The cyberattacker who stole 400GB in corporate data belonging to spyware firm Hacking Team has come forward.
Hacking Team has not had a good week. The Milan, Italy-based company, known for selling surveillance and spyware tools to government agencies and private companies, experienced a data breach over the weekend which led to the alleged theft of 400GB of corporate data.
The file, which has spread like wildfire through torrent sharing, magnets and mirrors, contains information including customer lists, financial statements and allegedly the source code of tools supplied by the company.
According to the data, which has not been independently verified, countries with customers using Hacking Team's surveillance tools include Italy, the US, Spain, Egypt, the UAE, Nigeria and Israel, among many others. A number of intelligence and police services have been mentioned by name, such as the FBI.
Online mockery which is still going strong aside, the situation goes far beyond a 'normal' corporate data breach. Documents now freely available online imply that countries with oppressive regimes -- such as Sudan, Bahrain, Russia and Ethiopia -- are also clients. Previously, Hacking Team insisted the firm does not deal with "countries that international organizations including the European Union, NATO and the US have blacklisted" as well as those that abuse human rights.
If the customer lists prove to be legitimate, however, this could land Hacking Team in extremely hot water with the high courts -- as if angry government clients is not enough to cope with for one week.
On Monday, the surveillance tool firm confirmed it had been the victim of a data breach (which, of course, was not difficult to believe). Spokesman Eric Rabe said Hacking Team suffered an "online attack," commenting:
"We believe documents have been stolen from the company. We are investigating to determine the extent of this attack, and specifically what has been taken."
Hacking Team did not, however, comment on the authenticity of the files -- which in themselves are damning evidence of not-so-legal operations and deals -- not to mention files which have raised user speculation and disgust. Code hosted on GitHub after surfacing in Hacking Team's 400GB file included scripted links to files titled "pedoporno.mpg" and "childporn.avi." This led to speculation across Twitter that the company's tools may have been used to frame targets, however, it is likely the code is simply part of a somewhat tasteless demo.
The cyberattack led to another question: who was responsible? This query appears to have been answered in the form of Phineas Fisher, a hacker which previously took responsibility for an attack on Gamma, a surveillance firm which is also the creator of the FinFisher spyware. In 2013, researchers from Citizen Lab linked the FinFisher spyware with the monitoring of political dissidents in Bahrain.
Motherboard was able to contact the hacker at the time when Phineas Fisher had taken control of the Hacking Team Twitter account. To prove he was one and the same, Phineas Fisher used his parody Twitter account to promote the Hacking Team cyberattack:
While the cyberattacker did not answer any other questions thrown at him, Phineas Fisher later said on Twitter he would reveal how the network was breached:
Hacking Team has gone into emergency mode and has asked clients to stop using its software and shut down operations using its surveillance tools immediately. Interestingly, a leaked document titled "Crisis Procedure" implies that surveillance software used by clients contains a backdoor which allows Hacking Team to kill software remotely. In addition, all of Hacking Team's software contains a watermark -- which means operators and victims can potentially be traced.
An unnamed source speaking to Motherboard said Hacking Team will do "the impossible to avenge this," but at this current point in time, "there's not much they can do."
Top apps to keep your iPhone, iPad private and secure