Some users may have downloaded the RCS source code

Jul 7, 2015 12:57 GMT  ·  By

Following the breach of Hacking Team’s computer systems, the intruders started leaking into the public domain confidential information from the company, including the source code for the surveillance tools sold to different government agencies.

Hacking Team’s thriving business of creating legal spyware for customers with pockets deep enough to afford it was stopped on Sunday evening, when an unknown party took control of the company’s Twitter account and used it to publish a link to a torrent with over 400GB of private files.

On Monday, the attacker signed up for an account on GitHub under the name “Hacked Team” and released the tools developed by surveillance software developer.

The files were removed since and the account suspended, but despite the short-lived activity of the profile, GitHub users had plenty of time to download the data.

Hacking Team's business is pretty much over

The repository location included signing keys and core components of spying utilities for different operating systems (Linux, iOS, OS X, Windows, Android, BlackBerry, Symbian).

Multiple packages had names with reference to Remote Control System (RCS), the main tool used for spying on targets. These entries were for “rcs-collector,” “rcs-anonymizer,” “rcs-backdoor,” “rcs-console-library,” “rcs-console-mobile,” and “rcs-db-ext.”

Since the information was exposed, both through GitHub and the 400GB cache shared via torrent, Hacking Team’s business has been put at serious risk. Although some customers of the company are not supporters of privacy, they don’t care about human rights, either, and the money invested in the surveillance technology is significant.

One of the invoices seen by civil liberties activist Christopher Soghoian shows a 2014 bill of $2.85 / €2.6 million. Hacking Team received another $1 million / €914,000 from Ethiopia.

But the list of customers also includes Sudan, Egypt, Saudi Arabia, Oman, Qatar, Bahrain as well countries in Europe (Poland, Germany, Hungary, Czech Republic, Spain, Luxembourg and Switzerland) and the US, as FBI and the DEA paid for subscriptions.

Apart from customers, the leak gave security companies the opportunity to create detection signatures for the malware, offering protection to all users.

Even if Hacking Team had a backup plan for the surveillance software and can quickly bounce back into developing new spyware, which is highly unlikely, once customers lose their trust in the business, things start going downhill.

Once on the web, attempting to pull it back is futile

To add insult to injury, the attacker also altered the account name to read “Hacked Team,” changed the logo and replaced the short bio to “developing ineffective, easy-to-pwn offensive technology to compromise the operations of the worldwide law enforcement and intelligence communities.”

Control of the account was regained after more than 10 hours, and all the tweets with leaks deleted. However, since the attacker had the entire cache in hands and made it available to the public, many expected leaks to pop up all over the web.

It is well known that, once confidential data is exposed online, there is no guarantee that it can be pulled back, regardless the effort and parties involved. Someone out there is bound to have saved a copy for personal analysis or just for the sake of it.

Hacked Team repositories on GitHub
Hacked Team repositories on GitHub

Photo Gallery (2 Images)

Hacked Team's profile on GitHub
Hacked Team repositories on GitHub
Open gallery