FYI.

This story is over 5 years old.

Hacking Team: ‘Reckless and Vicious Crime’ Won’t Stop Us

The spy tech company claims it has replaced its systems and is readying a new version of its spyware.
July 13, 2015, 4:34pm
Image: Hacking Team.

Forget about all our hacked secrets, and keep calm and carry on—that's what the controversial surveillance tech company Hacking Team seems to be saying in a new public announcement, a week after its massive data breach.

"We at Hacking Team are now dedicated to restoring the ability of law enforcement to fight crime hidden in the new encrypted digital world," the company's co-founder David Vincenzetti said in a statement.

Advertisement

In an ironic turn of events, Hacking Team, a company that sells spying technologies to governments around the world, got hacked last week. And it wasn't a run of the mill website defacement, the hackers actually got "everything," as someone with knowledge of the company told me. The breach exposed confidential documents on clients, new technologies, hundreds of thousands of internal emails, and even the spyware's source code, and forced the company to go on "full on emergency mode" and ask customers to shut down all their surveillance systems.

Despite the hackers "reckless and vicious crime," Hacking Team won't back down, because its work is more important than ever, the company's co-founder David Vincenzetti said in a mailing list message.

"We have suffered a significant blow at the hands of the attackers who clearly attempted to destroy our company." pic.twitter.com/tp03tSbRSH
— Andrew Blake (@apblake) July 13, 2015

In another similarly worded statement, this one sent to journalists and to be published on Hacking Team's website on Monday, Vincenzetti said that the company has already isolated its internal network to prevent future breaches and leaks, and that it's building a "totally new infrastructure."

Moreover, Vincenzetti said that not all the company's secrets got stolen, in fact, "important elements of our source code were not compromised," although he didn't specify which ones.

"Important elements of our source code were not compromised."

Hacking Team was also already working on a new version of its marquee product, Remote Control System (RCS), or Galileo, a suite of surveillance tools that help police and intelligence agencies hack into a target's computer or cellphone and monitor all its activities. Vincenzetti said that the Galileo's new version 10, which he called a "complete new revision" of the software, should be ready by the fall.

That's good news, Vincenzetti wrote, because "today's Internet is a safe harbor for criminals such as those who attacked Hacking Team, but also for terrorists, sex traffickers, murderers, narcotics dealers and other wrong-doers."

Advertisement

"No other company has ever produced a lawful surveillance capability nearly as comprehensive, as easy to use, or as powerful as ours," he added.

"Today's Internet is a safe harbor for criminals […] terrorists, sex traffickers, murderers, narcotics dealers and other wrong-doers."

Vincenzetti also said that the "exposed system elements are obsolete" because antivirus companies are likely to detect them. This statement directly contradicts what he said last week, when he warned that "terrorists" would now be able to use their software.

"I'm glad they're finally acknowledging that the leaked code can't be used to spy," said Bill Marczak, a researcher at Citizen Lab, at the University of Toronto's Munk School of Global Affairs, who has investigated Hacking Team for a long time. "I wonder who the statement is geared towards though. Are they seeking money from investors? Are they trying to reassure employees, or government clients?"

Marczak also added that it should be easy and fast for Hacking Team to upgrade Galileo to evade anti-viruses and get their customers up and running again, but the damage done by the leak could be more far-reaching than that.

"While they can quickly patch and evade anti-virus signatures, I think they'll be using their same bag of tricks," he added in an encrypted chat. "People will be on the lookout for the new stuff, and it might be an order of magnitude harder for Hacking team to maintain the 'invisibility from the security community' they had before."

"It might be an order of magnitude harder for Hacking team to maintain the 'invisibility from the security community' they had before."

Hacking Team has long been criticized for selling its powerful surveillance products to countries that have then been revealed to abuse it, such as Morocco and Ethiopia, whom both used RCS against dissidents and journalists.

Hacking Team may be coming out with this brash statement to reassure its customers, who have seen their surveillance investigations go dark more than a week ago because of the hack.