Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Hacked, Attackers Grab 400GB of Internal Data

Posted by Soulskill on from the bet-they-have-a-case-of-the-mondays dept.

Several readers sent word that notorious surveillance company Hacking Team has itself been hacked. Attackers made off with 400GB worth of emails, documents, and source code. The company is known for providing interception tools to government and law enforcement agencies. According to the leaked files, Hacking Team has customers in Egypt, South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, Mongolia, Russia, Germany, Sudan, and the United States — to name a few. It has been labeled an enemy of the internet by Reporters Without Borders. "Clients have had their passwords exposed as well, as several documents related to contracts and configurations have been circulating online." Nobody knows yet who perpetrated the hack.

63 of 95 comments (clear)

  1. Find the source code on GitHub by Anonymous Coward · · Score: 5, Informative

    Someone started uploading all the HackingTeam source code to GitHub: https://github.com/hackedteam?...
    There are also some signing keys for kernel drivers in here.

    That's a bad day for Hacking Team and a good day for everyone else.

    1. Re:Find the source code on GitHub by xxxJonBoyxxx · · Score: 1

      >> https://github.com/hackedteam/...
      >> https://github.com/hackedteam/...

      ndisk, eh? With a couple of components to collect, report and transmit?

      This thing kind of looks like the kit used in Shamoon, Sony, Icefog/Korea, etc.

    2. Re:Find the source code on GitHub by mystuff · · Score: 1

      Brilliant, people can start translating the comments in the source code from Italian to English! Would be even funnier it people started filing issues and fix bugs in their code.

      But more to the point, will this help bona fide security researchers with their work on fighting exploits on all platforms or is there not much of interest there? Any experts on the matter?

    3. Re:Find the source code on GitHub by johanw · · Score: 3, Funny

      Some 0-day leaks were found too, so I think MS will be quick to patch them.

    4. Re:Find the source code on GitHub by xxxJonBoyxxx · · Score: 1

      >> people can start translating the comments in the source code from Italian to English!

      Really, you can't follow the code without English comments?

      >> will this help bona fide security researchers with their work on fighting exploits on all platforms?

      It gives us a couple more signatures to look for. I'm really getting sick of the "fake driver" vector though; it's 2015 and still trivial to get Windows platforms to cough up anything you'd want. As long as AV vendors ignore things like this (e.g., https://www.google.com/webhp?s...) it will continue to be easy for nearly anyone to write their own "advanced persistent threat."

    5. Re:Find the source code on GitHub by Anonymous Coward · · Score: 1

      >> people can start translating the comments in the source code from Italian to English!

      Really, you can't follow the code without English comments?

      Surely if it needed comments in the first place then it implies that the code isn't easy to follow, even for the original author.

    6. Re:Find the source code on GitHub by jimbolauski · · Score: 3, Informative

      Really, you can't follow the code without English comments?

      I pray you don't write any software that other people have to use. Most companies will flat out reject code if it has not been properly documented.

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
    7. Re:Find the source code on GitHub by dunkelfalke · · Score: 5, Insightful

      Comments aren't there for following the code - even a code monkey like me can do that. They are to explain the reasoning behind the code.

      --
      "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap
    8. Re:Find the source code on GitHub by 140Mandak262Jamuna · · Score: 1

      Brilliant, people can start translating the comments in the source code from Italian to English!

      Comments in Italian is actually a blessing for English speaking coders. Dijkstra's dictum was: "Never debug the comments. Always debug the code". (I could not find the reference, if he did not say it, someone equally great said it, because it is certainly not my original idea. ) Often comments are redundant, insanely stupid, misleading or obsolete. The only useful comments I find in my own code are along the lines of: "Yes, this function searches through the entire edge list, we tried to speed it up, but the complexity and the cost of maintaining a sorted set of edges were not worth it". Something that documents a dead end code that had been removed.

      --
      sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
    9. Re:Find the source code on GitHub by Demonoid-Penguin · · Score: 1

      Really, you can't follow the code without English comments?

      I pray you don't write any software that other people have to use. Most companies will flat out reject code if it has not been properly documented.

      Maybe you should have watched all the "be professional programmer" webinars.

    10. Re:Find the source code on GitHub by SethJohnson · · Score: 1

      They are to explain the reasoning behind the code.

      This is a huge purpose for comments. Also, maybe I can interpret the code perfectly well without comments. How well can I depend on everyone else who is modifying the code to be able to interpret it properly.

      Well-documented code helps protect it from the introduction of bugs by later contributors.

      --
      $5 / month hosted VPS on linux = awesome!
    11. Re:Find the source code on GitHub by myowntrueself · · Score: 1

      >> people can start translating the comments in the source code from Italian to English!

      Really, you can't follow the code without English comments?

      >> will this help bona fide security researchers with their work on fighting exploits on all platforms?

      It gives us a couple more signatures to look for. I'm really getting sick of the "fake driver" vector though; it's 2015 and still trivial to get Windows platforms to cough up anything you'd want. As long as AV vendors ignore things like this (e.g., https://www.google.com/webhp?s...) it will continue to be easy for nearly anyone to write their own "advanced persistent threat."

      Comments often contain all kinds of juicy info. Its not about following the code its about getting insights into all kinds of non-code related things.

      --
      In the free world the media isn't government run; the government is media run.
    12. Re:Find the source code on GitHub by Mikkeles · · Score: 2

      As had been said before: if the comments and code don't match, then both are probably wrong.

      --
      Great minds think alike; fools seldom differ.
    13. Re:Find the source code on GitHub by myowntrueself · · Score: 1

      They are to explain the reasoning behind the code.

      This is a huge purpose for comments. Also, maybe I can interpret the code perfectly well without comments. How well can I depend on everyone else who is modifying the code to be able to interpret it properly.

      Well-documented code helps protect it from the introduction of bugs by later contributors.

      Imagine comments like "Manager asked me to implement this to make it easier for to target " Not so interesting wrt the code, very useful though for anyone interested in the meta game.

      I bet theres all kinds of incriminating stuff in there of no interest to programmers.

      --
      In the free world the media isn't government run; the government is media run.
  2. Another turn of the screw by fustakrakich · · Score: 2

    *What's good for the goose...*

    Schadenfreude...

    --
    “He’s not deformed, he’s just drunk!”
  3. SubjectsInCommentsAreStupid by lesincompetent · · Score: 1

    Serves those maggots well.

    1. Re:SubjectsInCommentsAreStupid by D.McG. · · Score: 5, Interesting

      How does a group like that not notice 400GB of traffic exiting the building? If it were done in a single day, the hackers would need to draw down 4,629,629 bytes per second sustained for 24 hours.

    2. Re:SubjectsInCommentsAreStupid by s0litaire · · Score: 4, Funny

      Probably thought it was one of their bit-torrent clients..

      Even evil hackers require an extensive porn collection to do their job...

      --
      Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
    3. Re: SubjectsInCommentsAreStupid by Anonymous Coward · · Score: 1

      Which is a pretty slow bandwith nowadays... I would get 400gb down in roughly 22 hours with my lazy connection at home... i could bet the involved parties both have a little more speed at hand

    4. Re: SubjectsInCommentsAreStupid by Flavianoep · · Score: 1

      If I've got my calculations right, to complete the downloading of that amount of data in a single day, it would need a 37,9259 Mib/s bandwidth -- 37,9255 Mib/s on last 6/30 --, which is quite trivial in some places.

      --
      Linux is for people who don't mind RTFM.
    5. Re: SubjectsInCommentsAreStupid by o_ferguson · · Score: 1

      I have a friend who lives in a Condo in Toronto and his residential pipe is 100/100 for 40 bucks a month, and they offered to boost it to 400/400 for an extra 30 bucks a month, but he has no need for that much speed. (Note, this is atypical for Canada, but it's the same building Deadmau5 used to live in, and he augured to bring in a high-end ISP.)

      --
      - In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
  4. Yay! by spiritplumber · · Score: 1

    It's 2015, I just finished competing in BattleBots, and this is front page news. 12 year old me would be very happy about how things are going.

    --
    Liberty - Security - Laziness - Pick any two.
    1. Re:Yay! by Jason+Levine · · Score: 1

      What's your bot? (My boys and I are watching the show on ABC.)

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    2. Re:Yay! by Curunir_wolf · · Score: 2

      What's your bot? (My boys and I are watching the show on ABC.)

      What a horrible job they did of putting that show together. Battles are only 3 minutes, but with all the commentary, backgrounders, interviews and fluff, they can only fit FOUR battles into an hour-long show. Worse, they include so much commentary they actually EXCLUDE about 1/2 the battles, and just show a few highlights from some.

      Imagine if a network covered the NBA playoffs like that? Producers at ABC certainly showed a lot of incompetence with that show.

      --
      "Somebody has to do something. It's just incredibly pathetic it has to be us."
      --- Jerry Garcia
    3. Re:Yay! by spiritplumber · · Score: 1

      I think they did a better job than CC did... and yeah we didn't pay a whole lot of attention to the commentators :) The two battles that weren't shown had a big problem: underpowered weapons. Basically very little happened.

      --
      Liberty - Security - Laziness - Pick any two.
    4. Re:Yay! by jandrese · · Score: 3, Funny

      In other words they covered it exactly the same way they cover the Olympics?

      --

      I read the internet for the articles.
    5. Re:Yay! by myowntrueself · · Score: 1

      What's your bot? (My boys and I are watching the show on ABC.)

      What a horrible job they did of putting that show together. Battles are only 3 minutes, but with all the commentary, backgrounders, interviews and fluff, they can only fit FOUR battles into an hour-long show. Worse, they include so much commentary they actually EXCLUDE about 1/2 the battles, and just show a few highlights from some.

      Imagine if a network covered the NBA playoffs like that? Producers at ABC certainly showed a lot of incompetence with that show.

      Let me guess, they also flick the video fast never lingering on a single scene for more than a few seconds so you can't really follow anything?

      --
      In the free world the media isn't government run; the government is media run.
    6. Re:Yay! by Jason+Levine · · Score: 1

      And yet, it's still better than pretty much any reality show on TV. Not saying much, I know, but I'd rather watch Battlebots (poorly put together or not) than Survivor: Yet Another Location.

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
    7. Re:Yay! by NeMon'ess · · Score: 1

      The battles don't need to be longer than 3 minutes. I think there was a single match so far that went to a split decision and could have benefited from an extra minute.

      ABC excluded less interesting preliminary fights. Now that a viewing audience has built up all the matches get shown.

  5. Monty Python. by Ukab+the+Great · · Score: 5, Funny

    We apologize for corporate and govt data breeches. Those responsible have been
    hacked.

    ---

    We apologise again for the data breeches. Those responsible for hacking
    the people who have just been hacked,
    have been hacked.

    1. Re:Monty Python. by LaurenCates · · Score: 1

      Came in just to make this joke. I have no mod points, but I will clap together empty halves of a coconut in approbation.

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
    2. Re:Monty Python. by ArcadeMan · · Score: 1

      Why? Are you going somewhere?

      --
      Get free satoshi (Bitcoin) and Dogecoins
    3. Re:Monty Python. by Anonymous Coward · · Score: 1

      Yes, apparently the hackers found a back door.

    4. Re:Monty Python. by LaurenCates · · Score: 1

      Why, Camelot, of course!

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
    5. Re:Monty Python. by CreatureComfort · · Score: 1

      It's a very silly place.

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    6. Re:Monty Python. by ArcadeMan · · Score: 1

      It's only a model...

      --
      Get free satoshi (Bitcoin) and Dogecoins
    7. Re:Monty Python. by LaurenCates · · Score: 1

      And a bit suspect, I think.

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
    8. Re:Monty Python. by LaurenCates · · Score: 1

      Shhhh!

      --
      Some people don't believe in fairies. I don't believe in The Patriarchy.
    9. Re:Monty Python. by Kevin+by+the+Beach · · Score: 1

      ROFL... thanks for the absurdity break

      Crying because it sooooo true.

  6. 400GB by troon · · Score: 2

    "400GB worth of emails, documents, and source code"

    Seems unlikely. There's going to be a lot of... binary data in there, surely.

    --
    Ydco co ,df C erb-y go. a Ekrpat t.fxrapev
    1. Re:400GB by bobbied · · Score: 1

      "400GB worth of emails, documents, and source code"

      Seems unlikely. There's going to be a lot of... binary data in there, surely.

      They got it all from /dev/null and used compression.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    2. Re:400GB by jandrese · · Score: 1

      If you think 400GB of email alone is too much you clearly have never worked in a company that allows you to mail powerpoints around.

      --

      I read the internet for the articles.
  7. de haxx0rz be haxx0red na0 by Anonymous Coward · · Score: 1

    Not anybody knows what really happened. It's an excuse to bandy around meaningless but scary-sounding terms yet once more. Any excuse will do.

  8. GeoTrust signing keys by fulldecent · · Score: 3, Interesting

    Can someone please explain the significance and consequences of publishing this:

    GeoTrust_SigningCertificateExported_2011.pfx

    https://github.com/hackedteam/...

    --

    -- I was raised on the command line, bitch

    1. Re:GeoTrust signing keys by Anonymous Coward · · Score: 1

      Can someone please explain the significance and consequences of publishing this:

      It means that anything signed by that key can't be trusted and probably contains a government Trojan.

    2. Re:GeoTrust signing keys by mwvdlee · · Score: 3, Interesting

      From the looks of it, this key seems to be used for signing Windows binaries, not for SSL certificates.
      Surely somebody more knowledgeable can confirm or deny this?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    3. Re:GeoTrust signing keys by Anonymous Coward · · Score: 4, Informative

      It's confirmed. One of the news stories (can't remember which one) said that HT would recommend that their clients purchase digital certs to sign the malware they bought in order to skirt anti-virus scans. Apparently most antivirus software will ignore legitamite looking signed apps with certs that have been timestamped. The GeoTrust cert is probably a test cert that HT uses.

    4. Re:GeoTrust signing keys by Anonymous Coward · · Score: 1

      Certificate has been revoked. It is also only valid for code signing.

      The significance should be nil by now

    5. Re:GeoTrust signing keys by Anonymous Coward · · Score: 1

      Do you have a link to this information?

    6. Re:GeoTrust signing keys by dissy · · Score: 3, Informative

      Can someone please explain the significance and consequences of publishing this:
      GeoTrust_SigningCertificateExported_2011.pfx

      It's another couple good patters for antivirus software to look for and trigger upon finding.
      Anyone infected with their rootkitted drivers four years ago and haven't had the malware update may find out about being infected with it.

      If they used the same company name for their 2015 certificate as is used in the certs published, that would be another signature for AV software to trigger on if they kept your rootkitted drivers updated.

      That's about it however.

      The certificate is long expired so can't be used to sign any new code with.
      You can also be pretty certain their next certificate (to be issued any day now, if not already) will be under a different name as well.

  9. apple issued enterprise dev cert to ht by Anonymous Coward · · Score: 2, Informative

    https://twitter.com/FredericJa...

    Subject: UID=DE9J4B8GTF, CN=iPhone Distribution: HT srl, OU=DE9J4B8GTF, O=HT srl, C=IT

    1. Re:apple issued enterprise dev cert to ht by jandrese · · Score: 1

      Which means they sent $100 to Apple? Is this shocking?

      --

      I read the internet for the articles.
  10. Oh ya. by AndyKron · · Score: 1

    Oh ya, we're fucked.

  11. 51603bff88e0a1b3bad3962614978929c9d26955 by Anonymous Coward · · Score: 1

    magnet

  12. Were Hackingteam planting evidence? by eyenot · · Score: 1

    Kevin Mitnick's twitter has this update:

    https://twitter.com/kevinmitni...

    --
    "Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
  13. Loser. by godel_56 · · Score: 1

    From first link: "Hacking Team's Christian Pozzi was personally exposed by the incident, as the security engineer's [poor quality, easily guessed] password store from Firefox was published as part of the massive data dump. The websites indexed include social media (Live, Facebook, LinkedIn), financial (banks, PayPal), and network related (routers with default credentials)."

    What kind of security conscious person uses Firefox for storing important passwords, let alone someone calling themselves a security engineer? I hope the hackers had fun accessing his bank accounts. :-)

    1. Re:Loser. by greenfruitsalad · · Score: 1

      please elaborate on why it's dangerous to store passwords protected by a strong password in firefox sync. mozilla have no access to decrypted passwords, nobody has. the code is open source and the server can be your own instead of mozilla's.

  14. Funny a month ago by johnsnails · · Score: 1

    http://dilbert.com/strip/2013-...

  15. Also driver and closed-device rooting projects? by Ungrounded+Lightning · · Score: 1

    ... will this help bona fide security researchers with their work on fighting exploits on all platforms ... ?

    I wonder if this will also help people trying to write open software for closed devices? Signing keys, driver sources with spyware installed, ... Not only does it expose the malware bypassing the user's security, it may also expose the internal details of how the devices are driven and/or how to compromise the malware's and devices' anti-user "security".

    (I have often wondered how many of the closed-driver devices have the code closed just for business reasons and how many are closed because that's where the spyware has been installed and they can't let the source out - even sanitized - because that would lead to the spyware's exposure.)

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  16. Projects on github should "git fetch" NOW! by Ungrounded+Lightning · · Score: 1

    Someone started uploading all the HackingTeam source code to GitHub ... There are also some signing keys for kernel drivers in here.

    IMHO:

    Anyone with a project hosted on git hub should pull a backup copy NOW!

    Hosting this leak on git hub could lead to moves by authorities to contain it - which could have the side effect of making GitHub and/or some projects on it unavailable - temporarily or permanently.

    Better safe than sorry.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re: Projects on github should "git fetch" NOW! by ZeroWaiteState · · Score: 1

      No but a judge in the US with a bad hair day could do it in minutes.

  17. Android Security Rewards Program by eliotstock · · Score: 1

    Looks like some interesting stuff in there for Android, but none of it will now qualify for the Android Security Rewards Program: "Bugs initially disclosed publicly, or to a third-party for purposes other than fixing the bug, will typically not qualify for a reward." Source: http://www.google.com/about/ap...

    1. Re:Android Security Rewards Program by ZeroWaiteState · · Score: 1

      I doubt Google will fix them anyway, if they are on a carrier-locked device. They haven't even fixed TLS on the system default browser on a lot of their devices. 80% of Android installs are abandonware.