Cyber Security 2015: Hacking Team hacked (Related Articles of the Week)

Posted: July 8, 2015 in IT Security News
Tags: , , ,


Hacking Team hackedHacking of a spy cyber security firm “The Hacking Team”: Most Interesting articles

Here we provide 10 the most interesting and informative articles related to major hacking of a spy cyber security firm “The Hacking Team”.

The Italian company, Hacking Team is among a handful of companies that offer surveillance tools to law enforcement around the world. The Italian company is well-known for its controversial operations, helping governments and various intelligence agencies spy on citizens.

Hacking Team says its tools enable investigators to obtain information even if targets encrypt their communications to protect them.

5th July 2015, this Italian cyber security firm has itself become the victim of a hacking attack.

Hacking Team Remote malware used by 21 Governments

Hacking Team RCS spyware

1. Hacking Team hacked: firm sold spying tools to repressive regimes, documents claim

theguardian logoAccording to the documents, 400GB of which have been published, Hacking Team has also been working with numerous repressive governments – something it has previously explicitly denied doing.

The company has repeatedly denied selling its technology to repressive regimes.

But, if genuine, the leaked documents suggest that among Hacking Team’s clients are the governments and security services of Azerbaijan, Kazakhstan, Uzbekistan, Russia, Bahrain, Saudi Arabia and the UAE.

Most notably, the documents include an invoice for €480,000, which purports to be from the Sudanese national intelligence service, dated June 2012.

Read more at: http://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked…

2. Hacking Team Asks Customers to Stop Using Its Software After Hack

motherboard logoOn Sunday night, an unnamed hacker, who claimed to be the same person who breached Hacking Team’s competitor FinFisher last year, hijacked its Twitter account and posted links to 400GB of internal data. With access to this data it is possible to link a certain backdoor to a specific customer.

Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources.

Read more at: http://motherboard.vice.com/read/hacking-team…

3. Days after Hacking Team breach, nobody fired, no customers lost

arstechnica logoIn recent years, Hacking Team sold its spyware—ostensibly to combat criminal activity—to various governments globally. The company has even presented to Swiss and Canadian authorities.

One of the areas where Hacking Team has been roundly criticized is for selling to Sudan, a country with a notoriously poor human rights record. The African nation is also subject to a United Nations arms embargo, asset freeze, and travel ban.

Read more at: http://arstechnica.com/security/2015/07/days-after-hacking…

4. Hacking Team leak releases potent Flash 0day into the wild

arstechnica logoHacking Team documentation accompanying the Flash exploit said it targeted “the most beautiful Flash bug for the last four years,” according to a blog post published Wednesday by researchers from antivirus provider Trend Micro.

The use-after-free flaw resides in a Flash Bytearray object. Researchers at competing AV company Symantec have confirmed the existence of a Flash exploit that works against the latest version of Flash (18.0..194).

The exploits can be used to surreptitiously install Hacking Team surveillance software, or other types of malware, on vulnerable computers with little or no indication anything is amiss.

Read more at: http://arstechnica.com/security/2015/07/hacking-team-leak…

Adobe released a security bulletin about this vulnerability which is assigned CVE-2015-5119.

Adobe security bulletin

5. Zero-Day Exploits Leaked in Hacking Team Breach

securityweek logoA hacker using the online moniker “Phineas Fisher” has taken credit for the attack on Hacking Team.

A readme document found alongside proof-of-concept (PoC) code for the Flash Player zero-day describes the vulnerability as “the most beautiful Flash bug for the last four years since CVE-2010-2161.”

According to the document, the flaw affects Flash Player 9 and later on Internet Explorer, Chrome, Firefox and Safari. Trend Micro has analyzed the vulnerability and determined that it’s caused by a use-after-free (UAF) issue in the ByteArray class.

Read more at: http://www.securityweek.com/zero-day-exploits-leaked…

6. Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak

trendmicro logoThe information dump includes at least three exploits – two for Flash Player and one for the Windows kernel. One of the Flash Player vulnerabilities, CVE-2015-0349, has already been patched.

One of the Flash exploits is described by Hacking Team as “the most beautiful Flash bug for the last four years.” This Flash exploit has not yet been given the CVE number.

Read more at: http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player…

7. Leaked Flash zero-day likely to be exploited by attackers

Symantec logoSymantec has confirmed the existence of a new zero-day vulnerability in Adobe Flash Player which could allow attackers to remotely execute code on a targeted computer.

Symantec regards this vulnerability as critical since it could allow attackers to remotely run code on an affected computer, effectively allowing them to take control of it.

Read more at: http://www.symantec.com/connect/blogs/leaked-flash-zero-day…

8. Hacking Team spyware company hacked, embarrassing emails revealed

theverge logoHacking Team has more than 40 employees and sells commercial hacking software to law enforcement in several dozen countries, including Morocco, Ethiopia, and the United Arab Emirates. A recent report from Motherboard revealed that the Hacking Team also supplies spyware tools to the Drug Enforcement Agency to implant software in a suspect’s phone and record texts, emails, passwords, and monitor conversations.

Read more at: http://www.theverge.com/2015/7/6/8899861/hacking-team-hacked…

9. Hacking Team spyware company allegedly breached, 400GB of data dumped online

pcworld logoHacking Team develops surveillance tools that it has maintained are legally sold to governments for law-abiding investigations. But critics contend the company’s software has been used to spy on dissidents, human rights activists and journalists.

On Sunday, it appeared that Hacking Team’s Twitter feed was taken over. The banner on the page had been changed to “Hacked Team.” Several posts contained screenshots that are purportedly of the stolen data, which included emails sent by Hacking Team’s founder and CEO, Vincent Vincenzetti.

Read more at: http://www.pcworld.com/article/2944372/italian-surveillance-software…

10. The FBI Spent $775K on Hacking Team’s Spy Tools Since 2011

wired logoHacking Team has generated a total of 697,710 Euros ($773,226.64) from the FBI since 2011, according to the hacked spreadsheets. In 2015, the FBI spent 59,855 Euros on “maintenance,” and in 2014 the agency spent the same amount on “license/upgrades.” No expenditure was recorded for the whole of 2013.

In 2012, however, the FBI allegedly spent 310,000 Euros for Hacking Team’s services, all on licenses or upgrades, and the year before it spent 268,000 Euros.

Read more at: http://www.wired.com/2015/07/fbi-spent-775k…


Comments
  1. Adam K. says:

    According to security researchers, an exploit for a zero-day vulnerability in Flash Player, created Hacking Team experts, appeared in the tool kits Neutrino and Angler.

  2. Kritika says:

    As per researches, Cyber attacks cost businesses around $400 billion every year.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s