The Hacking Team Breach - How the for Hire Hackers Got Hacked

Running head: THE HACKING TEAM BREACH: HOW THE FOR HIRE HACKERS GOT HACKED                                                                                                                                         1

The hacking team breach: How the for hire hackers got hacked

Bala Sai Pankaj Kumar Koppella

Illinois Institute of Technology

Author Note

Bala Sai Pankaj Kumar, School of Applied Technology, Illinois Institute of Technology.

Abstract

In July 5, 2015, A Milan based company by the name Hacking Team which is long accused of selling unethical software to government agencies has been breached. Huge amount of data has been stolen in this breach including the source code of the software and internal emails. This paper will explore the background of the Hacking Team and how the breach happened. A

possible solution to how The Hacking could have been prevented and security lessons learned for the Hacking team breach. Security protocols that should be followed by every organization will also be addressed.

Keywords:  Remote Control System, Tape drives, Source code

The hacking team breach: How the for hire hackers got hacked

The frightening thing about the Hacking Team Breach is that when a hackers for hire organization can get hacked how secure are we? With the business world already swimming against the tide when it comes to cyber security and Cyber-crimes skyrocketing with the tools in the public domain no company or organization is safe. This will discuss how the data breaches can be avoided by following simple security procedures. In this case how the hacking team could have avoided the huge data breach of security tools and data.

Background Information

Hacking Team is a Milan-based business offering "offensive" intrusion and surveillance capabilities for law enforcement agencies and governments on six continents. It is well known their Remote Control System1 ‘DaVinci’ will enable their clients to monitor the internet users, decipher their files and emails, and record other communications. They are also capable of remotely activate and control microphones and cameras on target computers with the help of their DaVinci. In 2015, the company became a victim of a huge data breach of 400 gigabytes including internal e-mails, source code of the surveillance products and company invoices, involving them with various major government agencies.

1Remote Control System is an IT stealth investigative tool for monitoring and taking

control of the endpoint device like a camera on a computer or the microphone of a mobile phone. It enables the end party to listen to every conversation, phone call and text made by the device. It even enables to track the device and the person carrying the device using the google maps. It has the capability to erase the data on the target device and even control it.

The amount of data breached and its victims

On July 5, 2015, the twitter account of the organization got compromised revealing a link to the

400 gigabytes of data breached which includes the internal e-mails of the company, the source code of every product delivered by the organization and the invoices of the company to various government organizations which included the Lebanese and Sudan army among others. After analyzing the huge dump of breached data the researchers also found the zero-day vulnerability2 of adobe flash player and windows kernel. One leaked email showed the Drug Enforcement Agency (DEA) seeking hacking team’s help to integrate one of their tools to the company’s RCA to monitor all the data traffic from Columbia. The leak also suggested Mexico to be its biggest customer till date, paying out $6.3m to the company. Up to 14 separate Mexican states have signed up with Hacking Team to date, and the Mexican interior ministry is the most recent one.

2A zero day vulnerability alludes to a hole in software that is obscure to the vendor. This

security hole is then misused by hackers before the vendor gets to be mindful and hurries to settle it.

The hackers behind the operation. As no particular group has claimed this attack their work, investigators have gone through a few previous data breaches of this type and concluded this to be the work of one Phineas Fisher of the group Advanced Persistent Threat(APT) which may have links to wikileaks. However, all these are pure speculations and the true identity of the hacker is still unknown unless the individual comes out seeking fame for the attack.

Aftermath of the breach. With all the source code of the spyware technology open to everyone on the web means it makes everyone vulnerable if in wrong hands. With the capabilities of these spyware tools they are equally prized among government agencies and hackers.

The ethical side of Hacking Team’s work

Hacking team have always been criticized for selling their services to repressive regimes with questionable human rights records in countries such as Sudan, Bahrain and Kazakhstan, for which the company has always denied doing so. But with the data breach, it was evident that they did sell spyware tools to government agencies. Some researchers discovered child porn references within the source code for the company's Remote Control System, which led some to suggest that Hacking Team may have built and sold a "child porn fabrication tool". With several United States agencies like DEA, FBI and Department of Defense involved with the Hacking Team the debate of controlling spyware raised. This raises doubt about whether current regulations viably keep a private firm from offering hacking software to any legislature in the world. One written exchange between Hacking Team's authorities and United Nations (UN) authorities demonstrates the UN questioning Hacking Team's deals to Sudan. A letter from the UN to the company references a March 2015 letter Hacking Team sent the UN. It argued that its spying tools didn’t count as a weapon, thus didn’t fall under the UN’s arms ban for which the UN disagreed.

...