Hacking Team

HackingTeam is a Milan-based information technology company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations.[1] Its "Remote Control Systems" enable governments and corporations to monitor the communications of internet users, decipher their encrypted files and emails, record Skype and other Voice over IP communications, and remotely activate microphones and camera on target computers.[2] The company has been criticized for providing these capabilities to governments with poor human rights records,[3] though HackingTeam states that they have the ability to disable their software if it is used unethically.[4][5] The Italian government has restricted their licence to do business with countries outside Europe.[6]

HackingTeam
IndustryInformation technology
Founded2003
FoundersDavid Vincenzetti, Valeriano Bedeschi
Headquarters,
Italy
Products
  • Software
WebsiteHackingTeam.it

HackingTeam employs around 40 people in its Italian office, and has subsidiary branches in Annapolis, Washington, D.C., and Singapore.[7] Its products are in use in dozens of countries across six continents.[8]

History

HackingTeam was founded in 2003 by two Italian entrepreneurs: David Vincenzetti and Valeriano Bedeschi. In 2007 the company was invested by two Italian VC: Fondo Next and Innogest.[9] The Milan police department learned of the company. Hoping to use its tool to spy on Italian citizens and listen to their Skype calls, the police contacted Vincenzetti and asked him to help. HackingTeam became "the first sellers of commercial hacking software to the police”.

According to former employee Alberto Pelliccione, the company began as security services provider, offering penetration testing, auditing and other defensive capabilities to clients.[10] Pelliccione states that as malware and other offensive capabilities were developed and accounted for a larger percentage of revenues, the organization pivoted in a more offensive direction and became increasingly compartmentalized. Pelliccione claims fellow employees working on aspects of the same platform – for example, Android exploits and payloads – would not communicate with one another, possibly leading to tensions and strife within the organization.[10]

In February 2014, a report from Citizen Lab identified the organisation to be using hosting services from Linode, Telecom Italia, Rackspace, NOC4Hosts and bullet proof hosting company Santrex.[11]

On 5 July 2015 the company suffered a major data breach of customer data, software code, internal documents and e-mails. See: § 2015 data breach

On 2 April 2019 Hackingteam was acquired by InTheCyber to create Memento Labs [12]

Products and capabilities

HackingTeam enables clients to perform remote monitoring functions against citizens via their RCS (Remote Control Systems), including their Da Vinci and Galileo platforms:[1]

  • Covert collection of emails, text message, phone call history and address books
  • Keystroke logging
  • Uncover search history data and take screenshots
  • Record audio from phone calls
  • Capture audio and video stream from device memory to bypass cryptography of Skype sessions[13]
  • Use microphones on device to collect ambient background noise and conversations
  • Activate phone or computer cameras
  • Hijack telephone GPS systems to monitor target's location
  • Infect target computer's UEFI BIOS firmware with a rootkit[14]
  • Extract WiFi passwords[15]
  • Exfiltrate Bitcoin and other cryptocurrency wallet files to collect data on local accounts, contacts and transaction histories.[16]

HackingTeam uses advanced techniques to avoid draining cell phone batteries, which could potentially raise suspicions, and other methods to avoid detection.[17][18]

The malware has payloads for Android,[15] BlackBerry, Apple iOS, Linux, Mac OS X, Symbian, as well as Microsoft Windows, Windows Mobile and Windows Phone class of operating systems.[19]

RCS is a management platform that allows operators to remotely deploy exploits and payloads against targeted systems, remotely manage devices once compromised, and exfiltrate data for remote analysis.

Controversies

Use by repressive governments

HackingTeam has been criticized for selling its products and services to governments with poor human rights records, including Sudan, Bahrain, Venezuela, and Saudi Arabia.[20]

In June 2014, a United Nations panel monitoring the implementation of sanctions on Sudan requested information from HackingTeam about their alleged sales of software to the country in contravention of United Nations weapons export bans to Sudan. Documents leaked in the 2015 data breach of HackingTeam revealed the organization sold Sudanese National Intelligence and Security Service access to their "Remote Control System" software in 2012 for 960,000 Euros.[20]

In response to the United Nations panel, the company responded in January 2015 that they were not currently selling to Sudan. In a follow-up exchange, HackingTeam asserted that their product was not controlled as a weapon, and so the request was beyond the scope of the panel. There was no need for them to disclose previous sales, which they considered confidential business information.[20]

The U.N. disagreed. "The view of the panel is that as such software is ideally suited to support military electronic intelligence (ELINT) operations it may potentially fall under the category of 'military ... equipment' or 'assistance' related to prohibited items," the secretary wrote in March. "Thus its potential use in targeting any of the belligerents in the Darfur conflict is of interest to the Panel."[20][21]

In the fall of 2014, the Italian government abruptly froze all of HackingTeam's exports, citing human rights concerns. After lobbying Italian officials, the company temporarily won back the right to sell its products abroad.[20]

2015 data breach

On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who published an announcement of a data breach against HackingTeam's computer systems. The initial message read, "Since we have nothing to hide, we're publishing all our e-mails, files, and source code ..." and provided links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code; which were leaked via BitTorrent and Mega.[22] An announcement of the data breach, including a link to the bittorrent seed, was retweeted by WikiLeaks and by many others through social media.[23][24]

The material was voluminous and early analysis appeared to reveal that HackingTeam had invoiced the Lebanese Army[25] and Sudan and that spy tools were also sold to Bahrain and Kazakhstan.[24] HackingTeam had previously claimed they had never done business with Sudan.[26]

The leaked data revealed a zero-day cross-platform Flash exploit (CVE number: CVE-2015-5119.[27] The dump included a demo of this exploit by opening Calculator from a test webpage.[28][29][30] Adobe patched the hole on July 8, 2015.[31] Another vulnerability involving Adobe was revealed in the dumps, which took advantage of a buffer overflow attack on an Adobe Open Type Manager DLL included with Microsoft Windows. The DLL is run in kernel mode, so the attack could perform privilege escalation to bypass the sandbox.[32]

Also revealed in leaked data was HackingTeam employees' use of weak passwords, including 'P4ssword', 'wolverine', and 'universo'.[33]

After a few hours without response from HackingTeam, member Christian Pozzi tweeted the company was working closely with police and "what the attackers are claiming regarding our company is not true."[34][35] He also claimed the leaked archive "contains a virus" and that it constituted "false info".[36] Shortly after these tweets, Pozzi's Twitter account itself was apparently compromised.[37]

Responsibility for this attack was claimed by the hacker known as "Phineas Fisher" (or Phisher) on Twitter.[38] Phineas has previously attacked spyware firm Gamma International, who produce malware, such as FinFisher, for governments and corporations.[39] In 2016, Phineas published details of the attack, in Spanish and English, as a "how-to" for others, and explained the motivations behind the attack.[40]

The internal documents revealed details of HackingTeam's contracts with repressive governments.[41] In 2016, the Italian government again revoked the company's license to sell spyware outside of Europe without special permission.[6][42]

Customer list

HackingTeam's clientele include not just governments, but also corporate clients such as Barclay's Bank and British Telecom (BT) of the United Kingdom, as well as Deutsche Bank of Germany.[1]

A full list of HackingTeam's customers were leaked in the 2015 breach. Disclosed documents show HackingTeam had 70 current customers, mostly military, police, federal and provincial governments. The total company revenues disclosed exceeded 40 million Euros.[43][44][45][46][47][48]

Customer Country Area Agency Year First Sale Annual Maintenance Fees Total Client Revenues
Polizia Postale e delle Comunicazioni[49]ItalyEuropeLEA2004€100,000€808,833
Centro Nacional de Inteligencia[50]SpainEuropeIntelligence2006€52,000€538,000
Infocomm Development Authority of SingaporeSingaporeAPACIntelligence2008€89,000€1,209,967
Information OfficeHungaryEuropeIntelligence2008€41,000€885,000
CSDNMoroccoMEAIntelligence2009€140,000€1,936,050
UPDF (Uganda Peoples Defense Force), ISO (Internal Security Organization), Office of the PresidentUgandaAfricaIntelligence2015€831,000€52,197,100
Italy - DA - RentalItalyEuropeOther2009€50,000€628,250
Malaysian Anti-Corruption CommissionMalaysiaAPACIntelligence2009€77,000€789,123
PCMItalyEuropeIntelligence2009€90,000€764,297
SSNS - UngheriaHungaryEuropeIntelligence2009€64,000€1,011,000
CC - ItalyItalyEuropeLEA2010€50,000€497,349
Al Mukhabarat Al A'amahSaudi ArabiaMEAIntelligence2010€45,000€600,000
IR Authorities (Condor)LuxembourgEuropeOther2010€45,000€446,000
La Dependencia y/o CISEN[51]MexicoLATAMIntelligence2010€130,000€1,390,000
UZC[52]Czech RepublicEuropeLEA2010€55,000€689,779
Egypt - MOD[52]EgyptMEAOther2011€70,000€598,000
Federal Bureau of Investigation[53]USANorth AmericaLEA2011€100,000€697,710
Oman - IntelligenceOmanMEAIntelligence2011€30,000€500,000
President Security[54][55] PanamaLATAMIntelligence2011€110,000€750,000
Turkish National PoliceTurkeyEuropeLEA2011€45,000€440,000
UAE - MOIUAEMEALEA2011€90,000€634,500
National Security Service[52]UzbekistanEuropeIntelligence2011€50,000€917,038
Department of Defense[53]USANorth AmericaLEA2011€190,000
Bayelsa State GovernmentNigeriaMEAIntelligence2012€75,000€450,000
Estado del MexicoMexicoLATAMLEA2012€120,000€783,000
Information Network Security AgencyEthiopiaMEAIntelligence2012€80,000€750,000
State security (Falcon)LuxemburgEuropeOther2012€38,000€316,000
Italy - DA - RentalItalyEuropeOther2012€60,000€496,000
MAL - MIMalaysiaAPACIntelligence2012€77,000€552,000
Direction générale de la surveillance du territoireMoroccoMEAIntelligence2012€160,000€1,237,500
National Intelligence and Security Service[52]SudanMEAIntelligence2012€76,000€960,000
Russia - KVANT[56]RussiaEuropeIntelligence2012€72,000€451,017
Saudi - GIDSaudiMEALEA2012€114,000€1,201,000
SIS of National Security Committee of Kazakhstan[52]KazakhstanEuropeIntelligence2012€140,000€1,012,500
The 5163 Army Division (Alias of South Korean National Intelligence Service)[52][57][58]S. KoreaAPACOther2012€67,000€686,400
UAE - IntelligenceUAEMEAOther2012€150,000€1,200,000
Central Intelligence Agency[59] USA North America Intelligence 2011
Drug Enforcement Administration[53][60]USANorth AmericaOther2012€70,000€567,984
Central Anticorruption BureauPolandEuropeLEA2012€35,000€249,200
MOD SaudiSaudiMEAOther2013€220,000€1,108,687
PMOMalaysiaAPACIntelligence2013€64,500€520,000
Estado de QeretaroMexicoLATAMLEA2013€48,000€234,500
National Security Agency[52]AzerbaijanEuropeIntelligence2013€32,000€349,000
Gobierno de PueblaMexicoLATAMOther2013€64,000€428,835
Gobierno de CampecheMexicoLATAMOther2013€78,000€386,296
AC MongoliaMongoliaAPACIntelligence2013€100,000€799,000
Dept. of Correction Thai PoliceThailandAPACLEA2013€52,000€286,482
National Intelligence Secretariat[61] EcuadorLATAMLEA2013€75,000€535,000
Police Intelligence DirectorateColombiaLATAMLEA2013€35,000€335,000
Guardia di FinanzaItalyEuropeLEA2013€80,000€400,000
Intelligence[62]CyprusEuropeLEA2013€40,000€375,625
MidWorld[63]BahrainMEAIntelligence2013€210,000
Mexico - PEMEXMexicoLATAMLEA2013€321,120
Malysia KMalaysiaAPACLEA2013€0
HondurasHondurasLATAMLEA2014€355,000
Mex TaumalipasMexicoLATAM2014€322,900
Secretaría de Planeación y FinanzasMexicoLATAMLEA2014€91,000€371,035
AREAItaliaEurope2014€430,000
Mexico YucatánMexicoLATAMLEA2014€401,788
Mexico DurangoMexicoLATAMLEA2014€421,397
Investigations Police of ChileChileLATAMLEA2014€2,289,155
Jalisco MexicoMexicoLATAMLEA2014€748,003
Royal Thai ArmyThailandAPACLEA2014€360,000
Vietnam GD5VietnamAPAC2014€281,170
Kantonspolizei ZürichSwitzerlandEuropeLEA2014€486,500
Vietnam GD1VietnamAPACLEA2015€543,810
Egypt TRD GNSEEgyptMEALEA2015€137,500
Lebanese ArmyLebanonMEALEA2015
Federal Police DepartmentBrazilLATAMLEA2015
National Anticorruption DirectorateRomaniaDNAIntelligence2015
State Informative Service[64]AlbaniaEuropeSHIK2015
gollark: Since most people don't want to bother with installing Python and PyTorch and probably messing with CUDA and such.
gollark: It's become quite popular on the internet™ lately, or at least the Discord servers I frequent. The demo thing for it must be very costly to run.
gollark: You can use Mini DALL-E, which is a somewhat unrelated thing by other people, at least.
gollark: Unfortunately, DALL-E is not very open.
gollark: I see.

See also

References

  1. Batey, Angus (24 November 2011). "The spies behind your screen". The Telegraph. Retrieved 26 July 2015.
  2. "Enemies of the Internet: HackingTeam". Reporters Without Borders. Archived from the original on 29 April 2014. Retrieved 24 April 2014.
  3. Marczak, Bill; Gaurnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (17 February 2014). "Mapping HackingTeam's "Untraceable" Spyware". Citizen Lab. Archived from the original on 20 February 2014.
  4. Kopfstein, Janus (10 March 2014). "Hackers Without Borders". The New Yorker. Retrieved 24 April 2014.
  5. Marquis-Boire, Morgan; Gaurnieri, Claudio; Scott-Railton, John; Kleemola, Katie (24 June 2014). "Police Story: HackingTeam's Government Surveillance Malware". Citizen Lab. University of Toronto. Archived from the original on 25 June 2014. Retrieved 3 August 2014.
  6. Zorabedian, John (8 April 2016). "HackingTeam loses global license to sell spyware". Naked Security. Retrieved 15 May 2016.
  7. Human Rights Watch (25 March 2014). "They Know Everything We Do". Retrieved 1 August 2015.
  8. Jeffries, Adrianne (13 September 2013). "Meet HackingTeam, the company that helps the police hack you". The Verge. Retrieved 21 April 2014.
  9. "Noi, i padri del cyber-007". 2 December 2011.
  10. Farivar, Cyrus (20 July 2015) HackingTeam goes to war against former employees, suspects some helped hackers. Ars Technica. Retrieved 26 July 2015.
  11. "HackingTeam's US Nexus". 28 February 2014. Retrieved 2 August 2015.
  12. "Nasce Memento Labs". 2 April 2019.
  13. Stecklow, Steve; Sonne, Paul; Bradley, Matt (1 June 2011). "Mideast Uses Western Tools to Battle the Skype Rebellion". The Wall Street Journal. Retrieved 26 July 2015.
  14. Lin, Philippe (13 July 2015). "HackingTeam Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems". TrendLabs Security Intelligence Blog. Trend Micro. Retrieved 26 July 2015.
  15. "Advanced spyware for Android now available to script kiddies everywhere". Ars Technica. Retrieved 2 August 2015.
  16. Farivar, Cyrus (14 July 2015). "HackingTeam broke Bitcoin secrecy by targeting crucial wallet file". Ars Technica. Retrieved 26 July 2015.
  17. Schneier, Bruce. "More on HackingTeam's Government Spying Software".
  18. "HackingTeam Tools Allow Governments To Take Full Control of Your Smartphone". International Business Times UK. 24 June 2014. Retrieved 15 May 2016.
  19. Guarnieri, Claudio; Marquis-Boire, Morgan (13 January 2014). "To Protect And Infect: The militarization of the Internet". At the 30th Chaos Communications Congress – "30C3". (Video or Audio). Chaos Computer Club. Retrieved 15 August 2015.
  20. Hay Newman, Lily. "A Detailed Look at HackingTeam's Emails About Its Repressive Clients". The Intercept. Retrieved 15 May 2016.
  21. Knibbs, Kate (8 July 2015). "HackingTeam's Lame Excuse for Selling Digital Weapons to Sudan". Gizmodo. Retrieved 15 May 2016.
  22. "Hacked Team (@hackingteam)". Archived from the original on 6 July 2015. Retrieved 6 July 2015.CS1 maint: BOT: original-url status unknown (link)
  23. WikiLeaks [@wikileaks] (6 July 2015). "Inside malware makers "HackingTeam": hundreds of gigabytes of e-mails, files, and source code" (Tweet). Retrieved 6 July 2015 via Twitter.
  24. "HackingTeam hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan". International Business Times. 6 June 2015. Retrieved 6 July 2015.
  25. Hacking Team on Twitter
  26. Ragan, Steve. "HackingTeam hacked, attackers claim 400GB in dumped data". Retrieved 6 July 2015.
  27. "Security Advisory for Adobe Flash Player". helpx.adobe.com. Adobe Systems. 8 July 2015. Retrieved 30 August 2016.
  28. Khandelwal, Swati. "Zero-Day Flash Player Exploit Disclosed In 'HackingTeam' Data Dump". Retrieved 6 July 2015.
  29. Pi, Peter. "Unpatched Flash Player Flaw, More POCs Found in HackingTeam Leak". Retrieved 8 July 2015.
  30. "WICAR test malware". Retrieved 16 May 2017.
  31. Adobe Systems (corporate author). "Adobe Security Bulletin". Retrieved 11 July 2015.
  32. Tang, Jack. "A Look at the Open Type Font Manager Vulnerability from the HackingTeam Leak". Retrieved 8 July 2015.
  33. Whittaker, Zack. "HackingTeam used shockingly bad passwords". Retrieved 6 July 2015.
  34. Christian Pozzi. "unknown". Retrieved 6 July 2015 via Twitter.
  35. Christian Pozzi. "unknown". Retrieved 6 July 2015 via Twitter.
  36. Christian Pozzi. "unknown". Retrieved 6 July 2015 via Twitter.
  37. "Christian Pozzi on Twitter: "Uh Oh - my twitter account was also hacked."". 6 July 2015. Archived from the original on 6 July 2015. Retrieved 6 July 2015.
  38. Phineas Fisher [@gammagrouppr] (6 July 2015). "gamma and HT down, a few more to go :)" (Tweet) via Twitter.
  39. Osbourne, Charlie. "HackingTeam: We won't 'shrivel up and go away' after cyberattack". Retrieved 6 July 2015.
  40. "How HackingTeam got hacked". Ars Technica. Retrieved 15 May 2016.
  41. "A Detailed Look at HackingTeam's Emails About Its Repressive Clients". The Intercept. Retrieved 15 May 2016.
  42. "Hacking Team's Global License Revoked by Italian Export Authorities". Privacy International. 8 April 2016. Archived from the original on 5 May 2019. Retrieved 15 May 2016.
  43. Kopstein, Justin (6 July 2015). "Here Are All the Sketchy Government Agencies Buying HackingTeam's Spy Tech". Vice Magazine.
  44. Weissman, Cale Guthrie (6 July 2015). "Hacked security company's documents show a laundry list of questionable clients".
  45. Ragan, Steve. "In Pictures: HackingTeam's hack curated". CSO Online (Australia).
  46. Hern, Alex (6 July 2015). "HackingTeam hacked: firm sold spying tools to repressive regimes, documents claim". The Guardian. Retrieved 22 July 2015.
  47. Ragan, Steve (6 July 2015). "HackingTeam responds to data breach, issues public threats and denials". CSO Online. Retrieved 22 July 2015.
  48. Stevenson, Alastair (14 July 2015). "A whole bunch of downed government surveillance programs are about to go back online". Business Insider. Retrieved 22 July 2015.
  49. Jone Pierantonio. "Ecco chi ha bucato HackingTeam" Archived 6 August 2015 at the Wayback Machine. International Business Times. Retrieved 2 August 2015.
  50. Ediciones El País (8 July 2015). "HackingTeam: “Ofrecemos tecnología ofensiva para la Policía”". El País. Retrieved 2 August 2015.
  51. "The HackingTeam leak shows Mexico was its top client, but why?". Fusion. Retrieved 2 August 2015.
  52. "Leaked emails from security firm HackingTeam show government use - Fortune". Fortune. Retrieved 2 August 2015.
  53. "Leaked Documents Show FBI, DEA and U.S. Army Buying Italian Spyware". The Intercept. Retrieved 2 August 2015.
  54. "HackingTeam's Equipment Got Stolen in Panama". Motherboard. Retrieved 2 August 2015.
  55. Molina, Thabata (13 August 2015). "Panama to Investigate Martinelli in HackingTeam Spying Scandal". Panama Post. Retrieved 15 August 2015.
  56. "HackingTeam apparently violated EU rules in sale of spyware to Russian agency". Ars Technica. Retrieved 2 August 2015.
  57. "How HackingTeam Created Spyware that Allowed the FBI To Monitor Tor Browser". The Intercept. Retrieved 2 August 2015.
  58. McGrath, Ben (25 July 2015). "Further revelations in South Korean hacking scandal". World Socialist Web Site. Retrieved 26 July 2015.
  59. "WikiLeaks - The Hackingteam Archives". wikileaks.org. Retrieved 25 March 2017.
  60. "The DEA Just Cancelled Its Contract With HackingTeam". Motherboard. Retrieved 2 August 2015.
  61. In Cyprus (11 July 2015).Intelligence Service chief steps down Archived 2015-08-15 at the Wayback Machine. Retrieved 26 July 2015.
  62. Bahrain Center for Human Rights (15 July 2015). "HackingTeam's troubling connections to Bahrain" IFEX. Retrieved 26 July 2015.
  63. Lexime (14 July 2015). "Burime të sigurta, SHISH përdor programet përgjuese që prej 2015. HackingTeams: Nuk e kemi nën kontroll sistemin!" (video). BalkanWeb. Retrieved 27 July 2015.
  64. HackingTeam: a zero-day market case study, Vlad Tsyrklevich's blog
  65. Perlroth, Nicole (10 October 2012). Ahead of Spyware Conference, More Evidence of Abuse. The New York Times (Bits).

{software update}

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.