400GB of info leaked from Hacking Team

The “Hacking Team” security company has been hacked and more than 400 GB of confidential info has been leaked by a group of unidentified attackers.

Normally, this would be just another report talking about one intrusion among all the others that we see every day in companies around the world. Hacking Team’s status as a security firm, though, makes the leak something very different.

Selling surveillance tools

Hacking Team is known for being a developer of surveillance tools, selling them to countries and organizations all around the world. It’s particularly controversial, then, to see its client list (among other info) being shared freely online, already appearing on a number of internet websites.

There is no doubt that the list of Hacking Team’s clients is controversial, but first it has to be proven that this data is legitimate, something that we can’t say for sure right now.

Chronology of this attack

The attack apparently started last night, and it’s possible that weak passwords might be responsible for the leak. Passwords are also contained in the leaked documents, including the login for the company’s official Twitter account which was used by the attackers to publish confidential information. The attackers posted private emails from company employees to Twitter, as well as a link from where anybody can download the 400GB file.

Hacking_Team_1

Apparently, members of Hacking Team noticed the attack this morning when they woke up, including security engineer Christian Pozzi who declared, “We are awake. The people responsible for this will be arrested. We are working with the police at the moment”

Regarding information leaked by the attackers, and quoting statements published by CSO Online, Pozzi said, “Don’t believe everything you see. Most of what the attackers are claiming is simply not true…The attackers are spreading a lot of lies about our company that is simply not true. The torrent contains a virus…”

Hacking_Team_2

It’s not clear if Pozzi refers to this malware as something that the attackers added on purpose, or is referring to the surveillance tools themselves, that could be identified as malware. However, due to the high coverage of this news, we recommend being extra careful, and not trusting suspicious links promising access to the leaked info.

Back to Pozzi statements, he said that Hacking Team already warned its customers regarding this attack and that his company has done nothing illegal. “… We simply provide custom software solutions tailored to our customers needs…”

Conclusion

This leak proves that no company is free from suffering this kind of attack, not even if it’s working at the highest level in the IT security field. Just a mistake like using not-so-safe passwords can cause a catastrophe that undermines the trust of customers to such a low level that it may not be that easy to recover.

Image Credits: ©Alexandre Dulaunoy/Flickr

Author , ESET

  • Coyote

    “This leak proves that no company is free from suffering this kind of
    attack, not even if it’s working at the highest level in the IT security
    field. Just a mistake like using not-so-safe passwords can cause a
    catastrophe that undermines the trust of customers to such a low level
    that it may not be that easy to recover.”

    The two sentences are a contradiction. Surely you must realise that. Unsafe passwords is one thing. But the passwords given for (one employee of the) company are much worse than ‘unsafe’: included ‘Passw0rd’ and ‘P4ssword’. In addition, for the above, login ‘c.pozzi’, there is a password ‘CHP0zz1!’. Highest level in the IT security field? He doesn’t even fit in security at all! These are schoolchildren mistakes and this is especially true when you consider they are supposed to understand security (whether the pathetic passwords are the reasons or not is frankly irrelevant to the point). That he claims there is malware is hypocrisy (and a pathetic method of trying to convince others to not download the information). It is my understanding that the same twitter account was actually deleted (after claiming it was compromised). If he was was genuine about that claim, he would not have deleted it. But he did. More on all that can be found at https://grahamcluley.com/2015/07/hacking-team-strong-passwords/

    As someone (that I responded to) on that above link says – good riddance. Hopefully more like him follow. Hopefully the company goes under, even.

Follow us

Copyright © 2018 ESET, All Rights Reserved.