- July 17, 2015
- Suggested Reading
The Hacking Team Case
The Hacking Team is an Italian company selling a surveillance suite to governments and other state agencies, for the purpose of lawful interception. The product has all the functionalities of common spyware: it can gather keystrokes, passwords, and even allows remote control of the target's computer. The suite comes with a full set of exploits that allows the customer to install the spyware without the target's knowledge or consent.
If the product and the tactics look like those used by malware writers and criminals, it's because they are actually the same. The difference is that Hacking Team openly sells their product, and theoretically only to authorised state actors (Under the Wassenaar Arrangement on Export Controls for Conventional and Dual-Use Goods and Technologies). that need to monitor criminals. The leaked documents show customers in at least 8 European Countries (Cyprus, Czech Republic, Hungary, Italy, Luxemburg, Poland, Spain, and Switzerland).
On July 5th, a torrent file appeared that contained more than 400GB of files belonging to Hacking Team: emails, source code, invoices, and more. The firm's twitter account was hijacked, and used to publish disparaging comments about the company.
What did the press say?
There are countless articles about the hack, its causes, and its consequences. This paper attempts to give an overview of most aspects.
One of the first in-depth articles on this case was published by Wired, insisting on the apparent violation of the Wassenaar Arrangement by Hacking Team: invoices seem to indicate that the company sold its products to oppressive regimes. These possible violations led to questions from an MEP to the High Representative Mogherini.
Another aspect of the hack is that the published files contained 0-days (exploits for previously unknown vulnerabilities) for Adobe Flash Player and Windows. Cyber criminals integrated these exploits in their toolkits at an alarming speed.
The leak also showed that Hacking Team uses advanced techniques to make sure that their software cannot be uninstalled. For example, it is possible to overwrite some computers' BIOS. This allows the malware to be re-installed and remain hidden even after the infected hard drive has been wiped.
While there is so far no public explanation of how the hack was conducted, bad passwords may have been a factor: the leaked documents show an overall disregard for good password practices.
About "Suggested Reading" from ENISA
With the “Suggested Reading” series ENISA aims at giving the interested reader guidance on controversial and inscrutable NIS related discussions that are carried out in Media, by suggesting selected pre-reviewed articles that in our view explain the issue at hand and related circumstances in a reasonable and understandable manner. This view is derived from past experiences and common sense; in no way should “Suggested Reading” be understood as recommended course of action in a specific incident or investigation, or being a final conclusion. Feel free to get in touch with ENISA to discuss or inquire more information to the “Suggested Reading” series (firstname.lastname@example.org).