Security Experts:

We Never Broke Any Laws: Hacking Team

Italian spyware maker Hacking Team has responded to some of the reports published following the recent breach and has once again denied breaking any laws or regulations.

Hackers leaked more than 400GB of data stolen from the company’s systems earlier this month, including exploits, source code, documents, and communications. The leaked data has been analyzed by many researchers and organizations, and some interesting aspect of Hacking Team’s operations and tools comes to light almost every day.

Hacking Team says it’s displeased with the fact that it is being treated like an offender when in reality it has never broken any laws.

“The truth is that the company itself has operated within the law and all regulation at all times,” said Eric Rabe, Chief Marketing and Communications Officer at Hacking Team. “However, commentators dislike the fact that strong tools are needed to fight crime and terrorism, and Hacking Team provides them. So the company is being treated as the offender, and the criminals who attacked the company are not.”

Rabe claims the company currently complies with new regulations developed in 2014 and enacted in January 2015. The Italian government reviews the sales of Hacking Team technology under these new rules, which are in accordance with European Union regulations and the Wassenaar Arrangement.

Hacking Team does not deny that it has sold its products to Sudan. However, the spyware maker argues that at the time when it sold its solutions to Sudan, back in 2012, its technology was not classified as a weapon or dual use technology. The same goes for other countries that don’t have a good civil rights record, including Russia and Ethiopia, Rabe said.

“In fact, it is only recently that has Hacking Team technology been categorized under the Wassenaar Arrangement as a ‘dual use technology’ that could be used for both civil and military purposes. Dual use technologies are regulated separately from weapon technologies,” Rabe said.

Hacking Team has not provided many details on the recent breach. The company has confirmed that the attackers gained access to proprietary information, the personal details of employees, and information on some customers. However, the surveillance software firm says the attackers could not have stolen data from investigations conducted by its customers because it doesn’t have access to such data.

Furthermore, Hacking Team has denied reports that it planted backdoors in its software that would allow it to learn about customers’ operations and disable the product. The company has also denied recent reports that it’s working with a Boeing subsidiary on integrating its Wi-Fi hacking capabilities into drones.

According to Hacking Team, the recent breach has not exposed important source code, which the company will use to release a completely new version of its product later this year.

The spyware maker initially warned that the leaked source code would be useful to terrorists and extortionists. One category that has clearly put the leaked data to good use is cyber threat actors. Cybercriminals have leveraged various Adobe Flash Player zero-day exploits to deliver malware, and advanced persistent threat (APT) groups have also used Hacking Team’s exploits in their operations.

However, the company now says its leaked code has become “obsolete” because it is easy to detect. Rook Security has released a free software tool designed to help organizations determine if their systems are infected with malware developed by Hacking Team.

Highly Advanced Android Malware Discovered in Hacking Team Leak

Researchers at Trend Micro have analyzed the source code for Hacking Team’s RCSAndroid product and believe it “can be considered one of the most professionally developed and sophisticated Android malware ever exposed.”

Once it infects an Android device, the spyware is capable of carrying out a wide range of activities, including capturing screenshots, monitoring clipboard content, harvesting passwords for Wi-Fi networks and popular online services, collecting emails and text messages, capturing voice calls, taking photos using the device’s cameras, recording locations, and decoding messages from instant messaging applications.

Trend Micro says the threat, which it detects as AndroidOS_RCSAgent.HRX, has been used in the wild since 2012.

It appears that Hacking Team’s Android spyware uses some open source tools developed by researcher Collin Mulliner. Mulliner learned of this after being contacted by people who analyzed the Hacking Team leak, some of whom thought that he had helped develop the surveillance software.

“I'm pretty angry and sad to see my open source tools being used by Hacking Team to make products to spy on activists. Even worse is the fact that due to the lazy way they managed their source repository less informed people might get the idea that I developed parts of their tools for them. Just to make this very clear: I did not write any of those tools for Hacking Team,” Mulliner said.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.