Slideshow

In Pictures: Hacking Team's hack curated

27 Photos Steve Ragan (CSO (US))

Hacking Team, a firm best known for helping governments spy on their citizens, has been hacked. Here's a curated look at the documents, contracts, and code discovered by researchers sorting the data online.

  • Hacking Team Exposed Specializing in surveillance technology, Hacking Team has gotten a lesson in how it feels to have outsiders monitoring their affairs, all while privacy advocates enjoy a bit of schadenfreude at their expense. The following slides are a curated collection of documents and various technical elements that researchers and journalists have uncovered as the 400GB cache of data taken from Hacking Team is sorted. Included here are contracts, code examples, emails, and other items that offer an inside look at a company that has turned espoinage into a business venture.

  • Twitter compromised The message shown here was sent shortly after the Hacking Team account on Twitter was compromised. The attacker behind the incident is believed to be the same person that compromised another lawful interception company, Gamma International.

  • Email Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files.

  • Ethiopia An email from a person linked to several domains allegedly tied to the Meles Zenawi Foundation (MZF), Ethiopia's Prime Minister until his death in 2012, was published as part of the cache of files taken from Hacking Team. This is his email to the company thanking them for their help in getting to a high value target. His email address was used to register several MZF domains, all of them using similar themes, suggesting a Phishing campain of sorts.

  • Contract with Ethiopia This is a copy of the contract with Ethiopia, valued at $1,000,000 Birr (ETB). The contract is for Hacking Team's Remote Control System, professional services, and communications equipment. It's also possible the funds listed are in Euro.

  • VPN servers Hacking Team assigned Anonymizers to customers to use. Here the accounts assigned to customers in Lebanon and Egypt are shown. The IPs are for VPN services in the U.S. and Germany.

  • VPS servers This researcher discovered a list of VPS credentails, all of them using root as the username with randomly generated passwords.

  • Customer lists The first of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't.

  • Customer lists The second of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't. Note that Sudan and Russia are not officially supported - but they're clients.

  • Incident Response Hacking Team's Christian Pozzi was personally exposed by the incident, as the security engineer's password store from Firefox was published as part of the massive data dump. He took to twitter and issued denials, and when those didn't work, he warned that the 400GB download contained viruses. Considering his company developed custom malware, it's a sure bet that the download does have viruses, as well as the source code to modify them. His Twitter account was compromised, and later deactivated.

  • Exposed certs An iOS Enterprise developer certificate used by Hacking Team

  • IOC data? Possible IOC data for some administrators running Linux.

  • Poor MySQL Ht2015! is not the most secure option available for a MySQL database.

  • Strong passwords for everyone! Another example of poor password policies.

  • Cats and kittens Administrator password is "kittens".

  • 0-Day burned Flash 0-Day exploit working on Chrome.

  • Fake news apps Fake applicaions discovered on the source code leaked as part of the 400GB cache.

  • Product lists An example of the type of products offered by Hacking Team and their associated cost in Euro.

  • Product lists An example of the type of products offered by Hacking Team and their associated cost in Euro.

  • Product lists An example of the type of products offered by Hacking Team and their associated cost in Euro.

  • Product lists An example of the type of products offered by Hacking Team and their associated cost in Euro.

  • Leaked code Source code for a module that targets Bitcoin

  • Leaked code Source code for a demo tool, the paths are pointed to fake child porngraphy videos. The source is for evidence collection, so it's likely not planting, but discovering.

  • Sales and financials Total Hacking Team revenue by country in Euro.

  • Sales and financials This is a list of their top ten customers based on order volume. Figures are in Euro.

  • Sudan A contract with Sudan for €480,000 Euro. Hacking Team had recently told the UN that they had never done business with the country.

  • Barclays A contract with Barclays Bank for €18,150 Euro.

Show Comments