HackingTeam

from Wikipedia, the free encyclopedia
HackingTeam

logo
legal form Società a responsabilità limitata
founding 2003
Seat Milan
Website www.hackingteam.it

Hacking Team is a company founded in Milan companies for information technology , the software to monitor sold and intrusion to governments, law enforcement agencies and businesses. Their " Remote Control Systems " allow you to monitor communications from Internet users, decrypt encrypted files and e-mails , record Skype and other IP telephony , and activate microphones and cameras on the target devices. The company has been criticized for making the technology available to countries with low human rights records, although HackingTeam said they have the option to prevent the software from being used if it is used unethically. The Italian government then restricted permission to do business with countries outside Europe.

HackingTeam employs around 40 people in their Italian office. It also has offices in Annapolis, Maryland , Washington, DC and Singapore . Their products are used in dozens of countries on six continents.

history

HackingTeam was founded by the two Italian programmers Alberto Ornaghi and Marco Valleri. Before the official establishment, Ornaghi and Valleri (under their nicknames ALoR and NaGA) developed a range of software that could be used to monitor and remotely control computers. The Ettercap program is used by hackers to spy on people as well as by companies who use it to test their own networks .

The Milan police learned from the programs. Hoping to use Ettercap to spy and monitor Skype calls made by Italian citizens, the police contacted Ornaghi and Valleri and asked for assistance in modifying the program. HackingTeam was born and became "the first seller of commercial hacking software to the police."

According to former employee Alberto Pelliccione, the company started out as a provider of security services. They offered clients penetration tests , system checks, and other defensive security methods. Pelliccioe stated that as malware and other programs were developed and distributed , the company took a more offensive direction and divided itself into several areas. Pellicone claimed that employees working in various aspects of a platform - e.g. B. Android exploits and malware - worked, did not communicate with each other, which sometimes led to tension and conflict within the organization.

In February 2014, a report from Citizen Lab revealed that the company was using hosting services from Linode, Telecom Italia , Rackspace , NOC4Hosts and the infamous hosting company Santrex.

On July 5, 2015, the company succumbed to a major data breach in which user data, program code, internal documents and e-mails were published.

Products

HackingTeam enables clients to use their RCS (Remote Control Systems) to perform remote desktop surveillance on citizens. These include their Da Vinci and Galileo programs . They allow:

  • Concealed collection of emails, SMS , call history and address books
  • Keylogger
  • Revealing search history and taking screenshots
  • Record sound files during phone calls
  • Direct recording of an audio and video stream from memory in order to bypass the encryption of Skype sessions
  • Use of microphones to pick up sounds and conversations in the room
  • Activation of computer and cell phone cameras
  • Hacking the GPS system of a smartphone to monitor the victim's movements
  • Infection of the UEFI BIOS firmware with a rootkit
  • Reading of W-LAN passwords
  • Searching Bitcoin wallets and wallets of other cryptocurrencies to determine data about accounts, contacts and past transactions.

HackingTeam uses special techniques to prevent smartphone batteries from draining quickly and other methods to prevent detection.

The malware has payloads for Android, BlackBerry , Apple iOS , Linux , macOS , Symbian , as well as for Windows , Windows Mobile and Windows Phone operating systems.

RCS is a management platform that allows users to remotely apply exploits and payloads against attacked systems, manage hacked systems and read out data for remote analysis.

Controversy

Use by repressive governments

HackingTeam has been criticized for selling their products and services to governments with a low human rights index such as Sudan , Bahrain , Venezuela and Saudi Arabia .

In June 2014, a United Nations Sanctions Monitoring Commission requested information from HackingTeam about their alleged sale of software to the country in violation of the United States' arms ban on Sudan. Documents released during the 2015 data breach revealed that the organization gave the Sudanese secret and security service access to the "Remote Control System" in 2012 for € 960,000.

The company responded to the United Nations Commission in January 2015 that it was not currently selling to Sudan. In the subsequent exchange, HackingTeam claimed that their product was not controlled as a weapon and that the request was therefore outside the control of the commission. They did not have to disclose any previous sales as they reported it as a trade secret.

The United Nations disagreed, "The Committee believes that such programs in support of Electronic Military Surveillance (ELINT) are best suited and can potentially fall under the category of 'military ... equipment' or 'assistance' related to prohibited items," wrote the Minister in March. "By the potential use to attack any warmongering groups in the Dafur conflict, it is in the interest of the commission."

In autumn 2014, the Italian government abruptly put all HackingTeam exports on hold, fearing human rights violations. After some lobbying with Italian officials, the company temporarily regained the right to sell its products abroad.

2015 data breach

On July 5, 2015, the company's Twitter account was hijacked by an unknown person who announced the publication of data on HackingTeam's computers. The original message was " Since we have nothing to hide, we're going to publish all of our emails, files and source code ... " and included links to over 400 GB of data with supposedly internal emails, invoices and source code, which were via BitTorrent and Mega were released. An announcement of the data breach was retweeted by WikiLeaks and many others on social networks.

The material was very extensive and initial analyzes appeared to reveal that HackingTeam issued invoices to the Lebanese Army and Sudan and that surveillance software was sold to Bahrain and Kazakhstan . HackingTeam had previously claimed they never did business with Sudan.

The published data included a zero-day, cross-platform Flash exploit . The excerpt included a demo of this exploit, which consisted of a calculator on a test page. Adobe closed the vulnerability on July 8, 2015. In addition, another Adobe vulnerability was exploited in the data, which exploited a buffer overflow attack on Adobe's Open Type Manager DLL, which is part of Microsoft Windows. The DLL runs in kernel mode, which is why the privilege escalation attack could be used to bypass the sandbox.

The published data also revealed that HackingTeam employees were using weak passwords such as 'P4ssword', 'wolverine', and 'universo'.

After a few hours without a response from HackingTeam, user Christian Pozzi tweeted that the company was working closely with the police and said, “ Much of what the hackers say about our company is untrue. He also claimed that the published archive "contains a virus" and that it is misinformation. Shortly after these tweets, Pozzi's Twitter account was also hacked.

A hacker named “ Phineas Fisher ” (or Phisher) claimed responsibility for this attack via Twitter. Phineas had previously attacked the surveillance software company Gamma International, which also produces malware such as FinFisher for governments and companies. In 2016, Phineas published details of the hack in Spanish and English as a guide for others, in which he also explains the reasons for his attack.

The internal documents exposed HackingTeam's contracts with repressive governments. As a result, in 2016 the Italian government revoked the company's license to sell surveillance software outside of Europe without special permits.

Customer list

HackingTeam's customers include not only governments, but also companies such as Barclays Bank and British Telecom from Great Britain , as well as Deutsche Bank .

A complete list of HackingTeam customers was published in the 2015 data leak. The documents revealed show that HackingTeam had 70 current clients, consisting mostly of the military, police, and federal and state governments. The company's total disclosed earnings exceeded 40 million euros .

customer country area Agency Year of first sale Annual costs (in euros) Total earnings (in euros)
Polizia Postale e delle Comunicazioni Italy Europe Law enforcement agency 2004 100,000 808.833
Centro Nacional de Inteligencia Spain Europe intelligence 2006 52,000 538,000
Infocomm Development Authority of Singapore Singapore Asia intelligence 2008 89,000 1,209,967
Information Office Hungary Europe intelligence 2008 41,000 885,000
CSDN Morocco MEA intelligence 2009 140,000 1,936,050
UPDF (Uganda Peoples Defense Force), ISO (Internal Security Organization), Office of the President Uganda Africa intelligence 2015 831,000 52.197.100
Italy - DA - Rental Italy Europe Others 2009 50,000 628.250
Malaysian Anti-Corruption Commission Malaysia Asia intelligence 2009 77,000 789.123
PCM Italy Europe intelligence 2009 90,000 764.297
SSNS - Ungheria Hungary Europe intelligence 2009 64,000 1,011,000
CC - Italy Italy Europe Law enforcement agency 2010 50,000 497,349
Al Mukhabarat Al A'amah Saudi Arabia MEA intelligence 2010 45,000 600,000
IR Authorities (Condor) Luxembourg Europe Others 2010 45,000 446,000
La Dependencia y / o CISEN Mexico LATAM intelligence 2010 130,000 1,390,000
UZC Czech Republic Europe Law enforcement agency 2010 55,000 689.779
Egypt - MOD Egypt MEA Others 2011 70,000 598,000
Federal Bureau of Investigation United States North America Law enforcement agency 2011 100,000 697.710
Oman - Secret Service Oman MEA intelligence 2011 30,000 500,000
President Security Panama LATAM intelligence 2011 110,000 750,000
Turkish National Police Turkey Europe Law enforcement agency 2011 45,000 440,000
UAE - MOI UAE MEA Law enforcement agency 2011 90,000 634,500
National Security Service Uzbekistan Europe intelligence 2011 50,000 917.038
Department of Defense United States North America Law enforcement agency 2011 190,000
Bayelsa State Government Nigeria MEA intelligence 2012 75,000 450,000
Estado del Mexico Mexico LATAM Law enforcement agency 2012 120,000 783,000
Information Network Security Agency Ethiopia MEA intelligence 2012 80,000 750,000
State security (Falcon) Luxembourg Europe Others 2012 38,000 316,000
Italy - DA - Rental Italy Europe Others 2012 60,000 496,000
MAL - WED Malaysia Asia intelligence 2012 77,000 552,000
General Direction of the Territorial Surveillance Morocco MEA intelligence 2012 160,000 1,237,500
National Intelligence and Security Service Sudan MEA intelligence 2012 76,000 960,000
Russia - KVANT Russia Europe intelligence 2012 72,000 451.017
Saudi - GID Saudi Arabia MEA Law enforcement agency 2012 114,000 1,201,000
SIS of National Security Committee of Kazakhstan Kazakhstan Europe intelligence 2012 140,000 1,012,500
The 5163 Army Division (name of the South Korean secret service) South Korea Asia Others 2012 67,000 686,400
UAE - Secret Service United Arab Emirates MEA Others 2012 150,000 1,200,000
Central Intelligence Agency United States North America intelligence 2011
Drug Enforcement Administration United States North America Others 2012 70,000 567.984
Centralne Biuro Antykorupcyjne Poland Europe Law enforcement agency 2012 35,000 249,200
MOD Saudi Saudi Arabia MEA Others 2013 220,000 1,108,687
PMO Malaysia Asia intelligence 2013 64,500 520,000
Estado de Qeretaro Mexico LATAM Law enforcement agency 2013 48,000 234,500
National Security Agency Azerbaijan Europe intelligence 2013 32,000 349,000
Gobierno de Puebla Mexico LATAM Others 2013 64,000 428.835
Gobierno de Campeche Mexico LATAM Others 2013 78,000 386.296
AC Mongolia Mongolia Asia intelligence 2013 100,000 799,000
Dept. of Correction Thai Police Thailand Asia Law enforcement agency 2013 52,000 286,482
National Intelligence Secretariat Ecuador LATAM Law enforcement agency 2013 75,000 535,000
Police Intelligence Directorate Colombia LATAM Law enforcement agency 2013 35,000 335,000
Guardia di Finanza Italy Europe Law enforcement agency 2013 80,000 400,000
intelligence Republic of Cyprus Europe Law enforcement agency 2013 40,000 375.625
MidWorld Bahrain MEA intelligence 2013 210,000
Mexico - PEMEX Mexico LATAM Law enforcement agency 2013 321.120
Malaysia K Malaysia Asia Law enforcement agency 2013 0
Honduras Honduras LATAM Law enforcement agency 2014 355,000
Mex Taumalipas Mexico LATAM 2014 322,900
Secretaría de Planeación y Finanzas Mexico LATAM Law enforcement agency 2014 91,000 371.035
AREA Italy Europe 2014 430,000
Mexico Yucatán Mexico LATAM Law enforcement agency 2014 401,788
Mexico Durango Mexico LATAM Law enforcement agency 2014 421.397
Investigations Police of Chile Chile LATAM Law enforcement agency 2014 2,289,155
Jalisco Mexico Mexico LATAM Law enforcement agency 2014 748.003
Royal Thai Army Thailand Asia Law enforcement agency 2014 360,000
Vietnam GD5 Vietnam Asia 2014 281.170
Zurich Canton Police Switzerland Europe Law enforcement agency 2014 486,500
Vietnam GD1 Vietnam Asia Law enforcement agency 2015 543.810
Egypt TRD GNSE Egypt MEA Law enforcement agency 2015 137,500
Armed Forces of Lebanon Lebanon MEA Law enforcement agency 2015
Federal Police Department Brazil LATAM Law enforcement agency 2015
National Anticoruption Department Romania DNA intelligence 2015
State informative service Albania Europe intelligence 2015

See also

Individual evidence

  1. a b c Batey, Angus: The spies behind your screen. The Telegraph, November 24, 2011, accessed July 26, 2015 .
  2. ^ Enemies of the Internet: HackingTeam. Reporters Without Borders , accessed April 24, 2014 .
  3. a b c Hacking Team: Unknown publishes data from spy software company. SPIEGEL ONLINE, July 6, 2015, accessed October 28, 2018 .
  4. Marquis-Boire, Morgan; Gaurnieri, Claudio; Scott-Railton, John; Kleemola, Katie: Police Story: HackingTeam's Government Surveillance Malware. University of Toronto, June 24, 2014, accessed August 3, 2014 .
  5. a b Zorabedian, John: Hacking Team loose global license to sell spyware. April 8, 2016, accessed May 15, 2016 .
  6. They Know Everything We Do. Human Rights Watch , March 25, 2014, accessed August 1, 2015 .
  7. ^ A b Jeffries, Adrianne: Meet HackingTeam, the company that helps the police hack you. September 13, 2013, accessed April 21, 2014 .
  8. a b Farivar, Cyrus: HackingTeam goes to war against former employees, suspects some helped hackers. Ars Technica, July 20, 2015, accessed July 26, 2015 .
  9. HackingTeam's US Nexus. February 28, 2014, accessed August 2, 2015 .
  10. Stecklow, Steve; Sun, Paul; Bradley, Matt: Mideast Uses Western Tools to Battle the Skype Rebellion. The Wall Street Journal, June 1, 2011, accessed July 26, 2015 .
  11. Lin, Philippe: HackingTeam Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems. Trend Micro , July 13, 2015, accessed July 26, 2015 .
  12. Advanced spyware for Android now available to script kiddies everywhere. Ars Technica, July 23, 2015, accessed August 2, 2015 .
  13. HackingTeam broke Bitcoin secrecy by targeting crucial wallet file. Ars Technica, July 14, 2015, accessed July 26, 2015 .
  14. ^ Schneier, Bruce: More on HackingTeam's Government Spying Software. June 26, 2014, accessed October 28, 2018 .
  15. HackingTeam Tools Allow Governments To Take Full Control of Your Smartphone. International Business Times UK, June 24, 2014, accessed May 15, 2016 .
  16. Guarnieri, Claudio; Marquis-Boire, Morgan: To Protect And Infect: The militarization of the Internet. Chaos Computer Club , January 13, 2014, accessed August 15, 2015 .
  17. a b c Currier, Cora; Marquis-Boire, Morgan: A Detailed Look at HackingTeam's Emails About Its Repressive Clients. Retrieved July 7, 2015 .
  18. ^ Hay Newman, Lily: A Detailed Look at HackingTeam's Emails About Its Repressive Clients. The Intercept, accessed May 15, 2016 .
  19. ^ Myers West, Sarah: Hacking Team Leaks Reveal Spyware Industry's Growth, Negligence of Human Rights. Electronic Frontier Foundation, July 8, 2015, accessed May 15, 2016 .
  20. Knibbs, Kate: HackingTeam's Lame Excuse for Selling Digital Weapons to Sudan. Gizmodo, July 8, 2015, accessed May 15, 2016 .
  21. Hacked Team (@hackingteam). Archived from the original on July 6, 2015 ; accessed on July 6, 2015 .
  22. HackingTeam hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan. International Business Times, June 6, 2015, accessed July 6, 2015 .
  23. Ragan, Steve: HackingTeam hacked, attackers claim 400 GB in dumped data. Retrieved July 6, 2015 .
  24. Security Advisory for Adobe Flash Player. Adobe Inc. , July 8, 2015, accessed August 30, 2016 .
  25. Khandelwal, Swati: Zero-Day Flash Player Exploit Disclosed In 'HackingTeam' Data Dump. Retrieved July 6, 2015 .
  26. Pi, Peter: Unpatched Flaw Flash Player, More POCs Found in Hacking Team Leak. Retrieved July 8, 2015 .
  27. WICAR test malware. Retrieved May 16, 2017 (English).
  28. ^ Adobe Systems: Adobe Security Bulletin. Retrieved July 11, 2015 .
  29. ^ Tang, Jack: A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak. Retrieved July 8, 2015 .
  30. Whittaker Zack: Hacking Team used shockingly bad passwords. Retrieved July 6, 2015 .
  31. Christian Pozzi on Twitter: "Uh Oh - my twitter account was also hacked." July 6, 2015, archived from the original on July 6, 2015 ; accessed on July 6, 2015 .
  32. Osbourne, Charlie: Hacking Team: We will not 'shrivel up and go away' after cyber attack. Retrieved July 6, 2015 .
  33. How hacking team got hacked. Ars Technica, accessed on May 15, 2016 .
  34. A Detailed Look at HackingTeam's Emails About Its Repressive Clients. The Intercept, accessed May 15, 2016 .
  35. HackingTeam's Global License Revoked by Italian Export Authorities | Privacy International. Retrieved May 15, 2016 .
  36. Kopstein, Justin: Here Are All the Sketchy Government Agencies Buying Hacking Team's Spy Tech. Vice Magazine, July 6, 2015, accessed October 28, 2018 .
  37. Weissman, Cale Guthrie: Hacked security company's documents show a laundry list of questionable clients. July 6, 2015, accessed October 28, 2018 .
  38. ^ Ragan, Steve: In Pictures: HackingTeam's hack curated. CSO Online (Australia), accessed October 28, 2018 .
  39. Hern, Alex: HackingTeam hacked: firm sold spying tools to repressive regimes, documents claim. The Guardian, July 6, 2015, accessed July 22, 2015 .
  40. Ragan, Steve: Hacking Team responds to data breach, issues public threats and denials. CSO Online, July 6, 2015, accessed July 22, 2015 .
  41. ^ Stevenson, Alastair: A whole bunch of downed government surveillance programs are about to go back online. Business Insider, July 14, 2015, accessed July 22, 2015 .
  42. ^ Jone Pierantonio: Ecco chi ha bucato HackingTeam. (No longer available online.) International Business Times, archived from the original on Aug. 6, 2015 ; Retrieved August 2, 2015 (Italian). Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / it.ibtimes.com
  43. Hacking Team: “Ofrecemos tecnología ofensiva para la Policía”. El País, July 8, 2015, accessed August 2, 2015 (Spanish).
  44. The HackingTeam leak shows Mexico was its top client, but why? Fusion, accessed August 2, 2015 .
  45. a b c d e f g Leaked emails from security firm HackingTeam show government use - Fortune. Fortune, accessed August 2, 2015 .
  46. a b c Leaked Documents Show FBI, DEA and US Army Buying Italian Spyware. The Intercept, accessed August 2, 2015 .
  47. HackingTeam's Equipment Got Stolen in Panama. Motherboard, accessed August 2, 2015 .
  48. Molina, Thabata: Panama to Investigate Martinelli in Hacking Team Spying Scandal. Panama Post, August 13, 2015, accessed August 15, 2015 .
  49. HackingTeam apparently violated EU rules in sale of spyware to Russian agency. Ars Technica, accessed August 2, 2015 .
  50. How HackingTeam Created Spyware that Allowed the FBI To Monitor Tor Browser. The Intercept, accessed August 2, 2015 .
  51. ^ McGrath, Ben: Further revelations in South Korean hacking scandal. World Socialist Web Site, July 25, 2015, accessed July 26, 2015 .
  52. WikiLeaks - The Hackingteam Archives. wikileaks.org, accessed March 25, 2017 .
  53. ^ The DEA Just Canceled Its Contract With HackingTeam. Motherboard, accessed August 2, 2015 .
  54. ^ Ecuadorian Websites Report on Hacking Team, Get Taken Down. Retrieved October 28, 2018 .
  55. Podour, Justin: #HackedTeam y Colombia: Cómo la vigilancia ayuda a un Estado violento. Telesur, July 23, 2015, accessed July 26, 2015 (Spanish).
  56. Intelligence Service chief steps down. In Cyprus, July 11, 2015, archived from the original on August 15, 2015 ; accessed on July 26, 2015 (English).
  57. HackingTeam's troubling connections to Bahrain. Bahrain Center for Human Rights, July 15, 2015, accessed July 26, 2015 .
  58. Burime të sigurta, SHISH përdor programet përgjuese që prej 2015. HackingTeams: Nuk e kemi nën control sistemin! Lexime, July 14, 2015, accessed July 27, 2015 .

Web links