Spanish police have arrested three people they linked to the hacking of Gamma Group and Hacking Team:
Spanish police have arrested three people over a data breach linked to a series of dramatic intrusions at European spy software companies — feeding speculation that the net has closed on an online Robin Hood figure known as Phineas Fisher.
A spokesman with Mossos d'Esquadra, Catalonia's regional police, said a man was arrested Tuesday in Salamanca on suspicion of breaking into the website of the Mossos labor union, hijacking its Twitter feed and leaking the personal data of more than 5,500 officers in May of last year. Another man and a woman were arrested in Barcelona in connection to the same breach, he said. No more arrests are expected, he added, speaking on condition of anonymity in line with force policy.
May's breach was claimed by Phineas Fisher, who first won notoriety in 2014 for publishing data from Britain's Gamma Group — responsible at the time for spyware known as FinFisher. The hacker cemented their reputation by claiming responsibility for a breach at Italy's Hacking Team in 2015 — a spectacular dump which exposed the inner workings of government espionage campaigns — and appearing as a hand puppet in an unusual interview for a 2016 documentary on cybermercenaries .
Also at Motherboard and The Hill.
netzpolitik.org reports that the network of the surveillance technology company Gamma International has been hacked and 40 gigabytes of internal data, including source code (yeap! uploaded on GitHub), support and marketing/sales info, are available for download (torrent warning).
If Gamma FinFisher doesn't ring a bell for you: the Reporters Without Frontiers lists them as one of "The Enemies of Internet" in the "Surveillance" special edition:
Gamma International offers advanced spyware, which has repeatedly been discovered in countries who mistreat journalists, like Bahrain and the United Arab Emirates. The Finfisher Technology sold by Gamma International is able to read encrypted files, emails and listen in to voice over IP calls. Among the targeted was Ala'a Shehabi, a journalist, university lecturer and activist from Bahrain, now living in London.
WikiLeaks has released previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political dissidents and others.
https://wikileaks.org/spyfiles4/index.html
FinFisher (formerly part of the UK based Gamma Group International until late 2013) is a German company that produces and sells computer intrusion systems, software exploits and remote monitoring systems that are capable of intercepting communications and data from OS X, Windows and Linux computers as well as Android, iOS, BlackBerry, Symbian and Windows Mobile devices. FinFisher first came to public attention in December 2011 when WikiLeaks published documents detailing their products and business in the first SpyFiles release.
Since the first SpyFiles release, researchers published reports that identified the presence of FinFisher products in countries aroud the world and documented its use against journalists, activists and political dissidents.
Julian Assange, WikiLeaks Editor in Chief said:
FinFisher continues to operate brazenly from Germany selling weaponised surveillance malware to some of the most abusive regimes in the world. The Merkel government pretends to be concerned about privacy, but its actions speak otherwise. Why does the Merkel government continue to protect FinFisher? This full data release will help the technical community build tools to protect people from FinFisher including by tracking down its command and control centers.
FinFisher Relay and FinSpy Proxy are the components of the FinFisher suite responsible for collecting the data acquired from the infected victims and delivering it to their controllers. It is commonly deployed by FinFisher's customers in strategic points around the world to route the collected data through an anonymizing chain, in order to disguise the identity of its operators and the real location of the final storage, which is instead operated by the FinSpy Master.
Archives:
http://web.archive.org/web/20140915073153/https://wikileaks.org/spyfiles4/index.html
https://archive.today/XRT0p
It is just now being reported on Twitter and by CSO Online that Italian security firm Hacking Team has been compromised by parties unknown.
The attack, which took place during the Women's World Cup, resulted in a Torrent file with over 400GB of of internal documents, source code, and email communications being made available to the public. Meanwhile, the attackers have also seized control of Hacking Team's Twitter, defacing it and posting images of the stolen data.
Christopher Soghoian, principal technologist of the ACLU, says that a preliminary analyst of the Torrent's contents suggests that Hacking Team included among their customers nations such as South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia. Hacking Team, which specializes in intrusion and surveillance, has always maintained that they do not do business with oppressive governments.
The tools developed by Hacking Team have been linked to several cases of privacy invasion in the past, by researches and the media.
n1 writes:
Among the more potentially damaging documents made public are invoices showing that Hacking Team has sold its intrusion software to government agencies in countries known to have oppressive regimes, including Sudan, Ethiopia, and Egypt.
[...] Hacking Team officials have not released any official public statements about the attack yet.
As researchers and others have begun to look through the documents, they have found a number of significant things, aside from the invoices. Among the discoveries is the fact that Hacking Team has a legitimate Apple iOS developer certificate that expires next year. Another researcher found a handful of files that listed the VPS (virtual private server) servers used by Hacking Team, and published a list of the IP addresses for the servers.
Hacking Team has issued a statement confirming that its code and zero-day software vulnerabilities were leaked:
It is now apparent that a major threat exists because of the posting by cyber criminals of HackingTeam proprietary software on the Internet the night of July 6. HackingTeam's investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.
Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.
Adobe has patched a security bug in flash, and Microsoft is working on a vulnerable kernel driver. Discussed at The Register and Motherboard.
The Intercept has detailed Hacking Team's demonstration to a Bangladesh "death squad," the use of Hacking Team software by the DEA to spy on all Colombian ISPs from the U.S. embassy in Bogota, and more. In one email, CEO David Vincenzetti unwittingly predicts the current fallout while warning employees not to leak the company's secrets: "Imagine this: a leak on WikiLeaks showing YOU explaining the evilest technology on earth! :-)" he wrote. "You will be demonized by our dearest friends the activists, and normal people will point their fingers at you."
Privacy International's Deputy Director Eric King has called the leaks "the equivalents of the Edward Snowden leaks for the surveillance industry." Nevertheless, Hacking Team plans to continue its operations. PhineasFisher, a hacker who penetrated Hacking Team's competitor Gamma International last year and leaked 40 GB of internal data, has claimed responsibility for this hack.
The attacker who broke into the computers of Hacking Team has written a narrative of the event, detailing the methods used. The write-up is available on pastebin in English (mirror) and in Spanish. (mirror).
Coverage:
In other news about Hacking Team, the Financial Times reports (semi-paywalled) that Italy's ministry of economic development, citing "changed political circumstances" that may be related to Italian-Egyption relations in the wake of the murder of Giulio Regeni, has revoked the company's licence to export outside the EU.
What's happening here? (Score:2)
We have a bunch of people mucking around with OS's and applications, trying to break into other people's computers. Some of those people have the contacts with which to sell their secrets to government agencies. These are the "good" hackers. They enjoy government protection. Other people lack those contacts, or lack the motivation to sell their secrets to the government. These are the "bad" hackers. The "good" hackers aren't as good as they thought they were, and the "bad" hackers stole some of their secrets. Since those secrets have been sold to governments, the governments decided that the "bad" hackers must pay for their brazenness.
Meanwhile, the governments are using our own hardware against us, the citizens, to keep tabs on us.
We need to redefine "good" and "bad" some day soon.
Stand by for hilarity from the Trump House!
