Advertisement
Tech by VICE

Hacking Team's Customers Still Can't Spy Two Weeks After Hack

The operations of the spy tech company’s customers are all “down” and “stalled.”

by Lorenzo Franceschi-Bicchierai
Jul 22 2015, 9:00am

Just a few hours after a mysterious hacker announced to the world that he had hacked the controversial spy tech vendor Hacking Team—an announcement made on the company's very own Twitter account—Hacking Team asked all customers' to shut down all operations and stop using its spyware.

More than two weeks later, the cops and spies all around the world who have purchased Hacking Team's spyware are still in the dark, unable to use the surveillance software they bought for hundreds of thousands of dollars, Motherboard has learned.

"I can't predict when Hacking Team will have full restoration for customers," Eric Rabe, the company's spokesperson, said in an email on Tuesday. "The first priority [is] to protect the customers' investigation data."

"Everything is down, it's all stalled."

Rabe did not respond when I asked him if by "full restoration" he meant that some customers already have some partial restoration, but a source outside of the company, but who has knowledge of some of Hacking Team's customers, said that the customers are still in full shutdown. (The source declined to reveal the name of the customers, and spoke only on condition of anonymity given the sensitivity of the matter.)

"Everything is down, it's all stalled," the source told me. "It will take months for Hacking Team to temporarily restore the service, but perhaps a year to get back at full speed."

Last week, Hacking Team's CEO and founder David Vincenzetti said that they were working hard to recover, and that the "reckless and vicious" crime wouldn't stop them. In fact, Vincenzetti promised "a totally new infrastructure" and a "completely new" version of its marquee product, known as Remote Control System (RCS) or Galileo, which allows its operators to hack into a target's computer or cellphone and monitor it, intercepting data, calls, messages, and even turning on the microphone or webcam.

But it won't be easy because among the 400GB of secrets leaked online, the hacker has published all the source code of Hacking Team's RCS. Among the leaked files, there were also a handful of "zero-day" exploits, previously unknown software bugs that could be used to infect targets of Hacking Team's customers.

Thanks to these leaks, those bugs are being patched; anti-virus companies are upgrading their products to detect Hacking Tea's spyware; and security researchers are recreating the spy software in their labs to study exactly how it worked, to learn about its strengths and weaknesses.

"The leak has exposed all Hacking Team's tricks."

"The platform's redesign will have to be heavy because the leak has exposed all Hacking Team's tricks," the source told me.

Other researchers agree that the company faces an uphill battle to recover from the massive hack.

"While they can quickly patch and evade anti-virus signatures, I think they'll be using their same bag of tricks," Bill Marczak, a security researcher who has studied Hacking Team's activities for years, told me last week. "People will be on the lookout for the new stuff, and it might be an order of magnitude harder for Hacking team to maintain the 'invisibility from the security community' they had before."