When Hackers Got Hacked !


the dark SecretS of Hacking Team THAT REACHED THE SMALL ISLAND OF Cyprus 
Hacking Team Logo

Anything is ‘hackable’ and so the irony becomes even more apparent nd the title hackers got hacked. This week’s news were dominated by the leaks of Hacking Team, the aftermath of a total compromise of their internal network by unknown hackers more than 400GB of sensitive raw data are now publicly available on the internet. A quick glance on the material showed source code of their exploits, receipts, client communication and company’s spreadsheets exposing the company’s lovely guarded skeletons to anyone is techie enough to just Google the right words!

Cyprus Delivery Report

Delivery Report on the equipment sold to Cyprus Intelligence Service

Hacking Team Controversy

The Hacking Team has been on the centre of bad publicity since early 2014 when CitizenLab accused the Italian company for selling surveillance equipment to oppressive regimes [3]. At the time HT denied any involvement, however today’s leaks show that Nigerian government was in their list along with Saudi Arabia, Uzbekistan, Sudan, Morocco and Turkey classified as the worst human right violators in the international community. The infamous company was openly marketing for government agencies and law enforcement by offering them customised solutions to bypass encryption and intercept data; often stepping into a grey area.

One of their latest products was branded as “Remote Control System Galileo” and gave the power to the adversary to exploit at least 2 different 0-day vulnerabilities in Flash (CVE-2015-5119, CVE-2015-5122 and CVE-2015-5123) to compromise and potentially take over Windows, Linux and OS X machines. According to the latest updates, their most common attack vector was a Microsoft Word (.doc) format file that silently loads an Adobe Flash in the background compromising the victim’s computer.

HT team Advertisement for Remote Control System, Galileo targeting state agencies

Angry Agents all over the World

As Business Insider reported Hacking Team has been advising its customers to disable their software stop any activities immediately as their exposed to a risk [2]. Moreover to add more confusion, sources report that their equipment was purposely backdoored and watermarked which means not they could remotely control the customer’s target machine but they could also access the outcome of any ongoing surveillance [2]. I am almost certain that this kind of ‘features’ were not communicated to their customers and as Bruce Scheiner said it’s not very pleasant to make international secret agencies upset [1]!

Cyprus, the Island for all Seasons !  <— shameless advertisment!

Among the thousands of files leaked, a client list containing the Cyprus Intelligence Service as a client, purchasing services from the Italian hackers since 2012. Financial statements record a total amount of 375,000 euros were paid by the Cypriot government to acquire state of the art surveillance malware for surveillance purposes. A licence for 5 instances of Remote Control System Galileo seems to be sold to CIS for Windows and Android targets along with maintenance and customisation services.

HT Spreadsheet

The 1st instalment of €70,000 from a total of €375,000 contract with HT

As a result of a few published articles and media coverage on the topic, citizens became concerned about two specific issues. I would try to give my view on the issue without trying to pretend I am a legal expert and focusing more on the technical aspect of the issue.

Q: Is surveillance conducted by Cyprus Intelligence Service legal?

Continue reading