Hacking Team Release Ludicrous Statement

This story is so preposterous that I am going to play a little game called; “who are the hypocrites here.” Hacking Team, who recently fell to a cyber attack have released a statement claiming to be victims and have bluntly claimed that they have “always operated with the law and regulation in an ethical manner.”

You heard it right, when government officials start inventing ludicrous laws which state that hacking citizen’s phones and computers for data is actually legal, you arrive at the juncture where the Italian spyware firm claim that “there was only one Violation of Law in this entire event, and this was “the massive cyber attack on the Hacking Team”

Now I don’t condone hacking, well I do in this case where rival decent hackers exposed nearly 50GB of data, this included internal documents such as internal emails, hacking tools zero day exploits, surveillance tools, source code for Spyware and a spreadsheet listing and every government client with date of purchase and amount paid.

Out of balance and to be fair to Hacking Team, I have viewed their statement and what really stands out is the following few lines.

“The company has always sold strictly within the law and regulation as it applied at the time any sale was made. That is true of reported sales to Ethiopia, Sudan, Russia, South Korea and all other countries”

Well, those are true democracies which really do underpin Hacking Teams morals. The scary thing is, if you give a despot surveillance tools, this could have well led to deaths and suffering of citizens.

There are no winners in these revelations with perceived democratic countries also using these tools along with many dodgy dictators. Hacking Team also state that “there had not been “access to the data collected by company’s clients using purchased spying software, as such information is only stored on the customer’s systems and can’t be accessed by the company itself.”

This is the tip of a seedy and unethical Iceberg, which in the long run, will not protect against every terrorist eventuality, but to only virtually incarcerate the whole world. Anyone who sells spying software to countries which have a habit of executing dissenters is either desperate for cash or completely void of conscious. A sale is possibly within the law, but so is selling a pint of beer to a 16-year-old if bought by an adult with a meal. The only difference is, a pint normally does not result in potential war crimes and more… usually.

Thank you to Hacker News for providing us with this information

Image courtesy of ilquotidianoitaliano

Hacking team and Boeing Built a Surveillance Drone

The hack of Hacking team was hilarious but serious at the same time, to contemplate a freelance company hell-bent on hacking any target for a variety of employers seemed, well not surprising, but certainly a disappointing period for the ideological view of democracy. But at least the Italian surveillance team only hacked computers, I mean it’s not like they were developing any weaponry… oh my god they planned a Drone!

According to the released emails which became public thanks to Wikileaks, the firm have been planning for just over a year to develop a drone by the name of ‘Snoopy” which was capable of intercepting data from users smartphones through spoofed wireless networks. The emails also reveal that both Boeing and Hacking Team want unmanned aerial vehicles (UAVS) with the aim to carry out attacks which inject spyware into target computers or mobile phones via Wi-Fi.

The plans also reveal that public Wi-Fi networks would also be used to intercept targets internet traffic before injecting malicious code into said machine, with the aim of installing spyware which was developed by Hacking team. This news is also accompanied by techniques which makes use of “man in the middle attacks” and exploits to fish for information.

Well, I am not sure I particularly want surveillance drones which have the ability to spy on computers belonging to anyone. This news also highlights the line which blurs the view of good and evil, if governments were contemplating this concept, how does this make them any better than criminals? Yes, it’s technically for a noble cause by catching alleged targets, but who are the targets? This also goes back to the same question of transparently, governments quite happily inform us that money is tight for essential facilities for example hospitals, yet could well have been planning to purchase eyes in the sky which intercepts data at taxpayers expense.

Thank You The Hacker News and Wkileaks for providing us with this fascinating information

Hacking Team’s Rootkit Can Survive Hard Drive Scrubbing

Investigations by Trend Mirco have uncovered that the now-infamous spyware distributed by Italian surveillance outfit Hacking Team can survive the scrubbing or removal of a hard drive. Trend Mirco has revealed that the Remote Control System, Hacking Team’s backdoor malware, writes itself to the target computer’s BIOS.

The virulent malware was developed to hide itself within Insyde BIOS, popular amongst laptop vendors, via a Unified Extensible Firmware Interface (UEFI) BIOS rootkit, though AMI BIOS is also thought to vulnerable. This way, the program can survive a hard drive purge or swap, since it exists on the computer’s non-volatile BIOS ROM chip.

As Trend Micro explains it:

“Three modules are first copied from an external source [..] to a file volume (FV) in the modified UEFI BIOS. Ntfs.mod allows UEFI BIOS to read/write NTFS file. Rkloader.mod then hooks the UEFI event and calls the dropper function when the system boots. 

The filedropper.mod contains the actual agents, which have the file name scout.exe and soldier.exe. This means that when the BIOS rootkit is installed, the existence of the agents are checked each time the system is rebooted.”

If the agent is missing, the malware will reinstall the scout executable. Anyone with a password-protected BIOS, however, will be protected against such an attack.

Thank you ZDNet for providing us with this information.

Android News App Used to Distribute Hacking Team’s Spyware

The massive (and wonderful) data theft from Hacking Team has revealed that Italian spyware maker was using a fake Android app as a backdoor method of distribution for its Remote Control System. The app, BeNews, which stole the name of a now-defunct news website to feign legitimacy, was uncovered by Trend Micro’s Wish Wu yesterday.

“We believe that the Hacking Team provided the app to customers to be used as a lure to download RCSAndroid malware on a target’s Android device,” writes Wu.

Wu reveals further details on the malicious app and which Android devices it can affect:

“The backdoor, ANDROIDOS_HTBENEWS.A, can affect, but is not limited to, Android versions starting from 2.2 Froyo to 4.4.4 KitKat. It exploits CVE-2014-3153 local privilege escalation vulnerability in Android devices. This flaw was previously used by the root exploit tool TowelRoot to bypass device security, open it for malware download, and allow access to remote attackers.

Looking into the app’s routines, we believe the app can circumvent Google Play restrictions by using dynamic loading technology. Initially, it only asks for three permissions and can be deemed safe by Google’s security standards as there are no exploit codes to be found in the app. However, dynamic loading technology allows the app to download and execute a partial of code from the Internet. It will not load the code while Google is verifying the app but will later push the code once the victim starts using it.”

Wu found the source code for BeNews within the 400GB of stolen data from Hacking Team, a company that has been hammered for its flagrant disregard for civil liberties and human rights. Following the breach, Hacking Team has taken a defiant stance, revealing that it intends to develop a new version of its Remote Control System spyware in order to resume what it describes as its “criminal and intelligence investigations.”

Thank you CSO for providing us with this information.

Hacking Team Were Tracking Bitcoin Users

Leaked documents, published by WikiLeaks, have revealed that Italian spyware firm Hacking Team have the ability to track Bitcoin users, and have been selling the software with which to do it to third parties since January 2014. Hacking Team was recently subjected to a massive 400GB data theft, which included internal e-mails and private documents, which have now been made available, and searchable, in their entirety on the infamous whistleblowing website WikiLeaks.

Internal e-mails show that Hacking Team’s premier spyware bundle, the Remote Control System, was updated in January 2014 to allow it to track “cryptocurrencies, such as BitCoin, and all the related information.”

“The module is able to collect various information: list of contacts and local accounts, wallet (i.e., the money) and the history of transactions,” an e-mail from 12th January, 2014, reads. It continues: “Currently it is intended only for Desktops (Windows, OS X, Linux), while introduction in Mobiles is still under evaluation.”

The Remote Control System, when installed on the target’s computer, uses its keylogger to gain access to their Bitcoin wallet, allowing the surveillant to view transaction histories and balances.

“Here is some relevant context to position them in your pitch: Cryptocurrencies are a way to make untraceable transactions, and we all know that criminals love to easily launder, move, and invest black money,” the Hacking Team e-mail reads. “[Law enforcement agencies,] by using our Intelligence module combined with this new capability, can correlate the usage of cryptocurrencies, defeating the financial opacity they provide.”

Bitcoin’s popularity stems from its anonymity, security, and lack of centralised control. Not any more, it seems.

Thank you Epoch Times for providing us with this information.

Hacking Team Employee Threatens to Put a Hit on ACLU Technologist

Hacking Team’s staff sound like a charming bunch, thanks to the hoard of internal e-mails that have been leaked – offering unethical malware services to US law enforcement, turning their noses up at human rights, and displaying outright contempt for activists, the latter of which being the subject of its latest controversy: threatening to have a member of the American Civil Liberties Union assassinated.

The ACLU’s Principal Technologist Christopher Soghoian stumbled upon a mention of his name in one of the leaked e-mails, written in Italian and dated 16th April. After passing the text through Google Translate, he discovered that he was named regarding a threat against his life.

https://twitter.com/csoghoian/status/619274898863693826

The translated text reads:

I’m very tempted to respond, but we would only unleash hell. I think it’s self evident what a inbecile Soghoian is. If I could gather up enough Bitcoin I would use a service from the DarkNet and eliminate him. An asshole of this caliber doesn’t deserve to continue to consume oxygen.

Ironically, the same day the e-mail was sent, Hacking Team tweeted an article decrying Bitcoin, blaming it for helping obfuscate the identities of paedophiles:

To which Soghoian responded:

https://twitter.com/csoghoian/status/588735430897577984

It seems likely that this Twitter exchange motivated the e-mail assassination threat, regarding which Soghoian said, “This cheered me up. If they are making jokes like this, it means I am doing the right thing.”

Thank you The Intercept for providing us with this information.

How a Hacker Made $45,000 Selling 0Day Exploits to Hacking Team

We previously reported that Italian spyware company, Hacking Team, has been hacked and had 400 GB of data publicly released via torrent websites. Well, Arstechnica reportedly found how easy it was doing business with the latter company by digging through their emails.

It seems that a Russian hacker approached the Hacking Team in 2013 with a few 0day bugs he found on Windows, OS X and iOS operating systems, with price ranges of $30,000 to $45,000. The company apparently was not interested in the latter, but it did show interest in another exploit offered by the hacker, namely the “Adobe Flash Player 9.x/10.x/11.x with the RCE exploit for the current Flash Player 11.9.x for Windows 32/64-bit and OS X 64-bit”.

The correspondence even revealed how the money was transferred to the hacker. According to the findings, the hacker received the money via bank wire transfer in three instalments, one of $20,000 in October 2013, the other of $15,000 in November 2013 and the last one of $10,000 in December 2013. There has not been any evidence of the hacker and the company doing any business up until 2015, when the Russian hacker received another $35,000 in his bank account in Moscow.

Arstechnica also approached the hacker and surprisingly, he explained that such transactions are very common between companies such as Hacking Team and freelance hackers. He stated that such transactions are “routine sales like with ZDI, VCP, pentesters and other legal 0day buyers”. I don’t know about you, but this information is as exciting as it is scary. So what are your thoughts on this?

Thank you arstechnica for providing us with this information

US Army and Law Enforcement Found Purchasing Italian Spyware

Leaked documents have revealed that US law enforcement agencies, including the FBI and DEA, and the US Army have been using an Italian-made spyware package to remotely control people’s computers, while also using it to monitor and record calls, e-mails, keystrokes, and visual information obtained from any connected webcams. The illuminatory documents, 400GB-worth, were dumped online by an anonymous hacker.

The malicious programs utilised were created by an Italian company called Hacking Team – notorious for its invasive surveillance technologies and considered an “Enemy of the Internet” by Reporters Without Borders – which has been pushing its wares to law enforcement and intelligence agencies across the US through practical demonstrations to a number of District Attorneys.

The documents show that the FBI has been using Hacking Team’s spyware since 2011, through its shadowy Remote Operations Unit, but has only rarely been cited in criminal court cases, one of which involved phishing a victim into clicking on a fake Associated Press article link. The FBI has also been found to develop its own spyware packages.

The DEA, after declining Hacking Team’s offer of spyware in 2011 on the grounds that it was “too controversial”, did purchase the malicious software in 2012, which it used in conjunction with Colombian law enforcement, with plans to expand its use across Latin America.

Though the US Army also purchased spyware from Hacking Team in 2011, for use out of Fort Meade, an internal e-mail included in the leaked documents admitted that “they purchased a system right before they got their budget cut…They were never given permission to pull an internet line to their office to install the system. (ridiculous but true!)”

In response to the revelations, Hacking Team spokesperson Eric Rabe said, “we do not disclose the names or locations of our clients” and “we cannot comment on the validity of documents purportedly from our company.”

Though the use of such software to spy on suspects could be legal in the US with the approval of a Judge, the kind of spyware developed by Hacking Team is considered highly unethical, and is akin to the human rights-infringing methods employed by the NSA during its PRISM program.

Thank you The Intercept for providing us with this information.

Here’s How a Hack Took Down Other ‘Legitimate’ Hackers

Before we continue, you might be wondering how could there be ‘legitimate’ hackers. Well, companies such as the one that got hacked, by the name of Hacking Team, exist out there. They usually sell their hacks and services to governments or secret agencies, which make them a key ally and are allowed to continue their work. However, the latest hack proved that even they can be taken down.

Hacking Team is known for selling its services to agencies such as the FBI, DEA, Australian police, or even countries such as Bahrain, Ethiopia, and Sudan. However, the latter could not be proven since they could easily pin everything on their contractors and we all know how good governments and agencies are at denying allegations. Also, they had the ability to keep their code as well as other exploits they used in software products secure, so targeted individuals, companies or even other governments could not do anything about it.

But their operation came to and end, having their systems compromised by a hack that took over 400 GB of data, including their own source codes used for creating the spyware. This means that other developers can now use the data and patch or protect their systems in the future. Hacking Team is said to have been forced to close their company down until further notice, but it’s highly likely they will be operational again in the near future.

There is no official confirmation about who hacked the spyware company, but it is said that Wikileaks focused on latter companies in the past, so nobody can rule out their implications in this. However, sources say that the hack was performed by an independent freelance hacker, so this makes it even harder to pinpoint the attacker.

Thank you The Verge for providing us with this information