Hacking Team Is Hacked

Someone hacked the cyberweapons arms manufacturer Hacking Team and posted 400 GB of internal company data.

Hacking Team is a pretty sleazy company, selling surveillance software to all sorts of authoritarian governments around the world. Reporters Without Borders calls it one of the enemies of the Internet. Citizen Lab has published many reports about their activities.

It's a huge trove of data, including a spreadsheet listing every government client, when they first bought the surveillance software, and how much money they have paid the company to date. Not surprising, the company has been lying about who its customers are. Chris Soghoian has been going through the data and tweeting about it. More Twitter comments on the data here. Here are articles from Wired and The Guardian.

Here's the torrent, if you want to look at the data yourself. (Here's another mirror.) The source code is up on Github.

I expect we'll be sifting through all the data for a while.

Slashdot thread. Hacker News thread.

EDITED TO ADD: The Hacking Team CEO, David Vincenzetti, doesn't like me:

In another [e-mail], the Hacking Team CEO on 15 May claimed renowned cryptographer Bruce Schneier was "exploiting the Big Brother is Watching You FUD (Fear, Uncertainty and Doubt) phenomenon in order to sell his books, write quite self-promoting essays, give interviews, do consulting etc. and earn his hefty money."

Meanwhile, Hacking Team has told all of its customers to shut down all uses of its software. They are in "full on emergency mode," which is perfectly understandable.

EDITED TO ADD: Hacking Team had no exploits for an un-jail-broken iPhone. Seems like the platform of choice if you want to stay secure.

EDITED TO ADD (7/14): WikiLeaks has published a huge trove of e-mails.

Hacking Team had a signed iOS certificate, which has been revoked.

Posted on July 6, 2015 at 12:53 PM • 92 Comments

Comments

AnuraJuly 6, 2015 1:05 PM

I'm kind of hoping that this will spark criminal charges against people within Hacking Team. I mean, what they are doing is far worse than what the vast majority of hackers do (especially selling to the Sudan, which is aiding genocide). They do supply Western governments which you would expect to offer them protection, but this is the kind of hack that can completely destroy their business and cause their long-time customers to turn their backs. Of course, I figure at most they will be fined and file for bankruptcy, resulting in no further damage than has already been done.

Joshua BowmanJuly 6, 2015 1:11 PM

Oh geez, there's actually one guy who kept a spreadsheet of his personal and corporate passwords, and most of them were some variation on "p4$$w0rd". :facepalm:

alviJuly 6, 2015 1:42 PM

This makes me unbelievably happy. A cursory glance over HT's clients list makes for grim reading. To whoever is responsible for this leak, THANK YOU!

Paul HenningJuly 6, 2015 2:06 PM

Whoever gets a copy of this, PLEASE make a collection for it and upload it to the Internet Archive. They'll take the data I imagine. All the old LulzSec releases have vanished from being seeded. Wikileaks hasn't hosted this data sadly, yet. It should live on not just for transparency purposes but for historical reasons for future generations.

In fact if any of you have the old FucktheFBIFriday releases, please drop them onto IA.

Whoever did this hack, THANK YOU. You rule.

BooJuly 6, 2015 3:13 PM

Never read so many garbage passwords in one spot before. I even saw a password for an online bookie that was based on 'password'. Well ... the odds of them surviving this are pretty much nil .... which is great considering their complete lack of care for who they sold their products to.

Joking aside ..... this will be a treasure trove for lots of folks. Interesting to see that their iOS stuff relied on devices being jailbroken.

All sorts of interesting things to consider: will their customers really stop using HT stuff? How was this hack pulled off? How much new malware will we see doing the rounds based on the publication of their source code?

I'd love to see a really concise analysis of all the HT stuff in terms of how to minimize the chances being hit by such malware (ambitious, I know for now, considering the sheer expanse of data to analyze) and detecting if you have been hit. Also looking forward to how different vendors will respond ... cue a slew of patches.

Now .... there was me wondering what to get for some vacation reading!

albertJuly 6, 2015 3:15 PM

Great news!

Exposing those who ruin the Internet by hacking. Kudos to those folks. We need more of this. Leak everything, starting with those who profit on misery.

Let it all hang out.

Funny how the Hacking Team accuses Bruce of exploiting FUD, when that's their entire business model:) I doubt seriously that they have any sort of advanced products; they probably have good sales folks. Really, how smart is the average security technology procurer?

.
...

ObservateurJuly 6, 2015 4:24 PM

Anyone knows an easy, direct, URL where I could just see the full customer list? I didn't come up with it yet, and it may take some time before I could sift through all that stuff.

Tnx!

frankJuly 6, 2015 4:44 PM

Seems they have had some nice things to say about you also, Bruce;)

OmriJuly 6, 2015 4:45 PM

So, they sell "tailored access" using 0-days to governments.

And they sell pentests and audits to banks.

Is it really wise to get your security audit from someone who possesses 0-day exploits and intends to hold on to them? Such an auditor would have ample opportunities to misrepresent his work and his results, and misrepresent the quality of your existing software and hardware environment, at the expense of his competitors.

tyrJuly 6, 2015 4:49 PM


I followed up one of the thread links and was regaled with
a squabble over the implications of homelessness before it
got to some of the meat.

Dumping the source is going to haunt the net for quite
awhile. Security types have been prophesying this for a
long time and noe it is loosed on IT in general.

The side show about the glorious freedom loving South
Koreans paints a dichotomous picture of them but both
sides are ignoring the context of an unresolved war
that still haunts the world. I remember when Pak was
shot in his own office by the head of the ROK military
because he was such a model of democratic leadership.

If I was Palantir I'd be minimizing the attack surface
since I imagine they have moved to the head of someone's
list.

BlueLIghtMemoryJuly 6, 2015 5:18 PM

My compliments and a big thanks to those who hacked the Hacking Team.

If you would, or if you could ask those who are able, to hack into the Department of Energy and release all the chemtrail documents to the public. It's about time the lying tongues of government, the intelligence agencies, the military and big corporations be put to silence.

dbmJuly 6, 2015 5:23 PM

only slightly off topic... but you got to check out this PhD thesis:

"Elliptic curve cryptography and security of
embedded devices", Vincent Verneuli, 2012

http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCEQFjAA&url=http%3A%2F%2Flfant.math.u-bordeaux1.fr%2Fseminar%2Fslides%2F2012-06-13-Vincent_Verneuil.pdf&ei=pP-aVYu-N8GmsQWY8oLYDQ&usg=AFQjCNEBeiIUbhYGjB6gZyA9hDFNTfQ7ew&bvm=bv.96952980,d.b2w

interesting attacks against ECC, modular arithmetic, and AES (Rijndael). He also provides advice to implementers to provide countermeasures.

Jonathan WilsonJuly 6, 2015 5:46 PM

I wonder how hard its going to be for the entities concerned to revoke the various private signing keys etc that appear to be in this dump...

kevinjlJuly 6, 2015 6:05 PM

@V
I think it is a disgrace that he makes that "hefty money" from selling books as opposed to selling spy software. Ok admittedly some of their customers have unpleasant reputations for torturing and killing dissidents but compared to writing books its obvious who is in the right.

I wonder who got the job of phoning up those customers and telling them that their contract info is out in the open and also the software sold to them had watermarks. I have dealt with some pissed off clients in the past but never ones who have their own death squads.

rgaffJuly 6, 2015 6:20 PM

@ kevinjl said, "I have dealt with some pissed off clients in the past but never ones who have their own death squads."

^^^ THIS! To former "Hacking Team" employees: stop polishing resumes, consider going into hiding instead, considering your own angry former client list!

Spaceman SpiffJuly 6, 2015 6:35 PM

I loved this quote from a Hacking Team staff member:

Christian Pozzi, one of the firm’s employees, tweeted to say that the documents contained “false lies” about the services the company offers.

Note the double negative "false lies". So, is he saying that the company is lying and that the documents contain the real truth?

Hans GautschiJuly 6, 2015 6:35 PM

The question is: What conculsion are we - as individuals - drawing from that incident? (Let me add: apart from the fact that the Zurich police always have been corrupt; check out Chillis on Google.) Sorry, only in French. http://tinyurl.com/ps3ecye

mbJuly 6, 2015 7:37 PM

Isn't that just genuine good news? It put a smile on my face and it's not going to go away for a while.

Nick PJuly 6, 2015 7:50 PM

@ Bruce

You mean an iPhone is a safe bet against the Italian, Hacking Team. NSA slides mocked iPhone and its users as among easiest to compromise. So it's not clear-cut. There's also phones such as Cryptophone and those using hypervisors to reduce attack surface.

Dirk PraetJuly 6, 2015 8:03 PM

I enabled the "submit and check certificates for non-public DNS names and signed by non-standard root CA's" in the SSL Observatory advanced options of the HTTPS Everywhere add-on when I read in one of the documents that this was causing serious problems for some of their exploits injecting bogus certificates.

I hope the usual suspects will make good use of the document trove to publish CVE's and updated AV, IDS and YARA signatures.

Too bad @PwnieAwards nominations were closed last week. @HackingTeam would undoubtedly have won first prize in the category "Epic Fail".

And props to @GammaGroupPR for pwning the cr*p out of these scumbags.

rgaffJuly 6, 2015 8:04 PM

@Spaceman Spiff

He claimed that the dump contained a virus... But he didn't mention that the virus it contained was actually the one that his company wrote and had been downloading onto all of our computers for years.... and that it is in source code format, so that we can make our systems resilient to it...

Pseudonymous CowardJuly 6, 2015 8:07 PM

Most of those junk passwords were for accounts that the user probably didn't place a high value on. There were noticeable exceptions, but I use variations on Passw0rd for accounts I don't care about; if somebody starts impersonating me in letters to the New York Times, it's not a big deal, unlike accounts that involve money or privacy. And using obvious weak passwords reduces the likelihood that I'll use a variation on my better passwords when I'm setting up an account like that (so the NYT may get NYT-passw0rd, but won't get NYT-r34l-S3kr17-Passwoid when my bank has BofA-r34l-S3kr17-Passwoid.)

meJuly 6, 2015 8:23 PM

So people are starting to pull out working zero days from the archive. I've seen talk of a working flash 0day that supports Windows and OSX. If you still have flash on your systems, this should give you some incentive to uninstall it. On browsers that have it bundled (eg. chrome), at least activate click-to-play.

Stay safe.

meJuly 6, 2015 8:28 PM

Re: iPhone security - Appelbaum has said repeatedly NSA/GCHQ are doing hotmic on iPhones and that they both rely on the same bug. I believe him. Hopefully the story will get done and the docs released.

d33tJuly 6, 2015 8:47 PM

"Hacking Team" ... souls who hop miniature, hobby trains (fished out of MIT dumpsters .. cool tunnels I bet)? This story kind of reminds me of "teamloosh" or other criminal type goofballs doing stupid stuff that adds to the sentencing of decent people when caught in modern day (21st century) civil disobedience actions.

Hack, Hacker, Hacking ... needs to be re-re-re-purposed.

Also, setting weak passwords for stuff you know will get (has been) owned can be a good strategy.

gordoJuly 6, 2015 9:45 PM

Someone Just Leaked The Price List for Cyberwar
Patrick Tucker | Defense One | July 6, 2015

[T]he hack brought to light the company’s price list, a blue book for surveillance and malware products. It’s a first-of-its-kind window into the going rate of cyberwar and espionage capabilities. Of the many offenses the company seems to have committed, price gouging seems to be one.

http://www.defenseone.com/technology/2015/07/someone-just-leaked-price-list-cyberwar/117043/

HayuJuly 6, 2015 9:59 PM

Has anyone started downloading the torrent? A 24mb .torrent file is pretty huge and when I try to load it into Deluge it's marked as invalid.

I get 26183ae8f24e798a15d77dd3476f5ed9 as the md5sum for the .torrent file.

hahaJuly 6, 2015 10:28 PM

Couldn't have happened to a nicer bunch of folks. /s

They should get in touch with Sony and ask for some advice on how to secure their networks!

Nick PJuly 6, 2015 11:35 PM

@ Hayu

Working fine for others. Try it with a client other than Deluge. Preferably, a major Bittorrent client with lots of usage, community, and so on. The only problem I had with it is that they leaked so much stuff that mine could barely scroll and just loading it kicked the fan into high gear. I just closed it for the sake of the old computer haha...

packratJuly 7, 2015 12:29 AM

Honest question here, having not followed this story much. This supposed "source code" of Hacker Team's that everyone's worried about, is there any indication that it's more than just a rebranded Metasploit framework? From what little I've read, they don't sound competent enough to come up with anything original.

Diddily DarnJuly 7, 2015 12:44 AM

So... sorry for the dumb question but what does this mean for the average computer/internet user not living in one of the 3rd world countries?

Reinstall Mint, wipe Android, burn Windows Phone?

SteJuly 7, 2015 1:17 AM

In a sane world, these dumb fucks would go to jail for their misdeeds. Human scum, willing and boasting instruments of repression. In reality, they will receive protection from the western political sphere, walk off scot free and receive carte blanche to continue. Law enforcement, also in the west, has become too addicted to the tools and ideology of repression. Yet one must never give up hope. I hear about lawsuits being prepared.

Meanwhile let's analyze that torrent and give 'em hell.

P4sswordJuly 7, 2015 1:59 AM

Good job, the scums will experience themself the benefits of exposure.

rgaffJuly 7, 2015 2:33 AM

"What goes around comes around" as the old saying goes... in this case, trying to promote and profit from generally weak computer security throughout the industry means eventually you will be the victim right behind all of your own victims... It's like a law of nature.

Seriously though, all "Hacking Team" former employees really should stop polishing their resumes and think about going into hiding, given their angry former clients are the worst repressive regimes with death squads and things for their dissidents... This is a life and death matter, not a joke. It's not just weak security that's gone around, it's literally death that's gone around... look out for THAT coming back too! I'm not trying to threaten (I am not personally a dictator of a repressive regime), just trying to warn, and save lives.

Fiddle FaddleJuly 7, 2015 2:46 AM

"EDITED TO ADD: Hacking Team had no exploits for an un-jail-broken iPhone. Seems like the platform of choice if you want to stay secure."

I LOL'ed.

ThomasJuly 7, 2015 3:39 AM


> EDITED TO ADD: Hacking Team had no exploits for an un-jail-broken iPhone. Seems like the platform of choice if you want to stay secure.

I'm using a dumb-phone. Switching back from a "smart"-phone was less traumatic than I thought it would be, and I love the battery life.

I know it's still insecure, but at least there's much less temptation/opportunity to put anything interesting on it.

LucaJuly 7, 2015 3:56 AM

@Hans: hacking team are *the* idiots and not all the Italians as you wrote.

Very ConcernedJuly 7, 2015 4:58 AM

@Diddily Darn

There's evidence that governments in non third-world countries will *PLANT EVIDENCE* to use as probable cause to have you arrested, convicted and imprisoned.

We've seen that the FBI were a client and the US isn't a third-world country.

Unacceptable by any definition and very saddening.

Vesselin BontchevJuly 7, 2015 6:09 AM

Pozzi's list of preferred porn links is rather hilarious.

BTW, the GitHub link is dead.

"They are telling their clients to shut down their software" - well, of course, since it has become obvious that their software doesn't sanitize the input passed to SQL. Where is little Bobby Tables when you need him?

CuriousJuly 7, 2015 7:57 AM

@dbm and all re. "Elliptic curve cryptography and security of
embedded devices"

Instead of that google link by dbm, I found this pdf at what appear to be the guy's home page.

http://vverneuil.net/research.php (look under Ph.D thesis, 2012)

NPJuly 7, 2015 8:08 AM

"go to jail for their misdeeds" Turns out Hacking Team violated the sanctions regime established by UNSC Resolutions 1556, 1591, 1945, 2091 and 2138. Sale of RCS also violates Council Decision 2014/450/CFSP of 10 July 2014.

http://www.cilditalia.org/blog/hacking-team-cild-chiede-chiarimenti-al-governo/

Italy has an independent judiciary. We shall see.

https://www.privacyinternational.org/sites/default/files/Briefing%20for%20the%20Italian%20Government%20on%20Hacking%20Team%27s%20surveillance%20exports.pdf

treblaJuly 7, 2015 8:25 AM

Yes, the source has been removed from github. To recreate the files, checkout the git/ directory. It contains a number of bare git repositories. It means there are no files there, only the server side stuff with objects etc. So run git clone to get the files, with history and everything.

JaysonJuly 7, 2015 8:26 AM

I think people are misinterpreting the iOS statement. It was a bullet point in the document that stated that the iPhone must be jailbroken. Probably meaning that they would have to jailbreak it first before performing other activities.

As much as people disparage the Hacking Team, they can surely jailbreak an iPhone easily.

ModeratorJuly 7, 2015 10:13 AM

@Luca - Thank you for this observation. I have unpublished three of Mr. Gautschi's comments disparaging Italians as a class. Thoughtful (and occasionally silly) commentary is welcome here; bigotry is not.

fantabriosoJuly 7, 2015 10:18 AM

What really caught my eye:

"The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about. To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it."

I wonder what the DEA and FBI (long term clients of HT) think about that. Pay a few hundred grand for the privilege of running a point-and-click reworked version of Metasploit that comes with a sleazy Italian guy on the other end watching you organize your secret operations.

Michael And Ingrid HerouxJuly 7, 2015 12:07 PM

EDITED TO ADD: The Hacking Team CEO, David Vincenzetti, doesn't like me:

In another [e-mail], the Hacking Team CEO on 15 May claimed renowned cryptographer Bruce Schneier was "exploiting the Big Brother is Watching You FUD (Fear, Uncertainty and Doubt) phenomenon in order to sell his books, write quite self-promoting essays, give interviews, do consulting etc. and earn his hefty money."

Meanwhile, Hacking Team has told all of its customers to shut down all uses of its software. They are in "full on emergency mode," which is perfectly understandable.

David Vincenzetti sounds like a real clown. He's the biggest internet scum there is. He's a terrorist.

JoshJuly 7, 2015 1:31 PM

The Hacking Team CEO, David Vincenzetti, doesn't like me.

Sounds like a compliment to me.

When a true genius appears, you can know him by this sign: that all the dunces are in a confederacy against him. - J. Swift

sbJuly 7, 2015 3:14 PM

Dear Bruce,

I have gone through the hacked data in sufficient detail to say
that the Hacking Team is an officially registered company (SRL/LLC)
acting under the sun to deliver a proactive forensic tool to
governments. There is hardly anything controversial here, as many
other companies on the marked are up to exactly the same business.
The sin of the Hacking Team, if that is what it is, is to be both
talented and successful.

Anybody who served as a judiciary police officer knows that *some*
of the basic rights of an individual are *temporarily* lifted,
by court order, in the case of an investigation. This happens every
day, in all democratic societies, and it did so for a long time,
before the Internet was even born.

Concerning small comments on, for example, the content of a
password file, anybody is guilty of having keept around a
quick, unimportant, temporary file for testing purposes.

I am sorry HT went down: in their attempt to do good in a difficult
world, they forgot to shield their assets to perfection. This is
merely the n-th evidence of how hard it is to stay on top of things.
And now that Pandora's box is open, it will be a little harder.

Do not hate me for this; after all, I am entitled to my opinion.
When it comes to the defence of individuals against organized crime,
I choose to serve on the side of the good guys.

Yours sincerely,

OmriJuly 7, 2015 4:00 PM

Dear sb:

HT's choice to cater to a long list of nation states, whose ways of using such tools are, um, diverse, is what's provoking this discussion.

@comJuly 7, 2015 4:18 PM

Regarding the necessity to jailbreak an iOS device to install Hacker Team agents, these two documents imply this is necessary because the agent must be installed either via a 3rd party Cydia repository of over SSH. Even jailbroken, without physical access to the device or knowledge of the root SSH credentials, no other option has been found to be documented. In other words, the iOS needs to be jailbroken because their backdoor wouldn't be permitted on Apple's App Store. ;)

Here's links to the documents:

https://ht.transparencytoolkit.org/KnowledgeBase/How%20to%20infect%20Apple%20mobile%20devices%20-%20%5dHT%5b%20%3a%3a%20KnowledgeBase%20Product.html
https://ht.transparencytoolkit.org/KnowledgeBase/How%20to%20perform%20an%20iOS%20infection%20over%20the%20air%20-%20%5dHT%5b%20%3a%3a%20KnowledgeBase%20Product.html

cordwhinerJuly 7, 2015 4:20 PM

@sb - Thank you for bringing valuable truth to the conversation. HT has struggled tremendously over the years in their efforts to do good in the face of an increasingly apathetic world. I'm pleased to learn I'm not the only one who sees that.

The infrastructure that our world depends on for the safe and sane operations of daily life has been spared time and again because HT was able to overcome all obstacles and get their software in the hands of responsible government authorities. Despite media reports and blog wonks to the contrary, these government officials work solely for the benefit of their citizens and HT has helped those government authorities protect their citizens against a multitude of threats. Just look at Sudan for a quick example...I don't understand why others fail to see that.

sb, you are welcome to listen to my Talking Heads' records anytime you want to come by my home. Thanks for being -you-!

rgaffJuly 7, 2015 4:57 PM

@sb

Stop polishing your resume, go into hiding instead... you have some pretty nasty angry former clients looking for you, who are used to just killing off people they don't like...

@milkshaken

I thought they were already renamed to "Hacked Team"

AnuraJuly 7, 2015 5:29 PM

@sb

What a load of crap. Their attempt to do good? No, it's their attempt to make money without regard for the consequences. They are selling to Sudan who is currently engaged in genocide, FFS. What do you think that is for? To help keep the people safe from terrorists? No, it's much more likely that their goal is to find dissenters so they can execute them.

Omar el-BashirJuly 7, 2015 6:12 PM

Hello,

I would like to commend Mr. Sb on his forthright and courageous defense of Hacking Team. The fact is, Hacking Team is consistently on the side of the little guy against oppressive bureaucracies. Unlike many here, who criticize Hacking Team based on pie-in-the-sky abstract principles, I can personally attest to Hacking Team's courteous and indispensable support.

Various oppressive bureaucracies had it in for me from the minute I ousted my democratically-elected predecessor and massacred his unrepentant cadres. I had a lot on my dish, as chief of state, prime minister, chief of the armed forces, and minister of defense - but was there any foreign aid for me? No. Then Osama bin Laden came to visit and surfed on my couch for an unseemly period, and all of a sudden it was like I had offensive body odor or something. Intelligence agencies stopped taking my calls - and without modern NSA-type surveillance, how are you going to ban political parties, much less independent journalism and associations? I submit that you cannot. I have James Risens and Barret Browns of my own. If I cannot spy on them and put them away like you do, well obviously then I have to kill them. This for me is very sad. With state-of-the art surveillance, you in the developed world can pinpoint your Scott Olsens and discreetly shoot them in the head. With no surveillance, I have to run around chasing each and every new Dr. Amin Mekki Medani that pops up and lock him up amid irritating commotion and hubbub and comments from the peanut gallery about crimes against humanity and whatnot.

Fortunately Hacking Team was there for me. Their prices were very affordable with the $9 Billion I saved and salted away at Lloyd's. Hacking Team's systems were critical to cost-effective murder, extermination, forcible transfer, torture, rape, pillaging and genocide. Their custom solution was fully Sharia-compliant! I recommend it without reservation if you need to wipe Fur, Masalit, and Zaghawa populations off the face of the earth.

Hans GautschiJuly 7, 2015 6:14 PM

@Anura: Totally agree with you. Unfortunately, there are still people who thinks it is good fun... (@Luca).

rgaffJuly 7, 2015 6:59 PM

Seriously, all you stupid Hacking Team former-employees that have invaded here.... get out of town, before those death squads you've made mad find you.... (like Sudan! really? back doors and watermarks! really? not bothering to sanitize sql input! really??)

And those of you who think this is a big joke... get a life.

Clive RobinsonJuly 7, 2015 7:50 PM

@ Bruce,

The Hacking Team CEO, David Vincenzetti, doesn't like me

Well I guess from his point of view you are starving the geese he has sold at eye watering amounts so they nolonger lay the golden eggs his customers were promised, and thus the customers feel they have been cheated.

Perhaps David Vincenzetti, should either make his products more robust, or preferably go into another line of business where his customers don't have thugs, torturers and murderers as part of their entourage ready to have intimate, but very to the point, little chats with him in dark passages about cash refunds.

With regards the harm you have supposadly done in Mr Vincenzetti's eyes, which is to make available basic situational awarenes of technology and the accompanying OpSec information. Well on the face of it you have, but like many things it's double edged and agnostic to it's use, socould be used for good or bad. However on even a little examination, it quickly becomes clear that for those wishing to use it for bad, they are already well versed in it, thus they are uneffected by what you say. However those who are the targets of the evil of oppression and tyranny, are for obvious reasons generaly not at all cognizant of OpSec and how it could prolong if not save their lives and the lives of their loved ones, so your informative activities are of benifit to them, which is good.

So as far as I'm concerned "You should keep up the good work".

As for Mr Vincenzetti, all we can hope for is that he will be having a lot of, to the point, in a dark passage, intimate chats, with some of his bilked customers less friendly employees real soon.

David LJuly 7, 2015 8:38 PM

Has anyone come across what the hack on android was. What vulnerability were HT using on android? (i know there are many for older os). So far,I have not read anything on that front.

NormanJuly 8, 2015 4:04 AM

I am afraid you have been suckered. The torrent does not use valid been coding, the magnet link has no peers, and the Transparencytoolkit link disconnects a downloader when attempting to obtain the tarballs. If a mass downloader is used, only html files are downloaded. While there is a lot of hype, there is not a terrible lot that is currently unknown

It is true that the files exist, but if they are not accessible, then they really do not exist.

Living by the swordJuly 8, 2015 6:30 AM

Guys, really... don't bother with the sock puppets. You've pissed off a bunch of countries like Saudi Arabia and Russia with your backdoors and your ludicrous opsec. Now they know they've been fleeced and you've been spying on their secret operations. A word of advice -- go into hiding, because they will try to come and get you.

samsJuly 8, 2015 6:48 AM

Hacking Team had no exploits for an un-jail-broken iPhone.
---

and even Taig can jailbreak your ios? just connect your ios device to a computer and voila, your ios device is jailbroked asap. no needs for install software, taig tool is a simple software working without installing.

how secure can os be then?

GaryJuly 8, 2015 8:46 AM

@Bruce, you skipped over the fact that they have no tools for BlackBerry OS 10. The last BB tool was for BBOS 7. It does look like they have a tool for BBM but I suspect it's currently limited to the Android platform.

...And for iOS, according to MacRumors, they can automatically jailbreak the phone through an infected computer that the phone is attached to.

This doesn't excuse Hacking Team's behavior. Keep these thought provoking articles coming. As more and more of our personal information is available in networked devices it's nice to have a watchdog around.

CuriousJuly 8, 2015 11:04 AM

Does anyone have a full torrent? Mega has been deleted and transparency is missing 1/2 the stuff.

ParthJuly 8, 2015 11:56 AM

Is it me or is it odd that even the $recyclebin$ folder is found in the torrent. Was the drive imaged? It is odd to believe that 400 GB of data was exfiltrated and no one noticed. Could it be the keygens on their server (for vmware) or the fact that they used cracked office 2010?

I really want to know at how many places they goofed up. Their arrogance is destroyed.

I'm sure root cause will never be released but if so released it comes out to be "unpatched server" :D

Al YancovicJuly 8, 2015 12:54 PM

@Andreas Greiner

according to the article their app was a "regular app which abuses app permissions"...

...but if you can get the data you need by simply abusing app permissions, you do not need a zero day bug...

NormanJuly 8, 2015 10:54 PM

@Kristine Failed with Transmission-qt (both 32 and 64 bit), failed with Taxati, failed with Utorrent. Dropped the magnet link into Utorrent, numerous peers, not one with more than zero percent of the files. If I wanted to spend a considerable amount of time downloading from github, I would miss everything that I am looking for. Already attempted gitclone via subversion.

DavidJuly 9, 2015 12:46 AM

@ Parth

I wonder if they'll attribute the hack to a state actor. NORTH Korea anyone?

WaelJuly 9, 2015 1:03 AM

@David,

Whomever did it is a competitor, a disgruntled employee, or a customer who got bitten by their technology; someone who wants to dethrone them. Then again, maybe someone reverse engineered thier stuff and found out it's a pile of crap. It could also be a high end prospect customer who wanted to check them out before paying them, and they failed the test. I guess that covers it :)

ParthJuly 9, 2015 9:07 AM

@David..

Lol.. I did some checking and saw that when sony was hacked.. same recyclebin folder was present.. Digging more I found out that sony hack included a disk backup tool to clone entire HDD.. I am trying to verify this..

Greg HenryJuly 9, 2015 9:50 AM

Also spotted in the leaked e-mails:

"Bruce Schneier, a former extremely authoritative computer security expert now turned left-wing political activist"

shaunJuly 9, 2015 2:32 PM

the magnet torrent URL is:

magnet:?xt=urn:btih:51603bff88e0a1b3bad3962614978929c9d26955&dn=Hacked%20Team&tr=udp%3A%2F%2Fcoppersurfer.tk%3A6969%2Fannounce&tr=udp%3A%2F%2F9.rarbg.me%3A2710%2Fannounce&tr=http%3A%2F%2Fmgtracker.org%3A2710%2Fannounce&tr=http%3A%2F%2Fbt.careland.com.cn%3A6969%2Fannounce&tr=udp%3A%2F%2Fopen.demonii.com%3A1337&tr=udp%3A%2F%2Fexodus.desync.com%3A6969&tr=udp%3A%2F%2Ftracker.leechers-paradise.org%3A6969&tr=udp%3A%2F%2Ftracker.pomf.se&tr=udp%3A%2F%2Ftracker.blackunicorn.xyz%3A6969

hecsecJuly 12, 2015 2:06 AM

Google sold #HackingTeam access to its maping system WikiLeaks.org/hackingteam

Required nameJuly 13, 2015 2:41 AM

"Oh geez, there's actually one guy who kept a spreadsheet of his personal and corporate passwords, and most of them were some variation on "p4$$w0rd". :facepalm:"
How did these guys get hacked? It's a mystery.

WaelJuly 13, 2015 4:04 AM

@Required name,

It's a mystery.

Not when you know the file was saved in the "cloud" ;)

michiganderJuly 14, 2015 8:41 AM

has anybody asked sudan to take down their flag?
when will get the data from the thunder blanket for dogs people ... they are terrorists ... how can anybody know that a dog needs to be compressed? where in natural life would a dog get squeezed?

we are all goofy, cant blame these guys for making money ...
like the bankers said ... its the (dumb) customer's fault ...
who went to jail for the financial regulation and responsibility skirting that happened from 1998 - 2008 (and continues still just differently now).

tim perryJuly 16, 2015 9:14 PM

any espionage done? ...remote device hack/interception ,Background Check, grade change, whatever it is we handle everything and anything . email andre_colt@outlook.com for serious inquires .

Omar CobainSeptember 9, 2015 3:21 PM

U Need Any Help ?

*University grades changing

*Bank accounts hack

*Twitters hack

*email accounts hack

*Grade Changes hack * load bank account any amounts

*Website crashed hack

*server crashed hack

*Retrieval of lost file/documents

*Erase criminal records hack

*Databases hack

*Sales of Dumps cards of all kinds text (302) 365-0294

BoppingAroundSeptember 19, 2015 9:08 AM

Moderator,
Uninvited advertisers are spewing their bile again. Wipe the bastard away, please. Thanks.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.