Hacking Team Scrambling To Limit Damage Brought On By Explosive Data Leak

← Back to Stories (view on slashdot.org)

Hacking Team Scrambling To Limit Damage Brought On By Explosive Data Leak

Posted by timothy on Tuesday July 7, 2015 @01:38AM from the sounds-dangerous dept.

An anonymous reader writes: Who hacked Hacking Team, the Milan-based company selling intrusion and surveillance software to governments, law enforcement agencies and (as it turns out) companies? A hacker who goes by "Phineas Fisher" claims it was him (her? them?). In the meantime, Hacking Team is scrambling to minimize the damage this hack and data leak is doing to the company. They sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") — even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers? And because every copy of Hacking Team's Galileo software is secretly watermarked, the leaked information could allow researchers to link a certain backdoor to a specific customer.

61 of 95 comments (clear)

Min score:

Reason:

Sort:

Irony by Anonymous Coward · 2015-07-07 02:05 · Score: 1

Let's hope they see how much it hurts people when stuff like this happens, and change their ways.
Nobody cries when the thief gets robbed.
Re:Phineas is masculine by Instantlemming · 2015-07-07 02:06 · Score: 2

That doesn't say anything of the gender of the person using that nom de plume.
The fickle finger of fate..... by Proudrooster · 2015-07-07 02:07 · Score: 5, Insightful

Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.
If someone has a link the to torrent, please post it.
1. Re:The fickle finger of fate..... by Anonymous Coward · 2015-07-07 02:13 · Score: 1
  
  Their karma bucket just turned into a chamber pot, time to fill 'er up.
2. Re: The fickle finger of fate..... by Anonymous Coward · 2015-07-07 02:16 · Score: 5, Funny
  
  I'll drink to that! Wait...
3. Re:The fickle finger of fate..... by Thud457 · 2015-07-07 02:55 · Score: 2
  
  As the Bataman said, "the world only makes sense when we force it to".
  That's why we all morally obligated to track down evildoers and punch them in the balls. I'm pretty sure Thomas Jefferson wrote that, somewhere.
  
  --
  the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
4. Re:The fickle finger of fate..... by Anonymous Coward · 2015-07-07 03:01 · Score: 1
  
  And the more people you piss off, the more likely it is that one (or more) of them will exact that justice. As just happened to Hacker Team.
5. Re:The fickle finger of fate..... by Anonymous Coward · 2015-07-07 03:23 · Score: 3, Informative
  
  Sure - the torrent is:
  https://mega.co.nz/#!Xx1lhChT!rbB-LQQyRypxd5bcQnqu-IMZN20ygW_lWfdHdqpKH3E
  mirror at:
  https://ht.transparencytoolkit.org/
  source code up on guithub:
  https://github.com/hackedteam?tab=repositories
6. Re:The fickle finger of fate..... by Anonymous Coward · 2015-07-07 03:48 · Score: 1
  
  https://ht.transparencytoolkit.org/c.pozzi/Desktop/you.txt
  Ahahahaha
7. Re:The fickle finger of fate..... by Anonymous Coward · 2015-07-07 04:11 · Score: 2, Interesting
  
  Y'know it's funny... This particular leak has spurred the economy. I went out yesterday and bought a 3TB drive specifically to have extra space to download and extract and peruse the 400 GB of Hacker Team evilware. Current ETA gives me 11 more hours before I'm done but I think it's worth it just to poke around.
8. Re:The fickle finger of fate..... by Nethemas+the+Great · 2015-07-07 07:01 · Score: 1
  
  Not sure it has anything to do with divinely controlled "cosmic justice". There are consequences for every action, some good, some bad. Certain actions earn wages differently from others. Their shenanigans earned them some immediate good, but along with that, were dividends that gradually filled the chamber pot that just fell on their heads.
  
  --
  Two of my imaginary friends reproduced once ... with negative results.
9. Re:The fickle finger of fate..... by Nyder · 2015-07-07 07:19 · Score: 1
  
  Boys and girls there is a lesson in this story. Each of us has a karma bucket. When that karma bucket is depleted the "fickle finger of fate" may reach and touch us causing untold calamity. Hacking Team's karma bucket has a giant hole in the bottom and can never be refilled. All of their tricks and source code have been laid bare, and are now in full view of the Internet.
  If someone has a link the to torrent, please post it.
  Karma applies to your next life, not this one.
  
  --
  Be seeing you...
10. Re: The fickle finger of fate..... by stackOVFL · 2015-07-07 10:02 · Score: 1
  
  And vampires, don't forget the vampires. Lincoln was hunting them like pancakes! I saw a documentary on it.
11. Re:The fickle finger of fate..... by ancientt · 2015-07-07 10:04 · Score: 1
  
  Karma applies to your next life, not this one.
  
  So do you remember or are you just guessing?
  I read an interesting short story once where the protagonist died and before being reincarnated was surprised to learn that you could be born before you died. That in fact, you could be born at any point in time and might be interacting with yourself if you happened to be born twice in the same time period, and you wouldn't know because you forget everything when you're born. Then it was slowly revealed that not only could you be born multiple times in one time period, you absolutely were. Moreover, it was revealed that you were in fact the only soul, being born over and over throughout time, interacting with nobody but yourself and literally making your own karma by being the person you were kind to and also the person you were cruel to.
  Wish I could remember the name of that story. Or a previous life so I'd know if karma applies to the next life or not. Maybe it's more immediate... sort of insta-karma, which would be a good name for a powdered coffee.
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
12. Re:The fickle finger of fate..... by nickweller · 2015-07-07 10:35 · Score: 2
  
  @Proudrooster: "If someone has a link the to torrent, please post it."
  
  torrent
13. Re:The fickle finger of fate..... by Anonymous Coward · 2015-07-07 12:06 · Score: 1
  
  http://www.thrivenotes.com/the-last-answer/
  That is the story you are looking for I believe. Isaac Asimov. :)
14. Re:The fickle finger of fate..... by ancientt · 2015-07-07 16:12 · Score: 2
  
  I'd never read that story, and I consider myself an Asimov fan. Thank you!
  I was thinking of this one http://www.galactanet.com/oneo...
  
  “How many times have I been reincarnated, then?” “Oh lots. Lots and lots. An in to lots of different lives.” I said. “This time around, you’ll be a Chinese peasant girl in 540 AD.”
  
  --
  B) Eliminate all the stupid users. This is frowned upon by society.
15. Re:The fickle finger of fate..... by Impy+the+Impiuos+Imp · 2015-07-08 09:25 · Score: 1
  
  > fickle finger of fate
  I wanna see the fickle finger of beating their balls in the woods until they swell to the size of cantaloupes.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
16. Re:The fickle finger of fate..... by marko123 · 2015-07-08 17:17 · Score: 1
  
  I wrote a sci-fi novel that involved reincarnation called Transcendence.- shameful plug
  http://www.lulu.com/au/en/shop...
  
  --
  http://pcblues.com - Digits and Wood
17. Re:The fickle finger of fate..... by Trax3001BBS · 2015-07-12 18:18 · Score: 1
  
  If someone has a link the to torrent, please post it.
  A Google search shows http://infotomb.com/eyyxo.torr... I can't vouch for this link as I can't download it, not enough storage space.
Couldn't have happened to a nicer group of people by FreeUser · 2015-07-07 02:07 · Score: 5, Insightful

Ah, schadenfreude. Seeing these jerks die by the sword they have wielded against the rest of us is just too satisfying.
I particularly like how it's come out that they were backdooring (and presumably screwing, or at least reserving the opportunity to screw) their own ethically-challenged customer base.
Really, it's not nice to take such delight in the downfall of others, but it just feels so damn good.

--
The Future of Human Evolution: Autonomy
The only way the public will learn... by Anonymous Coward · 2015-07-07 02:10 · Score: 1

is to take big brothers toys away from them and show everyone how undermining the security measures of the global tech. economy and culture is tantamount to shooting yourself in the foot.
1. Re:The only way the public will learn... by greenbird · 2015-07-07 05:43 · Score: 2
  
  show everyone how undermining the security measures of the global tech. economy and culture is tantamount to shooting yourself in the foot.
  Are you kidding? The powers that be will spin this as proving their point:
  If it weren't for all this evil encryption they would have no problem catching the villainous hackers that perpetrated these crimes against humanity by these supporters of terrorism and child pornography for the children. It's only because of un-backdoored evil encryption that the angelic powers of all good failed to stop these terroristic endeavours which exposed this good company that has help the FBI foil 1 million terrorist plots by providing means of accessing evilly encrypted systems.
  
  --
  Who is John Galt?
Plus some GPL code by ssam · 2015-07-07 02:12 · Score: 5, Interesting

Also some GPL derived drivers that they have been distributing to their customers. https://twitter.com/mjg59/stat...
This is a lesson to everyone... by Anonymous Coward · 2015-07-07 02:22 · Score: 4, Insightful

This is a lesson... software with backdoors, the backdoors eventually get found out. This is a real proof against the anti-encryption lobby, that if encryption is gutted, then only the bad guys will have actual security.
Even if it something that requires a private key to access, the private key can be hacked or physically stolen if stashed on a HSM.
1. Re:This is a lesson to everyone... by NatasRevol · 2015-07-07 02:43 · Score: 1
  
  Heh, even the bad guys don't seem to have actual security.
  
  --
  There are two types of people in the world: Those who crave closure
2. Re:This is a lesson to everyone... by wasteoid · 2015-07-07 08:02 · Score: 1
  
  It is hard to ignore a backdoor. Once one finds a backdoor, one usually can't resist poking through it.
Re:Couldn't have happened to a nicer group of peop by fustakrakich · 2015-07-07 02:28 · Score: 1

Yep, a great number of our most 'prestigious' institutions need this little lesson. I hope it starts happening much more often, especially around election time, to test peoples' faith.

--
“He’s not deformed, he’s just drunk!”
Re:Phineas is masculine by Dutch+Gun · 2015-07-07 02:29 · Score: 4, Insightful

Who needs a name? Statistical probability indicates that person is almost certainly a male.

--
Irony: Agile development has too much intertia to be abandoned now.
What Were They Hoping For? by GTRacer · 2015-07-07 02:30 · Score: 5, Insightful

I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...

--
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
1. Re:What Were They Hoping For? by s.petry · 2015-07-07 02:43 · Score: 4, Insightful
  
  I'm curious what Hacking Team thought was worth the risk of watermarking their products to customer installations and having these alleged backdoors to backdoors. Seems like a lot of risk for no payoff unless they hoped one day to "flip the script" and hack their customer base...
  I can easily see a few reasons for them to watermark their customer's installations of their software. First is obviously leverage against prosecution. Second would be to determine who did what with their software. Their own back door would allow them to kill software on a non-paying customer (or one that caused litigation). The last is an increase in revenue. There are some interesting ways to encrypt your binaries which the watermarks could have done. Sudan's software would not be able to run Nigeria's software for example, so this would ensure that everyone pays for everything individually.
  Lots of reasons for an immoral shitbag company to do immoral shitbag things to everyone, not just "some" people.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
2. Re:What Were They Hoping For? by Rich0 · 2015-07-07 04:34 · Score: 1
  
  Sure, but this is all stuff that is par for the course with laws like SOPA, TPP, UCITA, and so on.
  Really, Hacking Team was just doing things the way the software industry thinks everybody should be operating.
3. Re:What Were They Hoping For? by GTRacer · 2015-07-07 05:42 · Score: 1
  
  I get remote deactivation for the examples you gave but a backdoor suggests far more capability - the ability to use the tools against their owner*, presumably without them finding out.
  
  *Owner in the sense of the paying entity running it.
  
  --
  Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
4. Re:What Were They Hoping For? by s.petry · 2015-07-07 06:19 · Score: 1
  
  Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.
  FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
5. Re:What Were They Hoping For? by s.petry · 2015-07-07 06:25 · Score: 1
  
  You seem to be attempting to isolate applications that phone home from software with a back door. One does not discount the other, and one is not necessarily better or worse than the other. We happen to see more legitimate applications phoning home (CAD/CAE software for example) but Botnet hosts do also.
  Phoning home is something that can be detected, so the high end software won't.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
6. Re:What Were They Hoping For? by stackOVFL · 2015-07-07 10:11 · Score: 1
  
  paying money for backdoored trojans
  .... must erase mental picture....
7. Re:What Were They Hoping For? by Rich0 · 2015-07-08 15:22 · Score: 1
  
  Really, Hacking Team was just doing things the way a very small segment of society which currently holds most financial capital thinks everybody should be operating.
  FTFY - SOPA, TPP, etc.. are not products of the Software industry. I am pretty sure I agree with your point under the surface, but the generalization is plain wrong.
  They are certainly the way the software industry thinks everybody should be operating, which is all I claimed. I did not claim that all of those laws/treaties/etc were products of the software industry. I'm not sure how you can claim that the Uniform Computer Information Transactions Act wasn't though.
Holy crap ... by gstoddart · 2015-07-07 02:31 · Score: 3, Interesting

even though it seems they could do that themselves, as the customer software apparently has secret backdoors
So basically even security researchers are morons who put in secret back doors?
Bloody idiots.
This is really simple: companies need to have very strict liability for doing stupid stuff like this. Putting secret backdoors should be treated the same as hacking into it ... especially if someone else exploits that.

--
Lost at C:>. Found at C.
1. Re:Holy crap ... by NatasRevol · 2015-07-07 02:44 · Score: 1
  
  Security researchers?
  You might want to go do some research for yourself and find out who these guys actually were.
  
  --
  There are two types of people in the world: Those who crave closure
2. Re:Holy crap ... by DarkOx · 2015-07-07 02:45 · Score: 3, Insightful
  
  These guys are not "security researchers" doing responsible disclosure or even just quietly helping secure their own customers against unpublished threats.
  The might be doing research; but they are basically arms dealers. Weaponizing software and selling it to whoever will pay.
  I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.
  The phrase "there is no honor among thieves" comes to mind.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
3. Re:Holy crap ... by s.petry · 2015-07-07 02:47 · Score: 3, Interesting
  
  And who exactly would have prosecuted them? The Governments paying them to build software so that the Governments could hack people? Without the source leak, how would anyone have known except by the end consumer providing network dumps? Call me a skeptic, but I doubt the people buying this were installing it locally for forensic reasons.
  
  --
  -The wise argue that there are few absolutes, the fool argues that there are no probabilities.
4. Re:Holy crap ... by drinkypoo · 2015-07-07 07:23 · Score: 2
  
  I am not surprised they'd backdoor it frankly. If all of my customers were professional liars known for running false flags etc, I'd have to think seriously about inserting water marks and backdoors too. If nothing else so I had some way prove whatever gets done with those tools was not done by me.
  Here's the problem with doing business with criminals, whether they're ordinarily-labeled "criminals" or intelligence agencies or whatever: if they're incompetent, you don't want to do business with them because of all the ways in which they can implicate you. But if they're competent, you don't want to do business with them because of all the ways in which they could take advantage of you. If they're incompetent, then they ought to be little danger to you, so you don't need that kind of protection. If they're competent, then they can and will do anything to you, and they're probably smart enough to have some third party check your work and look for back doors... and when they find them, your ass is grass.
  These guys will be lucky if they get to go on drawing breath.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Re:Phineas is masculine by myowntrueself · 2015-07-07 02:42 · Score: 1

That doesn't say anything of the gender of the person using that nom de plume.
Oh no, please don't let this turn into a LBGT debate

--
In the free world the media isn't government run; the government is media run.
The files by Anonymous Coward · 2015-07-07 02:53 · Score: 1

https://filetea.me/#t1sfShLaTe... (zip) https://filetea.me/t1sKByZZuOr... (tar xz)
To begin to be secure we need to reduce bloat by Anonymous Coward · 2015-07-07 03:36 · Score: 1

Right now everything we touch is excessively bloated and unscrutinised. We need to eliminate 99.999% of the bloat. There is a ton of code under the hood that is not needed. I'd love to see a group analyse that bloat and eliminate it. There are a lot of features implemented to spec in an attempt to cover all bases that nobody actually uses in the real world. If nobody is actively using it then it should be eliminated.
When security is more important than backwards compatibility (government, etc) it's one of the first steps that should be taken in designing a secure system. Everything from the firmware to drivers should get audited and you can't do that properly if there is too much code.
One of my engineers (big wig in a small company) reduced the size of the kernel to 1/100 its normal size (keep in mind it was for a specific set of hardware in an embedded application) and is working to reduce the image (not the kernel, but other components) further. The goal is to fit everything in 2-4MB of flash. That's still too bloated when you begin to factor in security. 2-4MB is HUGE when it comes to auditing code. The unfortunate reality is (particularly in embedded applications) most of the code out there is utter crap and will never be of even reasonably decent quality because what drives most development is money- not security. Features sell. Actual security is rarely if ever taken into account. It's at best an afterthought even in the environments which need it most.
1. Re:To begin to be secure we need to reduce bloat by Dutch+Gun · 2015-07-07 10:44 · Score: 1
  
  People tend to define "bloat" as "all the stuff I don't use". Everything they do use is a "critical feature". Of course, the problem is there's about a few million to a few billion other people (depending on which software you're talking about) that also use that software.
  Let's see... where to start? How about all that accessibility code that you never use, because you're not handicapped? Maybe all the Unicode support, because you don't need to read or type Chinese, German, or Russian? Let's also get rid of the GUI altogether, since we're comfortable with a CLI. Grandma will just have to deal with it. And let's strip out all that old hardware support, since my system is shiny and new. Poor people don't need computers, right?
  I'm not going to disagree with your point that all that code creates a massive attack surface. But it's completely impractical to suggest that we need to start slashing all that "unused" code. I assure you that somewhere out there, someone other than you IS actually using that "bloat". Unfortunately, I don't think there are any easy answers here.
  
  --
  Irony: Agile development has too much intertia to be abandoned now.
The enemy of my enemy != my friend by jimbolauski · 2015-07-07 03:43 · Score: 4, Interesting

While I am happy that Hacking Team got their comeuppance I am not ready to support their new found nemesis. This could be nothing more then a turf war and the last thing I want is another set of more cunning bad guys getting their seed money from me.

--
Knowledge = Power
P= W/t
t=Money
Money = Work/Knowledge so the less you know the more you make
1. Re:The enemy of my enemy != my friend by SethJohnson · 2015-07-07 05:19 · Score: 1
  
  Jim,
  
  If this were a turf war, the spoils of the compromise would not have been laid out on the lawn for the world to see. The contents would have been used against the Hacked Team to disrupt their business and then added to the attackers own product catalog. In this scenario the market value of the stolen intellectual property has been nullified.
  
  --
  $5 / month hosted VPS on linux = awesome!
2. Re:The enemy of my enemy != my friend by jimbolauski · 2015-07-07 05:45 · Score: 1
  
  Lets say I am a competing hacking company, I have two options keep the source to my self and try to steal their market share with a copycat product, or release their source code making their IP worthless and easy to defend against while offering my own product that got past the hacker group. I would prefer the option where my competitor's reputation is tarnished and products are useless.
  
  --
  Knowledge = Power
  P= W/t
  t=Money
  Money = Work/Knowledge so the less you know the more you make
3. Re:The enemy of my enemy != my friend by drinkypoo · 2015-07-07 07:26 · Score: 1
  
  I would first think about simply black mailing them.
  Blackmail is illegal. One crime at a time. Releasing this data, done well, won't lead back to you. Blackmail is only useful if you get paid, and that creates a trail. You know they can scan and record the serials in 1 million in small non-sequential bills in a pretty short period these days, right?
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
All this talk about... by WSOGMM · 2015-07-07 04:08 · Score: 1

fickle fingers, watermarks, explosive data leaks, reducing bloat, secret backdoors. I mean it just doesn't help the fact that I ...
... oh man, I don't think I'm gonna make it to the bathroom.
Mehâ¦bullshiters by ElitistWhiner · 2015-07-07 04:14 · Score: 1

Inside any corp dump this large is dirt. What it really reveals is that this company enjoys an excess of hubris likely along with a money cushion with which to entitle it
Quis custodiet ipsos custodes? by Shadow+IT+Ninja · 2015-07-07 04:28 · Score: 1

Who will guard the guards themselves
HT is untrustworthy by bagofbeans · 2015-07-07 05:25 · Score: 3, Informative

Per TFA:

According to Motherboard's Lorenzo Franceschi Bicchierai, the company has sent out emails to all its customers, requesting them to shut down all deployments of its Remote Control System software ("Galileo") - even though it seems they could do that themselves, as the customer software apparently has secret backdoors. Perhaps they chose the first route because they hoped to keep that fact hidden from the customers?

Yet, according to ]Hacking Team[ Six Confidential Whitepapers on cryptome.org, HT explicitly state on page 31

NOTE HackingTeam have no way of connecting to or receiving any information from the Customerâ(TM)s RCS installation.

So, if HT lie to their rather high powered customers about a major detail like that, what else?
ERROR : Xzibit overflow by Thud457 · 2015-07-07 05:38 · Score: 1

Yo dog, I heard you like backdoors. So I backdoored your backdoor so you can get p0wned while you p0wn!

--
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
Intel Store Front? by ThatsNotPudding · 2015-07-07 05:42 · Score: 1

I particularly like how it's come out that they were backdooring (and presumably screwing, or at least reserving the opportunity to screw) their own ethically-challenged customer base.
This singular fact may lead to the exposure of this company as a very impressive, long-term false front for an intel shop. Probably not the NSA, given that the FBI (backdoor irony alert) and other FedGov organs were apparently customers. Who *is not* on that customer list: GCHQ? Interpol? Russia?

There may be a popcorn shortage before all this plays out.
Re:Phineas is masculine by Nethemas+the+Great · 2015-07-07 06:48 · Score: 1

Who says it has to be anything of the sort. How many female characters in {pick your MMO} are played by males for {fill in reason}?

--
Two of my imaginary friends reproduced once ... with negative results.
Re:Phineas is masculine by HornWumpus · 2015-07-07 08:56 · Score: 1

Phineas Freakowoski agrees.

--
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Re:Phineas is masculine by davester666 · 2015-07-07 12:48 · Score: 1

Phineas is all talk. Ferb is the real man of action.

--
Sleep your way to a whiter smile...date a dentist!
Debian by behrooz0az · 2015-07-08 08:41 · Score: 1

https://github.com/hackedteam/...
No mention of iceweasel and family. I may delete my X server after reading all those stuff, they hate GUI programs.

--
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
"Secretly" watermarked ?? by RockDoctor · 2015-07-09 12:52 · Score: 1

And because every copy of Hacking Team's Galileo software is secretly watermarked,
If this were even moderately uncommon software (e.g. a global market of tens of thousands or fewer), and moderately valuable (ten thousand dollars per seat-year, or so) then I'd expect the vendor to have put in some sort of watermarking as part of the license validation software. I'm pretty sure that our software (which works in this region) incorporates the putative license number and the 16-byte serial number of the hardware dongle in it's packets attempting to negotiate a connection with a license server. Which allows us to know if the serial numbers of the software or dongles have leaked out of the contexts (net blocks) in which they should occur. We advertise this to our clients as "proactive monitoring for the security of their data" ; whether, or how-much, we charge them is a question for Beancounter-Central.

--
Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"