Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Team Scrambling To Limit Damage Brought On By Explosive Data Leak

Posted by timothy on from the sounds-dangerous dept.

An anonymous reader writes: Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies? A hacker who goes by "Phineas Fisher" claims it was him (her? them?). In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company. They sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") — even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team's Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer.

7 of 95 comments (clear)

  1. The fickle finger of fate..... by Proudrooster · · Score: 5, Insightful

    Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.

    If someone has a link the to torrent, please post it.

  2. Couldn't have happened to a nicer group of people by FreeUser · · Score: 5, Insightful

    Ah, schadenfreude. Seeing these jerks die by the sword they have wielded against the rest of us is just too satisfying.

    I particularly like how it's come out that they were backdooring (and presumably screwing, or at least reserving the opportunity to screw) their own ethically-challenged customer base.

    Really, it's not nice to take such delight in the downfall of others, but it just feels so damn good.

    --
    The Future of Human Evolution: Autonomy
  3. This is a lesson to everyone... by Anonymous Coward · · Score: 4, Insightful

    This is a lesson... software with backdoors, the backdoors eventually get found out. This is a real proof against the anti-encryption lobby, that if encryption is gutted, then only the bad guys will have actual security.

    Even if it something that requires a private key to access, the private key can be hacked or physically stolen if stashed on a HSM.

  4. Re:Phineas is masculine by Dutch+Gun · · Score: 4, Insightful

    Who needs a name? Statistical probability indicates that person is almost certainly a male.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  5. What Were They Hoping For? by GTRacer · · Score: 5, Insightful

    I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...

    --
    Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
    1. Re:What Were They Hoping For? by s.petry · · Score: 4, Insightful

      I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...

      I can easily see a few reasons for them to watermark their customer's installations of their software. First is obviously leverage against prosecution. Second would be to determine who did what with their software. Their own back door would allow them to kill software on a non-paying customer (or one that caused litigation). The last is an increase in revenue. There are some interesting ways to encrypt your binaries which the watermarks could have done. Sudan's software would not be able to run Nigeria's software for example, so this would ensure that everyone pays for everything individually.

      Lots of reasons for an immoral shitbag company to do immoral shitbag things to everyone, not just "some" people.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  6. Re:Holy crap ... by DarkOx · · Score: 3, Insightful

    These guys are not "security researchers" doing responsible disclosure or even just quietly helping secure their own customers against unpublished threats.

    The might be doing research; but they are basically arms dealers. Weaponizing software and selling it to whoever will pay.

    I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.

    The phrase "there is no honor among thieves" comes to mind.

    --
    Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html