Security Experts:

Connect with us

Hi, what are you looking for?


Tracking & Law Enforcement

Hacking Team Preparing to Launch New Surveillance Solution

As many of the company’s tools and methods have become public knowledge, Hacking Team is preparing to release a completely new surveillance system.

As many of the company’s tools and methods have become public knowledge, Hacking Team is preparing to release a completely new surveillance system.

Hackers leaked last week 400GB of emails, documents, software, source code, and exploits stolen from the systems of Italy-based surveillance software maker Hacking Team. In a statement published shortly after the incident came to light, the company stated that the leaked source code allows anyone to deploy its software, including terrorists and extortionists.

In a new statement released on Monday, Hacking Team founder and CEO David Vincenzetti noted that no company has produced surveillance software as comprehensive, easy to use, and powerful as the one offered by Hacking Team. And Vincenzetti seems confident that this is not about to change any time soon.

Some parts of the company’s flagship product, Remote Control System, have been leaked, forcing the company to instruct customers to suspend the use of its solutions. However, Hacking Team says the attackers have not gained access to “important elements” of its source code.

Furthermore, Vincenzetti has pointed out that the exposed systems are “obsolete” by now “because of universal ability to detect these system elements.”

The leaked data included proof-of-concept (PoC) code for at least three Adobe Flash Player and one Microsoft Windows zero-day exploits. Advanced persistent threat (APT) actors and cybercriminals started abusing the Flash Player vulnerabilities in their operations before Adobe managed to release patches for them.

Hacking Team says it has isolated its internal systems to prevent additional data exfiltration.The company is now working on releasing an update to secure the Galileo version of its product.

In addition to this update, which will become available shortly, the spyware maker expects to release a completely new version of its Remote Control System, version 10, in the fall.

“This is a total replacement for the existing Galileo system, not simply an update,” explained Vincenzetti. “Of course, it will include new elements to protect systems and data considering the impact of the attack against Hacking Team.”

Hacking Team responds to accusations

Officially, Hacking Team sells its products only to law enforcement and intelligence agencies, and it selects customers to ensure that its surveillance solutions don’t end up in the wrong hands.

However, Hacking Team has often been accused by researchers and civil rights advocates of offering its spyware to countries that don’t have a good record on democracy and human rights, including Sudan, Morocco, Ethiopia, and the United Arab Emirates. Leaked emails, contracts, invoices and other documents seem to show that the company has dealt with oppressive governments.

Following the data breach, a Dutch member of the European Parliament has asked for the launch of an investigation into Hacking Team’s practices by both the European Commission and Italy.

In his statement, Vincenzetti said the export of his company’s software is controlled by the Italian government under the Wassenaar Arrangement.

“Our technology has always been sold lawfully, and, when circumstances have changed, we have ended relationships with clients such as Sudan, Ethiopia and Russia,” Vincenzetti said.

Experts analyze leaked Hacking Team tools

Several security firms have analyzed the leaked data to see how Hacking Team’s software works. Trend Micro reported finding a UEFI rootkit that the Italian company has used to ensure the persistence of its software on targeted systems.

By using the rootkit, Hacking Team customers could ensure that they can continue surveillance of the target even if the device’s hard drive was erased or replaced. Hacking Team documents show that the rootkit works on Insyde BIOS, which is very common on laptop computers. However, Trend Micro says the malware could work on AMI BIOS as well.

Furthermore, while leaked slideshows reveal that the rootkit can only be installed by having physical access to the targeted device, researchers believe it might also be possible for the malware to be deployed remotely.

Researchers at Lookout revealed last week that despite claims that Hacking Team’s software could only infect jailbroken iOS devices, the spyware could actually be installed on non-jailbroken phones as well. This was possible because Hacking Team possessed an Apple enterprise certificate that allowed developers to sign their creations. Apple has now revoked the said certificate.

Researchers at Bromium have conducted an in-depth analysis of Hacking Team’s Remote Control System. The solution, which is basically a fully-featured remote access Trojan (RAT), is capable of grabbing stored passwords from popular applications, recording instant messaging communications, logging keystrokes, harvesting session cookies for popular online services, capturing emails and contacts, recording sound via the computer’s microphone, taking photos via the webcam, grabbing clipboard data, logging mouse movements and clicks, and monitoring browser history.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.


Spanish Court agreed to extradite Joseph James O’Connor to he U.S., who allegedly took part in the July 2020 hacking of Twitter accounts of...


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...


A hacker who reportedly posed as the CEO of a financial institution claims to have obtained access to the more than 80,000-member database of...


Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...