HackingTeam
HackingTeam
|
|
---|---|
legal form | Società a responsabilità limitata |
founding | 2003 |
Seat | Milan |
Website | www.hackingteam.it |
Hacking Team is a company founded in Milan companies for information technology , the software to monitor sold and intrusion to governments, law enforcement agencies and businesses. Their " Remote Control Systems " allow you to monitor communications from Internet users, decrypt encrypted files and e-mails , record Skype and other IP telephony , and activate microphones and cameras on the target devices. The company has been criticized for making the technology available to countries with low human rights records, although HackingTeam said they have the option to prevent the software from being used if it is used unethically. The Italian government then restricted permission to do business with countries outside Europe.
HackingTeam employs around 40 people in their Italian office. It also has offices in Annapolis, Maryland , Washington, DC and Singapore . Their products are used in dozens of countries on six continents.
history
HackingTeam was founded by the two Italian programmers Alberto Ornaghi and Marco Valleri. Before the official establishment, Ornaghi and Valleri (under their nicknames ALoR and NaGA) developed a range of software that could be used to monitor and remotely control computers. The Ettercap program is used by hackers to spy on people as well as by companies who use it to test their own networks .
The Milan police learned from the programs. Hoping to use Ettercap to spy and monitor Skype calls made by Italian citizens, the police contacted Ornaghi and Valleri and asked for assistance in modifying the program. HackingTeam was born and became "the first seller of commercial hacking software to the police."
According to former employee Alberto Pelliccione, the company started out as a provider of security services. They offered clients penetration tests , system checks, and other defensive security methods. Pelliccioe stated that as malware and other programs were developed and distributed , the company took a more offensive direction and divided itself into several areas. Pellicone claimed that employees working in various aspects of a platform - e.g. B. Android exploits and malware - worked, did not communicate with each other, which sometimes led to tension and conflict within the organization.
In February 2014, a report from Citizen Lab revealed that the company was using hosting services from Linode, Telecom Italia , Rackspace , NOC4Hosts and the infamous hosting company Santrex.
On July 5, 2015, the company succumbed to a major data breach in which user data, program code, internal documents and e-mails were published.
Products
HackingTeam enables clients to use their RCS (Remote Control Systems) to perform remote desktop surveillance on citizens. These include their Da Vinci and Galileo programs . They allow:
- Concealed collection of emails, SMS , call history and address books
- Keylogger
- Revealing search history and taking screenshots
- Record sound files during phone calls
- Direct recording of an audio and video stream from memory in order to bypass the encryption of Skype sessions
- Use of microphones to pick up sounds and conversations in the room
- Activation of computer and cell phone cameras
- Hacking the GPS system of a smartphone to monitor the victim's movements
- Infection of the UEFI BIOS firmware with a rootkit
- Reading of W-LAN passwords
- Searching Bitcoin wallets and wallets of other cryptocurrencies to determine data about accounts, contacts and past transactions.
HackingTeam uses special techniques to prevent smartphone batteries from draining quickly and other methods to prevent detection.
The malware has payloads for Android, BlackBerry , Apple iOS , Linux , macOS , Symbian , as well as for Windows , Windows Mobile and Windows Phone operating systems.
RCS is a management platform that allows users to remotely apply exploits and payloads against attacked systems, manage hacked systems and read out data for remote analysis.
Controversy
Use by repressive governments
HackingTeam has been criticized for selling their products and services to governments with a low human rights index such as Sudan , Bahrain , Venezuela and Saudi Arabia .
In June 2014, a United Nations Sanctions Monitoring Commission requested information from HackingTeam about their alleged sale of software to the country in violation of the United States' arms ban on Sudan. Documents released during the 2015 data breach revealed that the organization gave the Sudanese secret and security service access to the "Remote Control System" in 2012 for € 960,000.
The company responded to the United Nations Commission in January 2015 that it was not currently selling to Sudan. In the subsequent exchange, HackingTeam claimed that their product was not controlled as a weapon and that the request was therefore outside the control of the commission. They did not have to disclose any previous sales as they reported it as a trade secret.
The United Nations disagreed, "The Committee believes that such programs in support of Electronic Military Surveillance (ELINT) are best suited and can potentially fall under the category of 'military ... equipment' or 'assistance' related to prohibited items," wrote the Minister in March. "By the potential use to attack any warmongering groups in the Dafur conflict, it is in the interest of the commission."
In autumn 2014, the Italian government abruptly put all HackingTeam exports on hold, fearing human rights violations. After some lobbying with Italian officials, the company temporarily regained the right to sell its products abroad.
2015 data breach
On July 5, 2015, the company's Twitter account was hijacked by an unknown person who announced the publication of data on HackingTeam's computers. The original message was " Since we have nothing to hide, we're going to publish all of our emails, files and source code ... " and included links to over 400 GB of data with supposedly internal emails, invoices and source code, which were via BitTorrent and Mega were released. An announcement of the data breach was retweeted by WikiLeaks and many others on social networks.
The material was very extensive and initial analyzes appeared to reveal that HackingTeam issued invoices to the Lebanese Army and Sudan and that surveillance software was sold to Bahrain and Kazakhstan . HackingTeam had previously claimed they never did business with Sudan.
The published data included a zero-day, cross-platform Flash exploit . The excerpt included a demo of this exploit, which consisted of a calculator on a test page. Adobe closed the vulnerability on July 8, 2015. In addition, another Adobe vulnerability was exploited in the data, which exploited a buffer overflow attack on Adobe's Open Type Manager DLL, which is part of Microsoft Windows. The DLL runs in kernel mode, which is why the privilege escalation attack could be used to bypass the sandbox.
The published data also revealed that HackingTeam employees were using weak passwords such as 'P4ssword', 'wolverine', and 'universo'.
After a few hours without a response from HackingTeam, user Christian Pozzi tweeted that the company was working closely with the police and said, “ Much of what the hackers say about our company is untrue. He also claimed that the published archive "contains a virus" and that it is misinformation. Shortly after these tweets, Pozzi's Twitter account was also hacked.
A hacker named “ Phineas Fisher ” (or Phisher) claimed responsibility for this attack via Twitter. Phineas had previously attacked the surveillance software company Gamma International, which also produces malware such as FinFisher for governments and companies. In 2016, Phineas published details of the hack in Spanish and English as a guide for others, in which he also explains the reasons for his attack.
The internal documents exposed HackingTeam's contracts with repressive governments. As a result, in 2016 the Italian government revoked the company's license to sell surveillance software outside of Europe without special permits.
Customer list
HackingTeam's customers include not only governments, but also companies such as Barclays Bank and British Telecom from Great Britain , as well as Deutsche Bank .
A complete list of HackingTeam customers was published in the 2015 data leak. The documents revealed show that HackingTeam had 70 current clients, consisting mostly of the military, police, and federal and state governments. The company's total disclosed earnings exceeded 40 million euros .
customer | country | area | Agency | Year of first sale | Annual costs (in euros) | Total earnings (in euros) |
---|---|---|---|---|---|---|
Polizia Postale e delle Comunicazioni | Italy | Europe | Law enforcement agency | 2004 | 100,000 | 808.833 |
Centro Nacional de Inteligencia | Spain | Europe | intelligence | 2006 | 52,000 | 538,000 |
Infocomm Development Authority of Singapore | Singapore | Asia | intelligence | 2008 | 89,000 | 1,209,967 |
Information Office | Hungary | Europe | intelligence | 2008 | 41,000 | 885,000 |
CSDN | Morocco | MEA | intelligence | 2009 | 140,000 | 1,936,050 |
UPDF (Uganda Peoples Defense Force), ISO (Internal Security Organization), Office of the President | Uganda | Africa | intelligence | 2015 | 831,000 | 52.197.100 |
Italy - DA - Rental | Italy | Europe | Others | 2009 | 50,000 | 628.250 |
Malaysian Anti-Corruption Commission | Malaysia | Asia | intelligence | 2009 | 77,000 | 789.123 |
PCM | Italy | Europe | intelligence | 2009 | 90,000 | 764.297 |
SSNS - Ungheria | Hungary | Europe | intelligence | 2009 | 64,000 | 1,011,000 |
CC - Italy | Italy | Europe | Law enforcement agency | 2010 | 50,000 | 497,349 |
Al Mukhabarat Al A'amah | Saudi Arabia | MEA | intelligence | 2010 | 45,000 | 600,000 |
IR Authorities (Condor) | Luxembourg | Europe | Others | 2010 | 45,000 | 446,000 |
La Dependencia y / o CISEN | Mexico | LATAM | intelligence | 2010 | 130,000 | 1,390,000 |
UZC | Czech Republic | Europe | Law enforcement agency | 2010 | 55,000 | 689.779 |
Egypt - MOD | Egypt | MEA | Others | 2011 | 70,000 | 598,000 |
Federal Bureau of Investigation | United States | North America | Law enforcement agency | 2011 | 100,000 | 697.710 |
Oman - Secret Service | Oman | MEA | intelligence | 2011 | 30,000 | 500,000 |
President Security | Panama | LATAM | intelligence | 2011 | 110,000 | 750,000 |
Turkish National Police | Turkey | Europe | Law enforcement agency | 2011 | 45,000 | 440,000 |
UAE - MOI | UAE | MEA | Law enforcement agency | 2011 | 90,000 | 634,500 |
National Security Service | Uzbekistan | Europe | intelligence | 2011 | 50,000 | 917.038 |
Department of Defense | United States | North America | Law enforcement agency | 2011 | 190,000 | |
Bayelsa State Government | Nigeria | MEA | intelligence | 2012 | 75,000 | 450,000 |
Estado del Mexico | Mexico | LATAM | Law enforcement agency | 2012 | 120,000 | 783,000 |
Information Network Security Agency | Ethiopia | MEA | intelligence | 2012 | 80,000 | 750,000 |
State security (Falcon) | Luxembourg | Europe | Others | 2012 | 38,000 | 316,000 |
Italy - DA - Rental | Italy | Europe | Others | 2012 | 60,000 | 496,000 |
MAL - WED | Malaysia | Asia | intelligence | 2012 | 77,000 | 552,000 |
General Direction of the Territorial Surveillance | Morocco | MEA | intelligence | 2012 | 160,000 | 1,237,500 |
National Intelligence and Security Service | Sudan | MEA | intelligence | 2012 | 76,000 | 960,000 |
Russia - KVANT | Russia | Europe | intelligence | 2012 | 72,000 | 451.017 |
Saudi - GID | Saudi Arabia | MEA | Law enforcement agency | 2012 | 114,000 | 1,201,000 |
SIS of National Security Committee of Kazakhstan | Kazakhstan | Europe | intelligence | 2012 | 140,000 | 1,012,500 |
The 5163 Army Division (name of the South Korean secret service) | South Korea | Asia | Others | 2012 | 67,000 | 686,400 |
UAE - Secret Service | United Arab Emirates | MEA | Others | 2012 | 150,000 | 1,200,000 |
Central Intelligence Agency | United States | North America | intelligence | 2011 | ||
Drug Enforcement Administration | United States | North America | Others | 2012 | 70,000 | 567.984 |
Centralne Biuro Antykorupcyjne | Poland | Europe | Law enforcement agency | 2012 | 35,000 | 249,200 |
MOD Saudi | Saudi Arabia | MEA | Others | 2013 | 220,000 | 1,108,687 |
PMO | Malaysia | Asia | intelligence | 2013 | 64,500 | 520,000 |
Estado de Qeretaro | Mexico | LATAM | Law enforcement agency | 2013 | 48,000 | 234,500 |
National Security Agency | Azerbaijan | Europe | intelligence | 2013 | 32,000 | 349,000 |
Gobierno de Puebla | Mexico | LATAM | Others | 2013 | 64,000 | 428.835 |
Gobierno de Campeche | Mexico | LATAM | Others | 2013 | 78,000 | 386.296 |
AC Mongolia | Mongolia | Asia | intelligence | 2013 | 100,000 | 799,000 |
Dept. of Correction Thai Police | Thailand | Asia | Law enforcement agency | 2013 | 52,000 | 286,482 |
National Intelligence Secretariat | Ecuador | LATAM | Law enforcement agency | 2013 | 75,000 | 535,000 |
Police Intelligence Directorate | Colombia | LATAM | Law enforcement agency | 2013 | 35,000 | 335,000 |
Guardia di Finanza | Italy | Europe | Law enforcement agency | 2013 | 80,000 | 400,000 |
intelligence | Republic of Cyprus | Europe | Law enforcement agency | 2013 | 40,000 | 375.625 |
MidWorld | Bahrain | MEA | intelligence | 2013 | 210,000 | |
Mexico - PEMEX | Mexico | LATAM | Law enforcement agency | 2013 | 321.120 | |
Malaysia K | Malaysia | Asia | Law enforcement agency | 2013 | 0 | |
Honduras | Honduras | LATAM | Law enforcement agency | 2014 | 355,000 | |
Mex Taumalipas | Mexico | LATAM | 2014 | 322,900 | ||
Secretaría de Planeación y Finanzas | Mexico | LATAM | Law enforcement agency | 2014 | 91,000 | 371.035 |
AREA | Italy | Europe | 2014 | 430,000 | ||
Mexico Yucatán | Mexico | LATAM | Law enforcement agency | 2014 | 401,788 | |
Mexico Durango | Mexico | LATAM | Law enforcement agency | 2014 | 421.397 | |
Investigations Police of Chile | Chile | LATAM | Law enforcement agency | 2014 | 2,289,155 | |
Jalisco Mexico | Mexico | LATAM | Law enforcement agency | 2014 | 748.003 | |
Royal Thai Army | Thailand | Asia | Law enforcement agency | 2014 | 360,000 | |
Vietnam GD5 | Vietnam | Asia | 2014 | 281.170 | ||
Zurich Canton Police | Switzerland | Europe | Law enforcement agency | 2014 | 486,500 | |
Vietnam GD1 | Vietnam | Asia | Law enforcement agency | 2015 | 543.810 | |
Egypt TRD GNSE | Egypt | MEA | Law enforcement agency | 2015 | 137,500 | |
Armed Forces of Lebanon | Lebanon | MEA | Law enforcement agency | 2015 | ||
Federal Police Department | Brazil | LATAM | Law enforcement agency | 2015 | ||
National Anticoruption Department | Romania | DNA | intelligence | 2015 | ||
State informative service | Albania | Europe | intelligence | 2015 |
See also
Individual evidence
- ↑ a b c Batey, Angus: The spies behind your screen. The Telegraph, November 24, 2011, accessed July 26, 2015 .
- ^ Enemies of the Internet: HackingTeam. Reporters Without Borders , accessed April 24, 2014 .
- ↑ a b c Hacking Team: Unknown publishes data from spy software company. SPIEGEL ONLINE, July 6, 2015, accessed October 28, 2018 .
- ↑ Marquis-Boire, Morgan; Gaurnieri, Claudio; Scott-Railton, John; Kleemola, Katie: Police Story: HackingTeam's Government Surveillance Malware. University of Toronto, June 24, 2014, accessed August 3, 2014 .
- ↑ a b Zorabedian, John: Hacking Team loose global license to sell spyware. April 8, 2016, accessed May 15, 2016 .
- ↑ They Know Everything We Do. Human Rights Watch , March 25, 2014, accessed August 1, 2015 .
- ^ A b Jeffries, Adrianne: Meet HackingTeam, the company that helps the police hack you. September 13, 2013, accessed April 21, 2014 .
- ↑ a b Farivar, Cyrus: HackingTeam goes to war against former employees, suspects some helped hackers. Ars Technica, July 20, 2015, accessed July 26, 2015 .
- ↑ HackingTeam's US Nexus. February 28, 2014, accessed August 2, 2015 .
- ↑ Stecklow, Steve; Sun, Paul; Bradley, Matt: Mideast Uses Western Tools to Battle the Skype Rebellion. The Wall Street Journal, June 1, 2011, accessed July 26, 2015 .
- ↑ Lin, Philippe: HackingTeam Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Trend Micro , July 13, 2015, accessed July 26, 2015 .
- ↑ Advanced spyware for Android now available to script kiddies everywhere. Ars Technica, July 23, 2015, accessed August 2, 2015 .
- ↑ HackingTeam broke Bitcoin secrecy by targeting crucial wallet file. Ars Technica, July 14, 2015, accessed July 26, 2015 .
- ^ Schneier, Bruce: More on HackingTeam's Government Spying Software. June 26, 2014, accessed October 28, 2018 .
- ↑ HackingTeam Tools Allow Governments To Take Full Control of Your Smartphone. International Business Times UK, June 24, 2014, accessed May 15, 2016 .
- ↑ Guarnieri, Claudio; Marquis-Boire, Morgan: To Protect And Infect: The militarization of the Internet. Chaos Computer Club , January 13, 2014, accessed August 15, 2015 .
- ↑ a b c Currier, Cora; Marquis-Boire, Morgan: A Detailed Look at HackingTeam's Emails About Its Repressive Clients. Retrieved July 7, 2015 .
- ^ Hay Newman, Lily: A Detailed Look at HackingTeam's Emails About Its Repressive Clients. The Intercept, accessed May 15, 2016 .
- ^ Myers West, Sarah: Hacking Team Leaks Reveal Spyware Industry's Growth, Negligence of Human Rights. Electronic Frontier Foundation, July 8, 2015, accessed May 15, 2016 .
- ↑ Knibbs, Kate: HackingTeam's Lame Excuse for Selling Digital Weapons to Sudan. Gizmodo, July 8, 2015, accessed May 15, 2016 .
- ↑ Hacked Team (@hackingteam). Archived from the original on July 6, 2015 ; accessed on July 6, 2015 .
- ↑ HackingTeam hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan. International Business Times, June 6, 2015, accessed July 6, 2015 .
- ↑ Ragan, Steve: HackingTeam hacked, attackers claim 400 GB in dumped data. Retrieved July 6, 2015 .
- ↑ Security Advisory for Adobe Flash Player. Adobe Inc. , July 8, 2015, accessed August 30, 2016 .
- ↑ Khandelwal, Swati: Zero-Day Flash Player Exploit Disclosed In 'HackingTeam' Data Dump. Retrieved July 6, 2015 .
- ↑ Pi, Peter: Unpatched Flaw Flash Player, More POCs Found in Hacking Team Leak. Retrieved July 8, 2015 .
- ↑ WICAR test malware. Retrieved May 16, 2017 (English).
- ^ Adobe Systems: Adobe Security Bulletin. Retrieved July 11, 2015 .
- ^ Tang, Jack: A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak. Retrieved July 8, 2015 .
- ↑ Whittaker Zack: Hacking Team used shockingly bad passwords. Retrieved July 6, 2015 .
- ↑ Christian Pozzi on Twitter: "Uh Oh - my twitter account was also hacked." July 6, 2015, archived from the original on July 6, 2015 ; accessed on July 6, 2015 .
- ↑ Osbourne, Charlie: Hacking Team: We will not 'shrivel up and go away' after cyber attack. Retrieved July 6, 2015 .
- ↑ How hacking team got hacked. Ars Technica, accessed on May 15, 2016 .
- ↑ A Detailed Look at HackingTeam's Emails About Its Repressive Clients. The Intercept, accessed May 15, 2016 .
- ↑ HackingTeam's Global License Revoked by Italian Export Authorities | Privacy International. Retrieved May 15, 2016 .
- ↑ Kopstein, Justin: Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech. Vice Magazine, July 6, 2015, accessed October 28, 2018 .
- ↑ Weissman, Cale Guthrie: Hacked security company's documents show a laundry list of questionable clients. July 6, 2015, accessed October 28, 2018 .
- ^ Ragan, Steve: In Pictures: HackingTeam's hack curated. CSO Online (Australia), accessed October 28, 2018 .
- ↑ Hern, Alex: HackingTeam hacked: firm sold spying tools to repressive regimes, documents claim. The Guardian, July 6, 2015, accessed July 22, 2015 .
- ↑ Ragan, Steve: Hacking Team responds to data breach, issues public threats and denials. CSO Online, July 6, 2015, accessed July 22, 2015 .
- ^ Stevenson, Alastair: A whole bunch of downed government surveillance programs are about to go back online. Business Insider, July 14, 2015, accessed July 22, 2015 .
- ^ Jone Pierantonio: Ecco chi ha bucato HackingTeam. (No longer available online.) International Business Times, archived from the original on Aug. 6, 2015 ; Retrieved August 2, 2015 (Italian). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice.
- ↑ Hacking Team: “Ofrecemos tecnología ofensiva para la Policía”. El País, July 8, 2015, accessed August 2, 2015 (Spanish).
- ↑ The HackingTeam leak shows Mexico was its top client, but why? Fusion, accessed August 2, 2015 .
- ↑ a b c d e f g Leaked emails from security firm HackingTeam show government use - Fortune. Fortune, accessed August 2, 2015 .
- ↑ a b c Leaked Documents Show FBI, DEA and US Army Buying Italian Spyware. The Intercept, accessed August 2, 2015 .
- ↑ HackingTeam's Equipment Got Stolen in Panama. Motherboard, accessed August 2, 2015 .
- ↑ Molina, Thabata: Panama to Investigate Martinelli in Hacking Team Spying Scandal. Panama Post, August 13, 2015, accessed August 15, 2015 .
- ↑ HackingTeam apparently violated EU rules in sale of spyware to Russian agency. Ars Technica, accessed August 2, 2015 .
- ↑ How HackingTeam Created Spyware that Allowed the FBI To Monitor Tor Browser. The Intercept, accessed August 2, 2015 .
- ^ McGrath, Ben: Further revelations in South Korean hacking scandal. World Socialist Web Site, July 25, 2015, accessed July 26, 2015 .
- ↑ WikiLeaks - The Hackingteam Archives. wikileaks.org, accessed March 25, 2017 .
- ^ The DEA Just Canceled Its Contract With HackingTeam. Motherboard, accessed August 2, 2015 .
- ^ Ecuadorian Websites Report on Hacking Team, Get Taken Down. Retrieved October 28, 2018 .
- ↑ Podour, Justin: #HackedTeam y Colombia: Cómo la vigilancia ayuda a un Estado violento. Telesur, July 23, 2015, accessed July 26, 2015 (Spanish).
- ↑ Intelligence Service chief steps down. In Cyprus, July 11, 2015, archived from the original on August 15, 2015 ; accessed on July 26, 2015 (English).
- ↑ HackingTeam's troubling connections to Bahrain. Bahrain Center for Human Rights, July 15, 2015, accessed July 26, 2015 .
- ↑ Burime të sigurta, SHISH përdor programet përgjuese që prej 2015. HackingTeams: Nuk e kemi nën control sistemin! Lexime, July 14, 2015, accessed July 27, 2015 .
Web links
- Official website
- WikiLeaks: The Hackingteam Archives - searchable database of 1 million internal emails
- HackingTeam presentations in the WikiLeaks " Spy Files "