https://twitter.com/hackingteam http://www.csoonline.com/article/29...ked-attackers-claim-400gb-in-dumped-data.html
@mirimir An intersting read. I had to Google the word schadenfreude as I had no idea what it meant. To save others from having to do the same, it means pleasure derived by someone from another person's misfortune.
"Update 5: Hacking Team currently has, based on internal documents leaked by the attackers on Sunday evening, customers in the following locations: Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, UAE The list, and subsequent invoice for 480,000 Euro, disproves Hacking Team's claims that they have never done business with Sudan. According to Human Rights Watch, Sudanese security forces have repeatedly and violently suppressed protestors demonstrating against the government, with more than 170 killed in 2013." http://www.csoonline.com/article/29...ked-attackers-claim-400gb-in-dumped-data.html Good to see this information becomes public.
I don't get it- why is selling malware to human rights violators legal and a legitimate enterprise, while selling/using banking trojans, cryptolocker, etc criminal? It seems that the former has even worse consequences than the latter.
It's very interesting to know who did this hack..I could not find any hint, so far. Edit: update. http://motherboard.vice.com/read/hacker-claims-responsibility-for-the-hit-on-hacking-team
Is the Hacking Team finished? Unlikely - its software works http://www.techworld.com/blog/war-o...finished-unlikely-its-software-works-3618799/
Hacking Team responds to data breach, issues public threats and denials. haha yeah sure it does, your gonna have to do better than that, "hacked team". lol
Hacking Team using legitimate digital certificates for SSL and code signing, they even have a root cert in browsers: https://twitter.com/agl__/status/618207653089538048
Not really. The source code has been dumped too. Those guys really **possibly offensive phrase removed**, they had a profitable and established business but they did not secure their systems enough to avoid an hack like that. http://motherboard.vice.com/read/hacking-team-asks-customers-to-stop-using-its-software-after-hack
I'm hoping the dump includes information on what vulnerabilities they are exploiting, and whether they have reported those vulnerabilities.
If I'm seeing this right, it looks like their software could be used to plant evidence on a targets device. http://webcache.googleusercontent.c...er/lib/rcs-common/evidence/file.rb&complete=0 Now we know why child porn is supposedly so widespread.
This is one of the truly toxic issues with schemes involving SigInt with criminal cases using offensive hacking techniques (whether HT or not) - because whereas normal police evidence rules work reasonably to avoid planting of evidence, the opposite appears true of these kinds of "Equipment Interference" methods, as the recent UK Home Office guidelines appeared to want to do. Modification of the system, and the ability to plant files is intrinsic to their systems (including discrediting people they don't like), and the defendant has no defence - hardly justice. I hope if it ever comes to it, the courts will immediately throw the case out.
Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak http://blog.trendmicro.com/trendlab...r-flaws-more-pocs-found-in-hacking-team-leak/
It should force the reopening of many of the CP convictions. I've long been convinced that this has been used to incarcerate many of those who crime is that they're hostile to the PTB. Don't count on the courts for help. At best, most are hopelessly behind the reality of the times. Many of them are puppets of the administration. The sad part of this is that some of us have been trying to warn others for years about these very things and were labeled as paranoid and tin foil hat material.
From the article. Of course it's not "seen" in the wild. It's being used for targeted attacks. Use it to plant some porn. Arrest the individual, confiscate the equipment, eliminate the evidence of how it got there.
Hacking Team asks customers to stop operations and don’t use its malware http://securityaffairs.co/wordpress/38390/cyber-crime/hacking-team-hack-part-2.html
I hope they can reveal a method to determine if a device is compromised by their crapware. A list of files or ADS to search for would be nice.
Maybe, just maybe, all that evidence was planted on Ross Ulbricht's laptop... Hacking Team sells itself on being able to crack the deep web after all...
No, list based detection went out in the early 00's as it can be gamed. Anything like this will need to be based on behavior analysis compared to a known, secured, and clean example of the devices...
I imagine that anything can be "gamed" by such an adversary. Either way, it's a starting point, especially if you can examine the contents from another OS. Another possibility would be a list of specific strings used by the malware that one could search for in the files and memory. Assuming that their malware is persistent, it has to exist somewhere, either on the hard drives or in the firmware. Firmware is a reasonable possibility in cellphones and such where the hardware is consistent. With PCs, there's too many different devices and components for a "one infects all" hardware/firmware code. I doubt that most LEAs would have specific exploits for each type of hardware or the skills to properly deploy it. For PCs, laptops, etc, I'd expect to see something that lives on the disk.
Dirty ******** ! This episode won't go away quickly, & rightly so. Some of the certs that HT used, so might be a good idea to delete them !
The detection would still work for that specific content but now that it is out of the bag so to say, it will be altered and obfuscated at some point. As Adobe has already announced that a patch should be out on Wednesday the malware will become less effective or useful over time.