Hacking Team: We’ll be back in the spyware biz before you know it
Meanwhile countries sue for the right to snoop
Hacked snoopware maker Hacking Team says it will continue its operations as soon as possible – and claims the huge source-code leak it suffered didn’t get all of the company's crown jewels.
"What happened earlier this summer in the attack on our company was a reckless and vicious crime," said CEO David Vincenzetti in the statement, which is legit, but isn't on the company's website yet due to "technical problems."
"We have reported it to Italian authorities who are investigating it and we expect the authorities of other nations to be involved as well. While it is true that criminals exposed some of our source code to internet users, it is also true that by now the exposed system elements because of universal ability to detect these system elements."
He went on to say that the hackers hadn't exposed "important elements of our source code," and that a protected sector had been set up to protect the company's assets. In the meantime the firm is rebuilding its internal infrastructure prior to setting up operations.
The firm shut down its service a week ago, after stolen copies of its corporate secrets were leaked online, but based on what the 400GB Hacking Team archive has shown us so far, it wouldn't be impossible to get everything up and running again. Writing malware isn't hard, you just need to develop or buy exploits to target vulnerable computers, and that’s just a matter of time and funds these days.
The company's own archive shows an email from March 2015 from US penetration testing firm Netragard – whose company slogan is seriously "We protect you from people like us" – showing it offering a "flawless" remote executable flaw in all Windows systems running IE and Chrome for $105,000 to Hacking Team.
The exchange between Hacking Team COO Giancarlo Russo and Netragard's CEO Adriel Desautels makes for interesting reading, with the latter keen to "seal the deal" and Russo agreeing to pay in quarterly payment terms if the Italian firm could use it in their commercial product.
"As for this item in particular. The developer is one of our super-star developers. He has always built flawless items for us," Desautels boasts. "Do you have PGP by the way? We really do need to encrypt these emails."
Netragard has issued a public apology over the incident, saying that it changed its rules about only dealing with US clients last year after a senior client introduced them to the Italian firm. "It was our mutual understanding that this buyer maintained the same code of ethics as our own. Unfortunately we were very, very wrong," it said.
The US firm has said it will no longer do business with Hacking Team, but it certainly isn't the only seller. While commercial bug bounty programs are scooping major winnings for some, there's a vast grey market for exploits that seems to provide a healthy living for some, and that should be able to get Hacking Team back in business relatively quickly.
If it builds it, will they come?
Hacking Team might be able to get itself back online from a technical standpoint, but the company still faces a serious credibility issue.
Exactly how many buyers the company will find remains to be seen – the fallout from the initial hack still hasn't finished landing yet. On Friday the head of the Cyprus Intelligence Service (KYP), Andreas Pentaras, resigned after the stolen trove detailed his department's use of the Hacking Team's products.
Other countries are taking a very different approach. Hacking Team code was sold to the Ethiopian government to spy on journalists. On Tuesday the Ethiopian government is seeking to dismiss a legal action against the state brought by a US citizen in Maryland over the use of similar corporate surveillanceware.
The case of Kidane v. Ethiopia came after FinFisher software, from Hacking Team competitor Gamma International, was found on the computer of an Ethiopian expatriate. Between late October 2012 and March 2013 the surveillanceware reported his Skype calls and his family's internet activity back to the 188.8.131.52 IP address – owned by Ethiopia's state-owned telecommunications company Ethio Telecom.
The same IP address was identified as running a FinFisher command and control server in 2008 by security firm Rapid7, and again by Canada's Citizen Lab in 2013. The EFF, representing Kidane, will argue that this is illegal wiretapping.
"The Ethiopian government's US lawyers have asked to have the case dismissed, claiming that foreign governments have a right to wiretap Americans inside their own homes without court oversight, a right that not even the U.S. government claims for itself," the organization said.
"EFF Staff Attorney Nate Cardozo will argue Tuesday that Ethiopia must answer in court for the illegal spying on Mr. Kidane."
It has also emerged that Hacking Team may have helped the Italian National Military police hijack the internet's BGP routing system to take over the IP addresses of a foreign ISP.
Customers or not, it seems likely that the Hacking team will find business if it rebuilds its technical infrastructure. Whether or not it can secure it against the hackers gunning for the firm is another question altogether. ®