Skip to content

Hackers Gonna Hack, or Get Hacked

Posted on:July 11, 2015 at 03:00 AM

Italian based company Hacking Team suffered a major security breach earlier this week. Hacking Team provides offensive cyber security capabilities mainly for governments and law enforcement. Web is already full of analysis and stories about this case. I summary here some of the most important and interesting points.

What was leaked

Seems that pretty much everything was leaked. There is 400GB torrent file on p2p network that contains Hacking Team’s internal data: customers (including total revenues), source codes, emails, and so on. Some data is already out there on web:

Important findings

So far, the whole 400GB data dump is probably not reviewed completely and accurately. However, some major findings and disclosures have been made.

Some thoughts of mine

From government’s and law enforcement agencies point of view: is it responsible and safe to use products of foreign, privately held company for surveillance of citizens, even though the surveillance itself would be legal? If a foreign “hacking company” had a backdoor to Finnish government’s surveillance data, I would not be comfortable with that.

Exploit and surveillance tool markets are one topic of a debate. This is a complicated issue: should producing, selling and exporting “cyber weapons” be regulated the same way as firearms and other “real weapons”?

I have quite skeptical and suspectible approach on companies or individuals, who are selling zero-day exploits on the web, and exploiting them before warning a manufacturer / developers. There is no international regulations or policies for producing and selling “cyber weapons” - which I think Hacking Team’s products could be categorized.

To be honest, I don’t think that Hacking Team survives this breach. Moreover, I except, that credibility and trustworhy of information security companies will be a topic of many debates in near future. Hence, maintaining good reputation and taking care of internal security, will be vital for all companies and organizations in security field.