Hacking Team hacked

Discussion in 'privacy general' started by mirimir, Jul 5, 2015.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    https://twitter.com/hackingteam
    http://www.csoonline.com/article/29...ked-attackers-claim-400gb-in-dumped-data.html
     
  2. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,627
    @mirimir An intersting read.
    I had to Google the word schadenfreude as I had no idea what it meant. To save others from having to do the same, it means pleasure derived by someone from another person's misfortune.
     
  3. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    Puts a smile in my face... As karma always does.
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
    "Update 5:
    Hacking Team currently has, based on internal documents leaked by the attackers on Sunday evening, customers in the following locations:
    Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, UAE

    The list, and subsequent invoice for 480,000 Euro, disproves Hacking Team's claims that they have never done business with Sudan. According to Human Rights Watch, Sudanese security forces have repeatedly and violently suppressed protestors demonstrating against the government, with more than 170 killed in 2013."

    http://www.csoonline.com/article/29...ked-attackers-claim-400gb-in-dumped-data.html

    Good to see this information becomes public.
     
  5. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I don't get it- why is selling malware to human rights violators legal and a legitimate enterprise, while selling/using banking trojans, cryptolocker, etc criminal? It seems that the former has even worse consequences than the latter.
     
  6. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Last edited: Jul 6, 2015
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Reactions to the Hacking Team breach
    http://www.net-security.org/secworld.php?id=18594
     
  9. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    1,812
    Last edited: Jul 6, 2015
  10. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    4,867
    Location:
    Outer space
  11. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    Not really. The source code has been dumped too.
    Those guys really **possibly offensive phrase removed**, they had a profitable and established business but they did not secure their systems enough to avoid an hack like that.

    http://motherboard.vice.com/read/hacking-team-asks-customers-to-stop-using-its-software-after-hack
     
    Last edited by a moderator: Jul 7, 2015
  12. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    I'm hoping the dump includes information on what vulnerabilities they are exploiting, and whether they have reported those vulnerabilities.
     
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
  14. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,832
    Location:
    UK
    This is one of the truly toxic issues with schemes involving SigInt with criminal cases using offensive hacking techniques (whether HT or not) - because whereas normal police evidence rules work reasonably to avoid planting of evidence, the opposite appears true of these kinds of "Equipment Interference" methods, as the recent UK Home Office guidelines appeared to want to do. Modification of the system, and the ability to plant files is intrinsic to their systems (including discrediting people they don't like), and the defendant has no defence - hardly justice. I hope if it ever comes to it, the courts will immediately throw the case out.
     
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak
    http://blog.trendmicro.com/trendlab...r-flaws-more-pocs-found-in-hacking-team-leak/
     
  16. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    It should force the reopening of many of the CP convictions. I've long been convinced that this has been used to incarcerate many of those who crime is that they're hostile to the PTB. Don't count on the courts for help. At best, most are hopelessly behind the reality of the times. Many of them are puppets of the administration. The sad part of this is that some of us have been trying to warn others for years about these very things and were labeled as paranoid and tin foil hat material.
     
  17. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    From the article.
    Of course it's not "seen" in the wild. It's being used for targeted attacks. Use it to plant some porn. Arrest the individual, confiscate the equipment, eliminate the evidence of how it got there.
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
  19. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I hope they can reveal a method to determine if a device is compromised by their crapware. A list of files or ADS to search for would be nice.
     
  20. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    Maybe, just maybe, all that evidence was planted on Ross Ulbricht's laptop...

    Hacking Team sells itself on being able to crack the deep web after all...
     
  21. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    No, list based detection went out in the early 00's as it can be gamed. Anything like this will need to be based on behavior analysis compared to a known, secured, and clean example of the devices...
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Is that true for a known and fixed set of malware, such as the dump from Hacking Team?
     
  23. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I imagine that anything can be "gamed" by such an adversary. Either way, it's a starting point, especially if you can examine the contents from another OS. Another possibility would be a list of specific strings used by the malware that one could search for in the files and memory. Assuming that their malware is persistent, it has to exist somewhere, either on the hard drives or in the firmware. Firmware is a reasonable possibility in cellphones and such where the hardware is consistent. With PCs, there's too many different devices and components for a "one infects all" hardware/firmware code. I doubt that most LEAs would have specific exploits for each type of hardware or the skills to properly deploy it. For PCs, laptops, etc, I'd expect to see something that lives on the disk.
     
  24. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    Dirty ******** ! This episode won't go away quickly, & rightly so.

    Some of the certs that HT used, so might be a good idea to delete them !
     
  25. Coldmoon

    Coldmoon Returnil Moderator

    Joined:
    Sep 18, 2006
    Posts:
    2,981
    Location:
    USA
    The detection would still work for that specific content but now that it is out of the bag so to say, it will be altered and obfuscated at some point. As Adobe has already announced that a patch should be out on Wednesday the malware will become less effective or useful over time.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.