Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Hacked, Attackers Grab 400GB of Internal Data

Posted by Soulskill on from the bet-they-have-a-case-of-the-mondays dept.

Several readers sent word that notorious surveillance company Hacking Team has itself been hacked. Attackers made off with 400GB worth of emails, documents, and source code. The company is known for providing interception tools to government and law enforcement agencies. According to the leaked files, Hacking Team has customers in Egypt, South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, Mongolia, Russia, Germany, Sudan, and the United States — to name a few. It has been labeled an enemy of the internet by Reporters Without Borders. "Clients have had their passwords exposed as well, as several documents related to contracts and configurations have been circulating online." Nobody knows yet who perpetrated the hack.

5 of 95 comments (clear)

  1. Find the source code on GitHub by Anonymous Coward · · Score: 5, Informative

    Someone started uploading all the HackingTeam source code to GitHub: https://github.com/hackedteam?...
    There are also some signing keys for kernel drivers in here.

    That's a bad day for Hacking Team and a good day for everyone else.

    1. Re:Find the source code on GitHub by jimbolauski · · Score: 3, Informative

      Really, you can't follow the code without English comments?

      I pray you don't write any software that other people have to use. Most companies will flat out reject code if it has not been properly documented.

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
  2. apple issued enterprise dev cert to ht by Anonymous Coward · · Score: 2, Informative

    https://twitter.com/FredericJa...

    Subject: UID=DE9J4B8GTF, CN=iPhone Distribution: HT srl, OU=DE9J4B8GTF, O=HT srl, C=IT

  3. Re:GeoTrust signing keys by Anonymous Coward · · Score: 4, Informative

    It's confirmed. One of the news stories (can't remember which one) said that HT would recommend that their clients purchase digital certs to sign the malware they bought in order to skirt anti-virus scans. Apparently most antivirus software will ignore legitamite looking signed apps with certs that have been timestamped. The GeoTrust cert is probably a test cert that HT uses.

  4. Re:GeoTrust signing keys by dissy · · Score: 3, Informative

    Can someone please explain the significance and consequences of publishing this:
    GeoTrust_SigningCertificateExported_2011.pfx

    It's another couple good patters for antivirus software to look for and trigger upon finding.
    Anyone infected with their rootkitted drivers four years ago and haven't had the malware update may find out about being infected with it.

    If they used the same company name for their 2015 certificate as is used in the certs published, that would be another signature for AV software to trigger on if they kept your rootkitted drivers updated.

    That's about it however.

    The certificate is long expired so can't be used to sign any new code with.
    You can also be pretty certain their next certificate (to be issued any day now, if not already) will be under a different name as well.