Hacking Team Scrambling To Limit Damage Brought On By Explosive Data Leak 95
An anonymous reader writes: Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies? A hacker who goes by "Phineas Fisher" claims it was him (her? them?). In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company. They sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") — even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team's Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer.
Re: (Score:2)
Re:Phineas is masculine (Score:5, Insightful)
Who needs a name? Statistical probability indicates that person is almost certainly a male.
Re: (Score:2)
That doesn't say anything of the gender of the person using that nom de plume.
Oh no, please don't let this turn into a LBGT debate
Re: (Score:2)
Re: (Score:2)
Phineas Freakowoski agrees.
Re: (Score:1)
Phineas is all talk. Ferb is the real man of action.
Irony (Score:1)
Let's hope they see how much it hurts people when stuff like this happens, and change their ways.
Nobody cries when the thief gets robbed.
The enemy of my enemy != my friend (Score:5, Interesting)
Re: (Score:2)
If this were a turf war, the spoils of the compromise would not have been laid out on the lawn for the world to see. The contents would have been used against the Hacked Team to disrupt their business and then added to the attackers own product catalog. In this scenario the market value of the stolen intellectual property has been nullified.
Re: (Score:2)
Re: (Score:2)
I would first think about simply black mailing them.
Blackmail is illegal. One crime at a time. Releasing this data, done well, won't lead back to you. Blackmail is only useful if you get paid, and that creates a trail. You know they can scan and record the serials in 1 million in small non-sequential bills in a pretty short period these days, right?
The fickle finger of fate..... (Score:5, Insightful)
Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.
If someone has a link the to torrent, please post it.
Re: (Score:1)
Re: The fickle finger of fate..... (Score:5, Funny)
I'll drink to that! Wait...
Re: (Score:3)
That's why we all morally obligated to track down evildoers and punch them in the balls. I'm pretty sure Thomas Jefferson wrote that, somewhere.
Re: (Score:1)
Re: (Score:1)
And the more people you piss off, the more likely it is that one (or more) of them will exact that justice. As just happened to Hacker Team.
Re: (Score:2)
Re: (Score:3, Informative)
Sure - the torrent is:
https://mega.co.nz/#!Xx1lhChT!rbB-LQQyRypxd5bcQnqu-IMZN20ygW_lWfdHdqpKH3E
mirror at:
https://ht.transparencytoolkit.org/
source code up on guithub:
https://github.com/hackedteam?tab=repositories
Re: (Score:1)
https://ht.transparencytoolkit.org/c.pozzi/Desktop/you.txt
Ahahahaha
Re: (Score:2, Interesting)
Y'know it's funny... This particular leak has spurred the economy. I went out yesterday and bought a 3TB drive specifically to have extra space to download and extract and peruse the 400 GB of Hacker Team evilware. Current ETA gives me 11 more hours before I'm done but I think it's worth it just to poke around.
Re: (Score:2)
Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.
If someone has a link the to torrent, please post it.
Karma applies to your next life, not this one.
Re: (Score:2)
So do you remember or are you just guessing?
I read an interesting short story once where the protagonist died and before being reincarnated was surprised to learn that you could be born before you died. That in fact, you could be born at any point in time and might be interacting with yourself if you happened to be born twice in the same time period, and you wouldn't know because you forget everything when you're born. Then it was slowly revealed that not only
Re: (Score:1)
http://www.thrivenotes.com/the-last-answer/
That is the story you are looking for I believe. Isaac Asimov. :)
Re: (Score:3)
I'd never read that story, and I consider myself an Asimov fan. Thank you!
I was thinking of this one http://www.galactanet.com/oneo... [galactanet.com]
Re: (Score:2)
I wrote a sci-fi novel that involved reincarnation called Transcendence.- shameful plug
http://www.lulu.com/au/en/shop... [lulu.com]
Re: (Score:3)
torrent [transparencytoolkit.org]
Re: (Score:1)
> fickle finger of fate
I wanna see the fickle finger of beating their balls in the woods until they swell to the size of cantaloupes.
Re: (Score:2)
If someone has a link the to torrent, please post it.
A Google search shows http://infotomb.com/eyyxo.torr... [infotomb.com] I can't vouch for this link as I can't download it, not enough storage space.
Couldn't have happened to a nicer group of people (Score:5, Insightful)
Ah, schadenfreude. Seeing these jerks die by the sword they have wielded against the rest of us is just too satisfying.
I particularly like how it's come out that they were backdooring (and presumably screwing, or at least reserving the opportunity to screw) their own ethically-challenged customer base.
Really, it's not nice to take such delight in the downfall of others, but it just feels so damn good.
Re: (Score:1)
Yep, a great number of our most 'prestigious' institutions need this little lesson. I hope it starts happening much more often, especially around election time, to test peoples' faith.
Intel Store Front? (Score:2)
This singular fact may lead to the exposure of this company as a very impressive, long-term false front for an intel shop. Probably not the NSA, given that the FBI (backdoor irony alert) and other FedGov organs were apparently customers. Who *is not* on that customer list: GCHQ? Interpol? Russia?
There may be a popcorn short
The only way the public will learn... (Score:1)
is to take big brothers toys away from them and show everyone how undermining the security measures of the global tech. economy and culture is tantamount to shooting yourself in the foot.
This is a lesson to everyone... (Score:4, Insightful)
This is a lesson... software with backdoors, the backdoors eventually get found out. This is a real proof against the anti-encryption lobby, that if encryption is gutted, then only the bad guys will have actual security.
Even if it something that requires a private key to access, the private key can be hacked or physically stolen if stashed on a HSM.
Re: (Score:2)
Heh, even the bad guys don't seem to have actual security.
Re: (Score:2)
Re: (Score:3)
show everyone how undermining the security measures of the global tech. economy and culture is tantamount to shooting yourself in the foot.
Are you kidding? The powers that be will spin this as proving their point:
If it weren't for all this evil encryption they would have no problem catching the villainous hackers that perpetrated these crimes against humanity by these supporters of terrorism and child pornography for the children. It's only because of un-backdoored evil encryption that the angelic powers of all good failed to stop these terroristic endeavours which exposed this good company that has help the FBI foil 1 million terrorist plots
Plus some GPL code (Score:5, Interesting)
Also some GPL derived drivers that they have been distributing to their customers. https://twitter.com/mjg59/stat... [twitter.com]
What Were They Hoping For? (Score:5, Insightful)
Re:What Were They Hoping For? (Score:5, Insightful)
I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...
I can easily see a few reasons for them to watermark their customer's installations of their software. First is obviously leverage against prosecution. Second would be to determine who did what with their software. Their own back door would allow them to kill software on a non-paying customer (or one that caused litigation). The last is an increase in revenue. There are some interesting ways to encrypt your binaries which the watermarks could have done. Sudan's software would not be able to run Nigeria's software for example, so this would ensure that everyone pays for everything individually.
Lots of reasons for an immoral shitbag company to do immoral shitbag things to everyone, not just "some" people.
Re: (Score:2)
Sure, but this is all stuff that is par for the course with laws like SOPA, TPP, UCITA, and so on.
Really, Hacking Team was just doing things the way the software industry thinks everybody should be operating.
Re: (Score:2)
Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.
FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.
Re: (Score:2)
Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.
FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.
They are certainly the way the software industry thinks everybody should be operating, which is all I claimed. I did not claim that all of those laws/treaties/etc were products of the software industry. I'm not sure how you can claim that the Uniform Computer Information Transactions Act wasn't though.
Re: (Score:2)
*Owner in the sense of the paying entity running it.
Re: (Score:2)
You seem to be attempting to isolate applications that phone home from software with a back door. One does not discount the other, and one is not necessarily better or worse than the other. We happen to see more legitimate applications phoning home (CAD/CAE software for example) but Botnet hosts do also.
Phoning home is something that can be detected, so the high end software won't.
Re: (Score:1)
paying money for backdoored trojans
.... must erase mental picture....
Holy crap ... (Score:4, Interesting)
So basically even security researchers are morons who put in secret back doors?
Bloody idiots.
This is really simple: companies need to have very strict liability for doing stupid stuff like this. Putting secret backdoors should be treated the same as hacking into it ... especially if someone else exploits that.
Re: (Score:2)
Security researchers?
You might want to go do some research for yourself and find out who these guys actually were.
Re:Holy crap ... (Score:4, Insightful)
These guys are not "security researchers" doing responsible disclosure or even just quietly helping secure their own customers against unpublished threats.
The might be doing research; but they are basically arms dealers. Weaponizing software and selling it to whoever will pay.
I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.
The phrase "there is no honor among thieves" comes to mind.
Re: (Score:3)
I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.
Here's the problem with doing business with criminals, whether they're ordinarily-labeled "criminals" or intelligence agencies or whatever: if they're incompetent, you don't want to do business with them because of all the ways in which they can implicate you. But if they're competent, you don't want to do business with them because of all the ways in which they could take advantage of you. If they're incompetent, then they ought to be little danger to you, so you don't need that kind of protection. If they
Re:Holy crap ... (Score:4, Interesting)
The files (Score:1)
To begin to be secure we need to reduce bloat (Score:1)
Right now everything we touch is excessively bloated and unscrutinised. We need to eliminate 99.999% of the bloat. There is a ton of code under the hood that is not needed. I'd love to see a group analyse that bloat and eliminate it. There are a lot of features implemented to spec in an attempt to cover all bases that nobody actually uses in the real world. If nobody is actively using it then it should be eliminated.
When security is more important than backwards compatibility (government, etc) it's one of t
Re: (Score:2)
People tend to define "bloat" as "all the stuff I don't use". Everything they do use is a "critical feature". Of course, the problem is there's about a few million to a few billion other people (depending on which software you're talking about) that also use that software.
Let's see... where to start? How about all that accessibility code that you never use, because you're not handicapped? Maybe all the Unicode support, because you don't need to read or type Chinese, German, or Russian? Let's also get r
All this talk about... (Score:2)
fickle fingers, watermarks, explosive data leaks, reducing bloat, secret backdoors. I mean it just doesn't help the fact that I ...
... oh man, I don't think I'm gonna make it to the bathroom.
Mehâ¦bullshiters (Score:2)
Inside any corp dump this large is dirt. What it really reveals is that this company enjoys an excess of hubris likely along with a money cushion with which to entitle it
Quis custodiet ipsos custodes? (Score:1)
HT is untrustworthy (Score:4, Informative)
Yet, according to ]Hacking Team[ Six Confidential Whitepapers on cryptome.org, HT explicitly state on page 31
So, if HT lie to their rather high powered customers about a major detail like that, what else?
ERROR : Xzibit overflow (Score:2)
Debian (Score:1)
No mention of iceweasel and family. I may delete my X server after reading all those stuff, they hate GUI programs.
"Secretly" watermarked ?? (Score:2)
If this were even moderately uncommon software (e.g. a global market of tens of thousands or fewer), and moderately valuable (ten thousand dollars per seat-year, or so) then I'd expect the vendor to have put in some sort of watermarking as part of the license validation software. I'm pretty sure that our software (which works in this region) incorporates the putative license number and the 16-byte serial number of the hardware