Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Scrambling To Limit Damage Brought On By Explosive Data Leak

Posted by timothy on from the sounds-dangerous dept.

An anonymous reader writes: Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies? A hacker who goes by "Phineas Fisher" claims it was him (her? them?). In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company. They sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") — even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team's Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer.

95 comments

  1. Phineas is masculine by Anonymous Coward · · Score: 0, Troll

    https://en.wikipedia.org/wiki/Phineas

    1. Re:Phineas is masculine by Instantlemming · · Score: 2

      That doesn't say anything of the gender of the person using that nom de plume.

    2. Re:Phineas is masculine by Dutch+Gun · · Score: 4, Insightful

      Who needs a name? Statistical probability indicates that person is almost certainly a male.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    3. Re:Phineas is masculine by myowntrueself · · Score: 1

      That doesn't say anything of the gender of the person using that nom de plume.

      Oh no, please don't let this turn into a LBGT debate

      --
      In the free world the media isn't government run; the government is media run.
    4. Re:Phineas is masculine by Nethemas+the+Great · · Score: 1

      Who says it has to be anything of the sort. How many female characters in {pick your MMO} are played by males for {fill in reason}?

      --
      Two of my imaginary friends reproduced once ... with negative results.
    5. Re:Phineas is masculine by HornWumpus · · Score: 1

      Phineas Freakowoski agrees.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    6. Re:Phineas is masculine by davester666 · · Score: 1

      Phineas is all talk. Ferb is the real man of action.

      --
      Sleep your way to a whiter smile...date a dentist!
  2. Irony by Anonymous Coward · · Score: 1

    Let's hope they see how much it hurts people when stuff like this happens, and change their ways.

    Nobody cries when the thief gets robbed.

    1. Re:Irony by Anonymous Coward · · Score: 0, Troll

      Nobody cries when the thief gets robbed.

      Jesus does.

  3. Live by the sword... die by the sword. by Anonymous Coward · · Score: 0

    Man, if this hacker had a bank account, I'd throw something in. Heck -- I'd be willing to get "into" bitcoin just to tip him/her off.

  4. The fickle finger of fate..... by Proudrooster · · Score: 5, Insightful

    Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.

    If someone has a link the to torrent, please post it.

    1. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 1

      Their karma bucket just turned into a chamber pot, time to fill 'er up.

    2. Re: The fickle finger of fate..... by Anonymous Coward · · Score: 5, Funny

      I'll drink to that! Wait...

    3. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 0

      Ahh.. the good old just-world fallacy.

      There are no mystic forces that make justice inevitable (or even likely)... the only justice that exists is that which we ourselves create.

    4. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 0

      You've neglected the power of the ID, the subconscious force that lives in all of us and HATES OUR SHIT.

    5. Re:The fickle finger of fate..... by Thud457 · · Score: 2

      As the Bataman said, "the world only makes sense when we force it to".
      That's why we all morally obligated to track down evildoers and punch them in the balls. I'm pretty sure Thomas Jefferson wrote that, somewhere.

      --

      the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

    6. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 1

      And the more people you piss off, the more likely it is that one (or more) of them will exact that justice. As just happened to Hacker Team.

    7. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 3, Informative

      Sure - the torrent is:
      https://mega.co.nz/#!Xx1lhChT!rbB-LQQyRypxd5bcQnqu-IMZN20ygW_lWfdHdqpKH3E
      mirror at:
      https://ht.transparencytoolkit.org/
      source code up on guithub:
      https://github.com/hackedteam?tab=repositories

    8. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 1

      https://ht.transparencytoolkit.org/c.pozzi/Desktop/you.txt

      Ahahahaha

    9. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 2, Interesting

      Y'know it's funny... This particular leak has spurred the economy. I went out yesterday and bought a 3TB drive specifically to have extra space to download and extract and peruse the 400 GB of Hacker Team evilware. Current ETA gives me 11 more hours before I'm done but I think it's worth it just to poke around.

    10. Re:The fickle finger of fate..... by Nethemas+the+Great · · Score: 1

      Not sure it has anything to do with divinely controlled "cosmic justice". There are consequences for every action, some good, some bad. Certain actions earn wages differently from others. Their shenanigans earned them some immediate good, but along with that, were dividends that gradually filled the chamber pot that just fell on their heads.

      --
      Two of my imaginary friends reproduced once ... with negative results.
    11. Re:The fickle finger of fate..... by Nyder · · Score: 1

      Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.

      If someone has a link the to torrent, please post it.

      Karma applies to your next life, not this one.

      --
      Be seeing you...
    12. Re: The fickle finger of fate..... by Anonymous Coward · · Score: 0

      I believe the second ammendment insinuates this. Just imagine a cavalry of soldiers on armed bears hunting down evildoers. I still haven't had much luck training my bear to shoot very well, though.

    13. Re: The fickle finger of fate..... by stackOVFL · · Score: 1

      And vampires, don't forget the vampires. Lincoln was hunting them like pancakes! I saw a documentary on it.

    14. Re:The fickle finger of fate..... by ancientt · · Score: 1

      Karma applies to your next life, not this one.

      So do you remember or are you just guessing?

      I read an interesting short story once where the protagonist died and before being reincarnated was surprised to learn that you could be born before you died. That in fact, you could be born at any point in time and might be interacting with yourself if you happened to be born twice in the same time period, and you wouldn't know because you forget everything when you're born. Then it was slowly revealed that not only could you be born multiple times in one time period, you absolutely were. Moreover, it was revealed that you were in fact the only soul, being born over and over throughout time, interacting with nobody but yourself and literally making your own karma by being the person you were kind to and also the person you were cruel to.

      Wish I could remember the name of that story. Or a previous life so I'd know if karma applies to the next life or not. Maybe it's more immediate... sort of insta-karma, which would be a good name for a powdered coffee.

      --
      B) Eliminate all the stupid users. This is frowned upon by society.
    15. Re:The fickle finger of fate..... by nickweller · · Score: 2

      @Proudrooster: "If someone has a link the to torrent, please post it."

      torrent

    16. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 1

      http://www.thrivenotes.com/the-last-answer/

      That is the story you are looking for I believe. Isaac Asimov. :)

    17. Re:The fickle finger of fate..... by ancientt · · Score: 2

      I'd never read that story, and I consider myself an Asimov fan. Thank you!

      I was thinking of this one http://www.galactanet.com/oneo...

      “How many times have I been reincarnated, then?” “Oh lots. Lots and lots. An in to lots of different lives.” I said. “This time around, you’ll be a Chinese peasant girl in 540 AD.”

      --
      B) Eliminate all the stupid users. This is frowned upon by society.
    18. Re:The fickle finger of fate..... by Anonymous Coward · · Score: 0

      I hate my ID so much. It's the worst bug in Humanity, current release.

    19. Re:The fickle finger of fate..... by Impy+the+Impiuos+Imp · · Score: 1

      > fickle finger of fate

      I wanna see the fickle finger of beating their balls in the woods until they swell to the size of cantaloupes.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    20. Re:The fickle finger of fate..... by marko123 · · Score: 1

      I wrote a sci-fi novel that involved reincarnation called Transcendence.- shameful plug

      http://www.lulu.com/au/en/shop...

      --
      http://pcblues.com - Digits and Wood
    21. Re:The fickle finger of fate..... by Trax3001BBS · · Score: 1

      If someone has a link the to torrent, please post it.

      A Google search shows http://infotomb.com/eyyxo.torr... I can't vouch for this link as I can't download it, not enough storage space.

  5. Couldn't have happened to a nicer group of people by FreeUser · · Score: 5, Insightful

    Ah, schadenfreude. Seeing these jerks die by the sword they have wielded against the rest of us is just too satisfying.

    I particularly like how it's come out that they were backdooring (and presumably screwing, or at least reserving the opportunity to screw) their own ethically-challenged customer base.

    Really, it's not nice to take such delight in the downfall of others, but it just feels so damn good.

    --
    The Future of Human Evolution: Autonomy
  6. The only way the public will learn... by Anonymous Coward · · Score: 1

    is to take big brothers toys away from them and show everyone how undermining the security measures of the global tech. economy and culture is tantamount to shooting yourself in the foot.

    1. Re:The only way the public will learn... by greenbird · · Score: 2

      show everyone how undermining the security measures of the global tech. economy and culture is tantamount to shooting yourself in the foot.

      Are you kidding? The powers that be will spin this as proving their point:

      If it weren't for all this evil encryption they would have no problem catching the villainous hackers that perpetrated these crimes against humanity by these supporters of terrorism and child pornography for the children. It's only because of un-backdoored evil encryption that the angelic powers of all good failed to stop these terroristic endeavours which exposed this good company that has help the FBI foil 1 million terrorist plots by providing means of accessing evilly encrypted systems.

      --
      Who is John Galt?
  7. Plus some GPL code by ssam · · Score: 5, Interesting

    Also some GPL derived drivers that they have been distributing to their customers. https://twitter.com/mjg59/stat...

  8. This is a lesson to everyone... by Anonymous Coward · · Score: 4, Insightful

    This is a lesson... software with backdoors, the backdoors eventually get found out. This is a real proof against the anti-encryption lobby, that if encryption is gutted, then only the bad guys will have actual security.

    Even if it something that requires a private key to access, the private key can be hacked or physically stolen if stashed on a HSM.

    1. Re:This is a lesson to everyone... by NatasRevol · · Score: 1

      Heh, even the bad guys don't seem to have actual security.

      --
      There are two types of people in the world: Those who crave closure
    2. Re:This is a lesson to everyone... by wasteoid · · Score: 1

      It is hard to ignore a backdoor. Once one finds a backdoor, one usually can't resist poking through it.

  9. Re:Couldn't have happened to a nicer group of peop by fustakrakich · · Score: 1

    Yep, a great number of our most 'prestigious' institutions need this little lesson. I hope it starts happening much more often, especially around election time, to test peoples' faith.

    --
    “He’s not deformed, he’s just drunk!”
  10. What Were They Hoping For? by GTRacer · · Score: 5, Insightful

    I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
    1. Re:What Were They Hoping For? by s.petry · · Score: 4, Insightful

      I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...

      I can easily see a few reasons for them to watermark their customer's installations of their software. First is obviously leverage against prosecution. Second would be to determine who did what with their software. Their own back door would allow them to kill software on a non-paying customer (or one that caused litigation). The last is an increase in revenue. There are some interesting ways to encrypt your binaries which the watermarks could have done. Sudan's software would not be able to run Nigeria's software for example, so this would ensure that everyone pays for everything individually.

      Lots of reasons for an immoral shitbag company to do immoral shitbag things to everyone, not just "some" people.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    2. Re:What Were They Hoping For? by Anonymous Coward · · Score: 0

      Backdoors are present for govt agencies. The US govt has APIs for all US based social media businesses, likewise with the two major commercial OSes. We already have smartphones that can be remotely controlled to activate your GPS, microphone and camera in stealth mode.

    3. Re:What Were They Hoping For? by Anonymous Coward · · Score: 0

      Funny,
      Lots of Police and Law enforcement agencies paying money for backdoored trojans - and still running live with it - if true. Crap look for another vendor as trust is a precious thing.

    4. Re:What Were They Hoping For? by Anonymous Coward · · Score: 0

      And Bill Gates, with the FAILED Kinect 2 project of the Xbox One, attempted to move universal NSA spying into the homes of hundreds of millions of ordinary people. GTA V, the open world computer game, has a satirical radio news broadcast describing how the in-world Google equivalent has extended their 'streetview' into the actual homes of every resident- but real time listening and watching in the living rooms and bedrooms of every American is the ultimate wet dream of those who really control NSA/GCHQ total surveillance programs.

      Dice, the crooked owners of this site, are 100% onboard with the monsters- never forget this as you wait for the next "news for nerds" article bashing Iran or Russia.

    5. Re:What Were They Hoping For? by Rich0 · · Score: 1

      Sure, but this is all stuff that is par for the course with laws like SOPA, TPP, UCITA, and so on.

      Really, Hacking Team was just doing things the way the software industry thinks everybody should be operating.

    6. Re:What Were They Hoping For? by GTRacer · · Score: 1

      I get remote deactivation for the examples you gave but a backdoor suggests far more capability - the ability to use the tools against their owner*, presumably without them finding out.

      *Owner in the sense of the paying entity running it.

      --
      Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
    7. Re:What Were They Hoping For? by s.petry · · Score: 1

      Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.

      FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    8. Re:What Were They Hoping For? by s.petry · · Score: 1

      You seem to be attempting to isolate applications that phone home from software with a back door. One does not discount the other, and one is not necessarily better or worse than the other. We happen to see more legitimate applications phoning home (CAD/CAE software for example) but Botnet hosts do also.

      Phoning home is something that can be detected, so the high end software won't.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    9. Re:What Were They Hoping For? by stackOVFL · · Score: 1

      paying money for backdoored trojans

      .... must erase mental picture....

    10. Re:What Were They Hoping For? by Anonymous Coward · · Score: 0

      Really, why don't you call that "small segment of society" by its name? Hint: they all identify with the same religion (although the converse is not true.)

    11. Re:What Were They Hoping For? by Rich0 · · Score: 1

      Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.

      FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.

      They are certainly the way the software industry thinks everybody should be operating, which is all I claimed. I did not claim that all of those laws/treaties/etc were products of the software industry. I'm not sure how you can claim that the Uniform Computer Information Transactions Act wasn't though.

  11. Holy crap ... by gstoddart · · Score: 3, Interesting

    even though it seems they could do that themselves, as the customer software apparently has secret backdoors

    So basically even security researchers are morons who put in secret back doors?

    Bloody idiots.

    This is really simple: companies need to have very strict liability for doing stupid stuff like this. Putting secret backdoors should be treated the same as hacking into it ... especially if someone else exploits that.

    --
    Lost at C:>. Found at C.
    1. Re:Holy crap ... by NatasRevol · · Score: 1

      Security researchers?

      You might want to go do some research for yourself and find out who these guys actually were.

      --
      There are two types of people in the world: Those who crave closure
    2. Re:Holy crap ... by DarkOx · · Score: 3, Insightful

      These guys are not "security researchers" doing responsible disclosure or even just quietly helping secure their own customers against unpublished threats.

      The might be doing research; but they are basically arms dealers. Weaponizing software and selling it to whoever will pay.

      I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.

      The phrase "there is no honor among thieves" comes to mind.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
    3. Re:Holy crap ... by Anonymous Coward · · Score: 0

      Doesn't take long for someone on slashdot to suggest punishing people for the crimes of others.

    4. Re:Holy crap ... by s.petry · · Score: 3, Interesting

      And who exactly would have prosecuted them? The Governments paying them to build software so that the Governments could hack people? Without the source leak, how would anyone have known except by the end consumer providing network dumps? Call me a skeptic, but I doubt the people buying this were installing it locally for forensic reasons.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    5. Re:Holy crap ... by drinkypoo · · Score: 2

      I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.

      Here's the problem with doing business with criminals, whether they're ordinarily-labeled "criminals" or intelligence agencies or whatever: if they're incompetent, you don't want to do business with them because of all the ways in which they can implicate you. But if they're competent, you don't want to do business with them because of all the ways in which they could take advantage of you. If they're incompetent, then they ought to be little danger to you, so you don't need that kind of protection. If they're competent, then they can and will do anything to you, and they're probably smart enough to have some third party check your work and look for back doors... and when they find them, your ass is grass.

      These guys will be lucky if they get to go on drawing breath.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  12. you mean digital diarrhea? by Anonymous Coward · · Score: 0

    hehe
    explosive... come on.

  13. Leaked Malware Code, uh oh by Anonymous Coward · · Score: 0

    So part of the leak is code thatcan be used for malware. The code for some of the most advanced privacy intrusion software out there is now in the pulic domain. Kinda screws all of us, eh?

    1. Re: Leaked Malware Code, uh oh by Anonymous Coward · · Score: 0

      developing detection and countermeasures for open malware should be far easier than for unknown malware

  14. The files by Anonymous Coward · · Score: 1

    https://filetea.me/#t1sfShLaTe... (zip) https://filetea.me/t1sKByZZuOr... (tar xz)

  15. cue Nelson by Anonymous Coward · · Score: 0

    Ha-ha.

  16. well, duh, sell each customer to all the others by Anonymous Coward · · Score: 0

    It's the 'oogle model.

    You're an asset, a customer, _and_ a resource to be stripmined.

  17. To begin to be secure we need to reduce bloat by Anonymous Coward · · Score: 1

    Right now everything we touch is excessively bloated and unscrutinised. We need to eliminate 99.999% of the bloat. There is a ton of code under the hood that is not needed. I'd love to see a group analyse that bloat and eliminate it. There are a lot of features implemented to spec in an attempt to cover all bases that nobody actually uses in the real world. If nobody is actively using it then it should be eliminated.

    When security is more important than backwards compatibility (government, etc) it's one of the first steps that should be taken in designing a secure system. Everything from the firmware to drivers should get audited and you can't do that properly if there is too much code.

    One of my engineers (big wig in a small company) reduced the size of the kernel to 1/100 its normal size (keep in mind it was for a specific set of hardware in an embedded application) and is working to reduce the image (not the kernel, but other components) further. The goal is to fit everything in 2-4MB of flash. That's still too bloated when you begin to factor in security. 2-4MB is HUGE when it comes to auditing code. The unfortunate reality is (particularly in embedded applications) most of the code out there is utter crap and will never be of even reasonably decent quality because what drives most development is money- not security. Features sell. Actual security is rarely if ever taken into account. It's at best an afterthought even in the environments which need it most.

    1. Re:To begin to be secure we need to reduce bloat by Dutch+Gun · · Score: 1

      People tend to define "bloat" as "all the stuff I don't use". Everything they do use is a "critical feature". Of course, the problem is there's about a few million to a few billion other people (depending on which software you're talking about) that also use that software.

      Let's see... where to start? How about all that accessibility code that you never use, because you're not handicapped? Maybe all the Unicode support, because you don't need to read or type Chinese, German, or Russian? Let's also get rid of the GUI altogether, since we're comfortable with a CLI. Grandma will just have to deal with it. And let's strip out all that old hardware support, since my system is shiny and new. Poor people don't need computers, right?

      I'm not going to disagree with your point that all that code creates a massive attack surface. But it's completely impractical to suggest that we need to start slashing all that "unused" code. I assure you that somewhere out there, someone other than you IS actually using that "bloat". Unfortunately, I don't think there are any easy answers here.

      --
      Irony: Agile development has too much intertia to be abandoned now.
  18. The enemy of my enemy != my friend by jimbolauski · · Score: 4, Interesting

    While I am happy that Hacking Team got their comeuppance I am not ready to support their new found nemesis. This could be nothing more then a turf war and the last thing I want is another set of more cunning bad guys getting their seed money from me.

    --
    Knowledge = Power
    P= W/t
    t=Money
    Money = Work/Knowledge so the less you know the more you make
    1. Re:The enemy of my enemy != my friend by Anonymous Coward · · Score: 0

      Maxim 29: The enemy of my enemy is my enemy's enemy. No more. No less....

    2. Re:The enemy of my enemy != my friend by Anonymous Coward · · Score: 0

      Ah, another Schlock Mercenary fan, I see.

    3. Re:The enemy of my enemy != my friend by Anonymous Coward · · Score: 0

      ok I'll bite, who ARE you willing to give seed money to?

    4. Re:The enemy of my enemy != my friend by SethJohnson · · Score: 1

      Jim,

      If this were a turf war, the spoils of the compromise would not have been laid out on the lawn for the world to see. The contents would have been used against the Hacked Team to disrupt their business and then added to the attackers own product catalog. In this scenario the market value of the stolen intellectual property has been nullified.

      --
      $5 / month hosted VPS on linux = awesome!
    5. Re:The enemy of my enemy != my friend by jimbolauski · · Score: 1

      Lets say I am a competing hacking company, I have two options keep the source to my self and try to steal their market share with a copycat product, or release their source code making their IP worthless and easy to defend against while offering my own product that got past the hacker group. I would prefer the option where my competitor's reputation is tarnished and products are useless.

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
    6. Re:The enemy of my enemy != my friend by Anonymous Coward · · Score: 0

      It all depends on the strength of your position.

      Remember getting in requires only one flaw. Although exfiltration on this scale certainly remains a trick if the internal environment is high security.

      If you go in because you are truly smarter than they are, have better technology than they do, have good size library of undisclosed widely applicable and reliable vulnerabilities of your own than sure what you say makes sense. Just burn them to ground and move on.

      On the other hand if you got in because you got lucky and someone their violated their operational security rules, maybe not. If the hack was because someone ran some untrusted code, after you social engineered them. Plugged in that USB stick with those extra logic controllers you added or firmware you replaced that you left for them to find etc, other options might make more sense.

      I would first think about simply black mailing them. I am going to tell customer X that customer Y is also your customer if you don't give me 1 million in small non-sequential bills etc. Oh and don't think of doing anything to me because I have VPS servers all over the globe waiting send the the goods anyway if they don't see the right tweets from me at the correct times.

       

    7. Re:The enemy of my enemy != my friend by drinkypoo · · Score: 1

      I would first think about simply black mailing them.

      Blackmail is illegal. One crime at a time. Releasing this data, done well, won't lead back to you. Blackmail is only useful if you get paid, and that creates a trail. You know they can scan and record the serials in 1 million in small non-sequential bills in a pretty short period these days, right?

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    8. Re:The enemy of my enemy != my friend by Anonymous Coward · · Score: 0

      Let's say I have to take a shit. I have two choices; in your left pocket, or in your right pocket. Perhaps I'll split the difference and take a dump on your head.

  19. All this talk about... by WSOGMM · · Score: 1

    fickle fingers, watermarks, explosive data leaks, reducing bloat, secret backdoors. I mean it just doesn't help the fact that I ...

    ... oh man, I don't think I'm gonna make it to the bathroom.

  20. Mehâ¦bullshiters by ElitistWhiner · · Score: 1

    Inside any corp dump this large is dirt. What it really reveals is that this company enjoys an excess of hubris likely along with a money cushion with which to entitle it

  21. Quis custodiet ipsos custodes? by Shadow+IT+Ninja · · Score: 1

    Who will guard the guards themselves

  22. what doesn't kill me leaves me all jacked up by Anonymous Coward · · Score: 0

    more like backdoors p0wn on the just and unjust alike.
    And apparently LEO purchasers of backdoors.

  23. Another plot? by Anonymous Coward · · Score: 0

    This time from the old cheesy movie, "The Net". Everyone signing on to Hacking Team's stuff blindly and HT kept doors in so they could access the systems of the clients...

    I'm guessing it was Sandra Bullock that made away with the disk containing the backdoors...

  24. HT is untrustworthy by bagofbeans · · Score: 3, Informative
    Per TFA:

    According to Motherboard's Lorenzo Franceschi Bicchierai, the company has sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") - even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers?

    Yet, according to ]Hacking Team[ Six Confidential Whitepapers on cryptome.org, HT explicitly state on page 31

    NOTE HackingTeam have no way of connecting to or receiving any information from the Customerâ(TM)s RCS installation.

    So, if HT lie to their rather high powered customers about a major detail like that, what else?

  25. ERROR : Xzibit overflow by Thud457 · · Score: 1

    Yo dog, I heard you like backdoors. So I backdoored your backdoor so you can get p0wned while you p0wn!

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  26. Intel Store Front? by ThatsNotPudding · · Score: 1

    I particularly like how it's come out that they were backdooring (and presumably screwing, or at least reserving the opportunity to screw) their own ethically-challenged customer base.

    This singular fact may lead to the exposure of this company as a very impressive, long-term false front for an intel shop. Probably not the NSA, given that the FBI (backdoor irony alert) and other FedGov organs were apparently customers. Who *is not* on that customer list: GCHQ? Interpol? Russia?

    There may be a popcorn shortage before all this plays out.

    1. Re:Intel Store Front? by Anonymous Coward · · Score: 0

      rethink please - there is no reason to tell decision makers who are buying HW/SW where the backdoors are. You let other branches and departments buy whatever, they're just another customer if so, and you simply do not execute the backdoor on machines (like the FBI's if it's an FBI false front) that you wish to not violate. The buyer/not buyer list is not a useful criteria for possible false front, there's troves of data, look for it in comms.

  27. de haxx0rz g0t haxx0red by Anonymous Coward · · Score: 0

    Call yourself a hacker, earn a poser certificate. Call your company hacking team....

  28. Backdoor Poster Child by Anonymous Coward · · Score: 0

    This is what happens when you put backdoors in software. Thank your governments in advance.

  29. We hunt people like this for fun. by Anonymous Coward · · Score: 0

    We hunt people like this for fun, and since we are motivated by fun we win.

  30. Windows + Word + PowerPoint + iExplorer + eXcel by Anonymous Coward · · Score: 0

    Does hacking-team have anything that works on anything other then Microsoft Windows. Microsoft, the company that made email dangerous ...

    Hacking Team's Tools Aren't That Impressive

  31. Gillfoyle by Anonymous Coward · · Score: 0

    Are you sure they didn't just rest their tequila bottle on the delete key?

  32. Debian by behrooz0az · · Score: 1

    https://github.com/hackedteam/...
    No mention of iceweasel and family. I may delete my X server after reading all those stuff, they hate GUI programs.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
  33. "Secretly" watermarked ?? by RockDoctor · · Score: 1

    And because every copy of Hacking Team's Galileo software is secretly watermarked,

    If this were even moderately uncommon software (e.g. a global market of tens of thousands or fewer), and moderately valuable (ten thousand dollars per seat-year, or so) then I'd expect the vendor to have put in some sort of watermarking as part of the license validation software. I'm pretty sure that our software (which works in this region) incorporates the putative license number and the 16-byte serial number of the hardware dongle in it's packets attempting to negotiate a connection with a license server. Which allows us to know if the serial numbers of the software or dongles have leaked out of the contexts (net blocks) in which they should occur. We advertise this to our clients as "proactive monitoring for the security of their data" ; whether, or how-much, we charge them is a question for Beancounter-Central.

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"