware and surveillance tech to brutal regimes and trained them in attacking citizens and journalists. We knew they were evil clowns. We just didn't expect what happened next.
Hacking Team is back
When you call yourself "Hacking Team," you're borrowing a legacy of persecution and suffering at the hands of legal authorities. The same kind that drove Aaron Swartz to become the most famous hacker suicide of our era. You're effectively wrapping yourself in a mantle bled into by the skins of coders and crackers who are considered criminals by wider society -- regardless of innocence. You've grafted your brandished title -- "Hacking Team" -- onto the backs of those living under the oppressive fear of being rounded up, stripped of rights, and imprisoned for vague, state-defined crimes.
That time your smart toaster broke the internet
Where were you the day the internet died? Last Friday the internet had its biggest hiccup to date when a whole bunch of major websites were maliciously knocked offline. Harnessing the weak security of internet-connected devices, like DVRs and cameras, the attackers used botnets implanted on the devices to traffic-overload the one business keeping those sites' domain names functional.
Malware hints that Hacking Team is back
Hacking Team has largely stayed under the radar after a gigantic leak exposed its spyware-selling ways, but the company might be on the rebound. Security researchers have noticed that recent Mac malware installs a version of Hacking Team's Remote Code Systems tool from around October, or three months after the outfit was publicly torn apart. There is a chance that a third-party group simply obtained and reworked some of the leaked source code, but clues suggest that this wasn't the work of amateurs.
2015's big hacks, attacks and security blunders
The security breaches, blunders, and disasters of 2015 tanked our trust in health insurance providers, credit agencies, the IRS, car manufacturers, connected toys for kids, and even "adult" dating sites. These stories shaped 2015, and forever changed the way we see data privacy and security. Most importantly, these painful moments in computer security affected millions, shaped government policy and validated our paranoia.
Hacking Team offers encryption breaking tools to law enforcement
Mere months after having more than 400 GB of confidential information stolen from its servers, spyware vendor Hacking Team has announced that it has resumed operations with a suite of digital tools to help law enforcement agencies get around pesky device encryption technology. In an email pitch sent to existing and potential new customers earlier this month, Hacking Team CEO David Vincenzetti, touted the company's "brand new and totally unprecedented cyber investigation solutions." The company has also been reportedly working on a revamped 10th edition of its proprietary Remote Control System, which constitutes the core of its software suite. There is no word, however, as to when RCS 10 will be made available. It also remains to be seen as to which, if any, law enforcement agencies will take Hacking Team up on its offer, given the company's recent security debacle. [Image Credit: Moment Editorial/Getty Images]
Colombia is conducting widescale illegal surveillance
Want to know why it's important to have checks on mass surveillance programs? Colombia should serve as a good example. Privacy International reports that the country not only collects bulk internet and phone data on a grand scale, but violates the law in the process -- it's supposed to require judicial approval for any surveillance, but regularly ignores that oversight. Colombian agencies have also relied on controversial tools like IMSI catchers (which scoop up nearby cellphone data) and Hacking Team's spyware, and they've sought to expand their powers rather than rein things in.
Russia apparently gets the blame for hacking Pentagon email
A couple of weeks ago the Pentagon's Joint Chiefs of Staff suddenly shut down its unclassified email network for all users, but didn't say why beyond citing "suspicious activity." Now, anonymous sources and unnamed government officials have told NBC and The Daily Beast that investigators believe the network was compromised through a spear phishing attacked launched by Russia. The only problem? Even for anonymous sources, they're kinda light on evidence.
Boeing and Hacking Team want drones to deliver spyware
Forget safeguarding drones against hacks -- if Boeing and Hacking Team have their way, robotic aircraft would dish out a few internet attacks of their own. Email conversations posted on WikiLeaks reveal that the two companies want drones to carry devices that inject spyware into target computers through WiFi networks. If a suspect makes the mistake of using a computer at a coffee shop, the drone could slip in surveillance code from a safe distance.
The human cost of global spyware sales
This year a number of major news stories released information on world governments buying, selling and using surveillance technologies on their citizens. These stories, reports -- and in some cases, hacktivist breaches and data dumps -- have served to verify the acquisition and use of spyware on citizens by dozens of diverse governments around the globe. We sought to answer one question: Why is this a problem, exactly?
Hacking Team boss thinks that he runs 'the good guys'
The CEO of Hacking Team has come out to defend his firm's behavior after a hack exposed the company's dirty laundry for all to see. In an interview with Italian newspaper La Stampa, David Vincenzetti said that his software was used to "fight the criminals" that are "operating on the border between the state of law and lawlessness." He went on to say that the company was relatively harmless since it doesn't "sell guns that could be used for years," and added that "we're the good guys." Sure thing, buddy.
Hacking Team helped Italian police to hijack internet addresses
The Border Gateway Protocol (BGP) is used to route traffic across the Internet -- and it's a pretty old, creaky protocol that's open to abuse. Back in August 2014, an Italian web hosting company faked ownership of 256 IP addresses, under the direction of a special arm of Italy's Military Police and Hacking Team. The police were trying to use the latter's remote control system malware to monitor targets of interest, but certain IP addresses were unreachable as their true owners, Santrex, kept them locked down for criminal use. Then, when Santrex apparently went out of business, the police remained locked out of these addresses.
Hacking Team's clients are a who's who of despotic regimes
We now know that Hacking Team, a company responsible for building some of the more notorious surveillance software in the world, was also doing business with some of the most notorious regimes in the world. How do we know this? Well a treasure trove of leaked documents found their way online. Thanks internet! Wondering just what actors the company was working with and how bad they were? Well check we've got a handy breakdown for you below.
Now you can explore Hacking Team's world of selling spyware
Plenty of ink has already been spilled about the Hacking Team's spectacular security meltdown, but why should the press have all the fun? WikiLeaks posted a searchable archive of over a million emails from the Italian IT firm last night, which means armchair sleuths can take a peek into the cloak-and-dagger world of selling spyware to governments with just a few clicks. Now obviously not everything contained in this hefty database is damning; lots of it just chronicles the day-to-day operations of a lucrative business. Every once in a while, you'll find something almost shocking in its mundanity, like this corporate email blast about restaurants in London that wound up in Hacking Team COO Giancarlo Russo's inbox. Still, there are plenty of juicier tidbits waiting for you if you keep a few keywords in mind.
How spyware peddler Hacking Team was publicly dismantled
What Hacking Team did Sold intrusion and surveillance software to governments and law enforcement around the world Full-service surveillance suites, including network infection, phishing, on-site training, monitoring, reports, and crisis management Penetrations tests and security assessments Malware and exploit development, including multi-browser exploits and several targeting Flash and Windows Early Monday morning, around 400GB of stolen internal company files belonging to Italian surveillance and intrusion software firm Hacking Team were distributed online through its freshly hacked Twitter account (changed to "Hacked Team"). They were hacked by a hacker, or hackers. It was hackenfreude. And because Hacking Team -- a Reporters Without Borders "enemy of the internet" -- was so universally reviled by infosec professionals for their dealings with despotic governments (among other things), it became a group effort. Hackers around the world dug into the illicit files and all but completely dismantled Hacking Team's business, and reputation.
Makers of controversial government surveillance software hacked
When you call your enterprise "Hacking Team" you'd like to think you're pretty on top of that whole, well, hacking thing. Yet here we are, telling you about how the aforementioned organization has just seen 400GB of data pilfered from its servers, and put onto BitTorrent for all to see. Hacking Team is known for its controversial "Da Vinci" software that allows governments and law enforcement agencies to monitor encrypted communications such as email and Skype conversations, and collect evidence on citizens. It's fair to say it's not popular with journalists and privacy advocates.
The DEA's using powerful spyware for surveillance too
The war on drugs has a surprising soldier amongst its ranks: Italian spying software. As Motherboard's sources tell it, the Drug Enforcement Administration's dropped $2.4 million on surveillance tools that are capable of intercepting phone calls, texts, social media messages, and can even take hold of someone's webcam and microphone. Oh, Remote Control System (as its officially called) can grab passwords, too. Almost sounds like a video game, right? The Hacking Team-developed software (the outfit behind Ethiopian cyberattacks on US journalists), can be installed on the sly and grants access to data that may very well be encrypted or otherwise inaccessible by other means. It comes hot on the heels of news that the DEA's been collecting phonecall metadata for an awfully lot longer than the NSA, too. Naturally, no one on either side of the story has been eager to open up to Motherboard, and presumably journalists in general.
Ethiopia is hacking US journalists with commercial spyware
Ethiopia's government is among the most oppressive political regimes on the African continent, only trailing Eritrea in its population of incarcerated journalists. And with the country's recent implementation of off-the-shelf spyware from Italian security firm Hacking Team, Ethiopia's leaders can--and have been--expanding their despotic reach far overseas.
