Over the past couple days, we’ve seen a rapid influx of Zero-Day vulnerabilities hit the technology industry as a result of the recent Hacking Team breach. A total of three such vulnerabilities have been announced for Adobe Flash since the breach, and Microsoft has released a critical update in response to a browser exploit discovered among the compromised data. The leaked data has also shown clear evidence of these exploits being both sold and used against targets within the global community.
As a security-minded IT professional, I have found myself at an impasse. Overlooking, but not ignoring, the fact that the Hacking Team breach was an illegal act perpetrated by cyber hacktivists, I can’t help feeling a sense of gratitude in lieu of the numerous exploitable vulnerabilities that have been announced and patched since the event just a few days ago. Understanding that the breach has exposed client data, proprietary information, internal emails and the like, as a passionate IT Security practitioner, I can’t turn a blind eye to the fact that Hacking Team was engineering their own malicious software and selling it for profit.
The Remote Control System (RCS) is the Hacking Team product that lies at the center of their surveillance and exploitation activities. The RCS basically functions as a Remote Access Trojan, or a backdoor, to the system in which it is installed. The leaked data from the breach has shown that the RCS software has undergone extensive R&D to ensure its undetectable nature. Documents revealed from the breach show Hacking Team had at one point conducted testing of its software against numerous antivirus and malware programs to determine detection rates.
In a time where Cybersecurity is the most volatile it has ever been, and breaches are occurring at alarming rates, I feel as though organizations like Hacking Team could be doing so much more with the talent and technology they possess. Unfortunately, documents leaked to the public have shown that Hacking Team has taken a different path. Among the 400GBs of stolen data lies evidence of Hacking Team’s involvement with nations that have been found to be at the forefront of Human Rights abuses, as well as other violations. Marietje Schaake, a Dutch member of the European Parliament has cited the selling of the RCS software to certain nations as the “proliferation of harmful systems”, evidenced by compromised documents and emails showing invoices to countries such as Sudan. Schaake goes on to refer to violations of numerous UN Security Council Resolutions as a result of the sale of the RCS software.
Rather than using the RCS or other malware at their disposal for combating cyberterrorism and “fighting the good fight”, Hacking Team has profited in providing their surveillance tool to clients who have appeared to be using it for ill intent. Citizen Lab, a Canadian-based R&D organization for Information and Communication Technologies (ICTs), human rights, and global security, has made several posts on its blog concerning the sale of RCS to countries such as Ethiopia for the purpose of surveilling Ethiopian journalists.
It is my opinion that Hacking Team’s failure to do more good than harm is why they have been deemed as a “Corporate Enemy” by Reporters Without Borders. As more documents are revealed regarding Hacking Team’s practices and clientele, I am reminded of the movie, The Matrix, where a bleak Morpheus recounts the downfall of mankind to Neo and says, “Fate, it seems, is not without a sense of irony”. In their efforts to profit from malware, Hacking Team found itself on the wrong end of an intrusion and face-to-face with an embarrassing and very karma-esque situation. Rather than learning from the Gamma Group breach of last August, Hacking Team has now become just another unfortunate statistic in the world of cyber attacks and data loss.
Though there have not been any outright claims of ownership to the attack, there has been some speculation connecting the Hacker Team and Gamma Group breaches.