Hacking Team Hacked

Who: Hacking Team is an Italian, controversial company which builds and sells spywares to Governments. Even though they used to deny it, we now know for sure that they were supplying to oppressive regimes, such as Sudan, Saudi, Iraq, etc. A full list of their clients is here.

Damage: About 400+ GB of corporate data is leaked on torrents (and here), and the source-code of their tool is loaded up on github.

Consequences: The 0-day exploits which they were exploiting, are now in the wild - can be used by anyone. However, Adobe immediately released the patch for their Flash player

Their most notorious tool was called Remote Control System (a 2014 report is here), and they apprantly had a few more, especially one that one relied on hijacking jailbroken iPhones.

Furthermore, their twitter and other online accounts were also hijacked. The primary reason here, is because of hilariously weak passwords:
The root passwords for Hacking Team's servers were inexplicably weak for their purpose. One of the passwords was simply "P4ssword,".
Other passwords grabbed from Hacking Team founder Christian Pozzi included "wolverine" and "universo," and other variations of dictionary words like "Passw0rd".
By: A hacker (crusader?!) who goes by the name of PhineasFisher has taken credit for the disclosure.

Update 25-Jul-15:
Another tool discovered in the dump, which was used to compromise Android devices.

No comments: