Hacking Team, the recently breached security company which develops and sells surveillance tools primarily for government regimes now claims that its technology is susceptible to being used by terrorists after a 400 GB data dump went public this Sunday, revealing the source code of its applications.
In making more headlines, the controversial Italian security company – Hacking Team claims that terrorists and extortionists could now use its tools due to the recent breach it suffered from hackers yet unknown, according to a report in the Washington Post.
Hacking Team was targeted in an elaborate cyberattack which resulted in the dumping of 400 GB of data that contained email correspondence, client lists, financial information and crucially, source code. The dump was made public and shared on BitTorrent networks, GitHub and plenty of websites.
Falling into the wrong hands
In the aftermath of the attack, a company spokesperson had initially declined to verify the authenticity of the data dump but the latest company statement leaves no room for misinterpretation.
“Hacking Team’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice,” said Eric Rabe, the Italian company’s spokesperson in a statement.
“Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so,” claimed Rabe.
“We believe this is an extremely dangerous situation,” he added.
A silver lining.
Despite the inherent danger of the source code falling into the hands of cybercriminals and terrorists, the Hacking Team hack is likely to help with the greater good with cybersecurity.
The Italian company relies on using zero-day bugs and vulnerabilities that are yet unknown to software developers. For instance, it was revealed that Hacking Team had come up with an exploit to take advantage of a critical Adobe vulnerability that grants an attacker to crash the browser and take control of the end-user’s system. That Flash vulnerability is now patched by Adobe.
Turbulent times
The flagship product in Hacking Team’s roster is the Remote Control System (RCS), coined by the company as Galileo. The product is sold to law enforcement agencies and governments to intercept data communications on computers and mobile devices in a clandestine, stealthy manner.
It’s important to note that security researchers, analysts and white-hat hackers along with human-rights activists and pro-privacy proponents have alleged for years that Hacking Team has sold Galileo to governments with questionable human rights records. There have also been instances of activists and journalists being allegedly spied upon by government agencies using the company’s products.
Rabe added in the statement that the company’s engineers are updating RCS presently and are “working around the clock” in order to come up with a fix.
“In response to Hacking Team’s request, virtually all clients have suspended use of the system (RCS) that was compromised in the attack,” Rabe wrote in the statement.
