Hacking Team: We won't 'shrivel up and go away' after cyberattack

In an interview, a Hacking Team executive discusses both the devastating hack and the firm's future.
Written by Charlie Osborne, Contributing Writer

LONDON, UK -- A company specializing in spyware that's had its secrets and corporate entrails strewn across the Web, in many eyes, would not recover from such an attack.

According to a Hacking Team executive however, recovery is not only possible -- but expected.

Over the past few days, Milan, Italy-based Hacking Team has been thrust into the spotlight after a devastating cyberattack in which a hacker waltzed away with over 400GB in stolen data. Financials, customer records, emails and the source code of surveillance tools were then gleefully thrown into the public domain by the perpetrator -- and that data has been downloaded by everyone from security professionals to activists and journalists ever since.

Executive employee meltdowns, public threats, a website and Twitter account taken offline, security firms picking apart new exploit data, and no doubt a horde of seething clients whose names have been exposed have all hit Hacking Team in record time.

The big question is: What does the future hold for the surveillance tool company?

In an interview with ZDNet, Hacking Team's chief marketing officer Eric Rabe was willing to start at the beginning. When asked whether Hacking Team knows what caused the massive data leak, the executive described the hack as a "sophisticated attack," which took "days or weeks to accomplish."

The company allegedly knows how its systems were breached, but Rabe did not divulge further details.

This appears to clash with claims made by a hacker online dubbed Phineas Fisher, who took responsibility for the attack after taking over Hacking Team's Twitter account on Monday. The hacker previously took a bow as the force behind an attack on spyware maker Gamma several years prior.

According to Motherboard, on Monday, Phineas Fisher wrestled control of the Hacking Team Twitter account and proved his identity through promoting the hack through his personal account at the same time.

Phineas has also promised to later reveal how the network was breached, once "they have time to fail at figuring out what happened and go out of business." Rabe did not appear sure of the hacker's identity or location in the last few days' social network storm.

"We can disagree about public policy but that doesn't give [someone] the right to put someone out of business," said Rabe. "We don't believe it was a guy alone in his basement."

But it may well have been. In the 400GB data dump, a number of files suggest for all of the company's sophisticated surveillance solutions, it has yet to master some of the basics. The problem? The fact that many root passwords which could be used to access Hacking Team servers were astoundingly weak, with many simply being "Passw0rd."

On the subject of servers, the executive was also questioned on the claims of a user over Twitter who alleges his servers have been under a constant onslaught of distributed denial-of-service (DDoS) attacks after placing a mirror of data stolen from Hacking Team online.

The Tor exit cluster operator, under the moniker TheCthulhu, wrote on Twitter:

(Image: Twitter/CthulhuSec)

After a moment's pause, Rabe neither confirmed nor denied whether the company was involved in this matter, but said only that "stolen materials should not be put on the web."

So how can Hacking Team expect to recover? Rabe said that damage to the firm's systems was not the main issue, rather, the real damage has been caused in the "detection of our software."

"We must make changes in the system to make sure this [detection] doesn't happen," said Rabe. "It has impacted the ability [of law enforcement] to follow suspects of crime."

Within the interview, the issue of "blacklisted" countries was also touched upon. Documents within the stolen treasure trove detail customer records and history, and include client countries such as the US, Italy, Egypt and Nigeria. Customers are also allegedly from Sudan, Russia and Ethiopia -- which would then contradict the firm's previous insistence that it does not work with "countries that international organizations including the European Union, NATO, and the US have blacklisted."

"There is no evidence in those files we are doing anything illegal, and I would argue, 'unethical'," he said. "We are trying to further lawful activity and that is what we do."

Rabe said the company has customers around the world, and implied that if clients were in countries current under scrutiny by political parties, it was a moot point -- as "Hacking Team does not look into history."

It's too early to speculate whether or not Hacking Team has a future. Rabe told ZDNet that the company has asked its clients to stop using its software for the time being and to cease operations, but when you consider the kinds of clients -- from law enforcement to government agencies and intelligence units -- there's likely a slew of unhappy customers clogging up the company's phone lines.

When a security company which provides surveillance tools worldwide is breached and its solutions sent forth to flood the public domain, you have to ask whether Hacking Team has enough of a reputation left to restore client trust, let alone whether the interest of regulators has been piqued enough to delve into the company's practices.

For Rabe, this isn't even a matter in question. When asked whether Hacking Team had a future, he replied, "Of course. We don't expect to shrivel up and go away because of this."

Editorial standards