Hacking Team has issued a statement confirming that its code and zero-day software vulnerabilities were leaked:
It is now apparent that a major threat exists because of the posting by cyber criminals of HackingTeam proprietary software on the Internet the night of July 6. HackingTeam's investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.
Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.
Adobe has patched a security bug in flash, and Microsoft is working on a vulnerable kernel driver. Discussed at The Register and Motherboard.
The Intercept has detailed Hacking Team's demonstration to a Bangladesh "death squad," the use of Hacking Team software by the DEA to spy on all Colombian ISPs from the U.S. embassy in Bogota, and more. In one email, CEO David Vincenzetti unwittingly predicts the current fallout while warning employees not to leak the company's secrets: "Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)" he wrote. "You will be demonized by our dearest friends the activists, and normal people will point their fingers at you."
Privacy International's Deputy Director Eric King has called the leaks "the equivalents of the Edward Snowden leaks for the surveillance industry." Nevertheless, Hacking Team plans to continue its operations. PhineasFisher, a hacker who penetrated Hacking Team's competitor Gamma International last year and leaked 40 GB of internal data, has claimed responsibility for this hack.
(Score: 5, Insightful) by MrGuy on Thursday July 09 2015, @08:41PM
So, lemme get this straight.
When YOU could deploy the software against any target you were paid to deploy it against, that was just fine.
When someone ELSE can deploy the software against any target of THEIR choice, it's a "major threat"?
The "major threat" has existed since you wrote the software, not since you lost control of it.
(Score: 0) by Anonymous Coward on Thursday July 09 2015, @08:50PM
No kidding.
The *RESPONSIBLE* thing to do would have been to report the vullins. Instead they built a business around it of breaking into other peoples computers. If they found the bug someone else could to. Finding this sort of bug just takes time and a bit of knowledge. There is no 'secret' sauce to it.
I do not feel sorry for them.
(Score: 4, Informative) by takyon on Thursday July 09 2015, @08:55PM
Or money:
NSA purchased zero-day exploits from French security firm Vupen [zdnet.com]
NSA Contracted With Zero-Day Vendor Vupen: NSA likely used French exploit service to keep tabs on the competition and run "deniable cyber ops," says cyber-weapon critic. [darkreading.com]
New Dark-Web Market Is Selling Zero-Day Exploits to Hackers [wired.com]
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Interesting) by frojack on Thursday July 09 2015, @09:39PM
It reminds me of the Spy vs Spy comic books.
This is JUST as LIKELY to be industrial espionage between competitors as any single hacker exploit.
No, you are mistaken. I've always had this sig.
(Score: 2) by SlimmPickens on Friday July 10 2015, @07:06AM
I don't think they would erode their customer base like that.
(Score: 2) by captain normal on Friday July 10 2015, @02:57PM
One persons bug is another's "trade secret". I just love that these hackers got hacked.
Everyone is entitled to his own opinion, but not to his own facts"- --Daniel Patrick Moynihan--
(Score: 1, Insightful) by Anonymous Coward on Thursday July 09 2015, @09:20PM
When YOU could deploy the software against any target you were paid to deploy it against, that was just fine.
When someone ELSE can deploy the software against any target of THEIR choice, it's a "major threat"?
But WE are the good guys! Everything WE do is righteous!
'It is difficult to get a man to understand something, when his salary depends on his not understanding it.'
--Upton Sinclair
(Score: 3, Funny) by Anonymous Coward on Thursday July 09 2015, @09:53PM
The "major threat" has existed since you wrote the software, not since you lost control of it.
No, the real major threat was born when Flash Player was rolled out...
(Score: -1, Flamebait) by Anonymous Coward on Friday July 10 2015, @02:00AM
The real threat was born when Windows was rolled out.
(Score: 2) by bob_super on Friday July 10 2015, @05:45PM
The NRA would like a chat with you.
In a discrete corner of the desert.
BYOShovel.
(Score: 2) by DeathMonkey on Friday July 10 2015, @06:48PM
It's WAY worse than that, a little FTFY Friday!
When oppressive regimes, including Sudan, Ethiopia, and Egypt could deploy the software against any target, that was just fine.