The Guardian is reporting that the cybersecurity firm Hacking Team has been hacked and tons of their data is now floating around the Internet:
According to the documents, 400GB of which have been published, Hacking Team has also been working with numerous repressive governments – something it has previously explicitly denied doing. It has not been possible to independently verify the veracity of the documents.
The perpetrators of the apparent hack used the company’s own official Twitter feed (renamed “Hacked Team”) to communicate. They continued to post to the feed for hours after, highlighting specific documents they claim come from the hack, such as emails, invoices and even screenshots of Hacking Team employees’ computers, until the company regained control on Monday morning and removed the posts.
That’s pretty embarrassing. But here’s something else that caught my eye:
The company describes itself as in the business of “providing tools to police organisations and other government agencies that can prevent crimes or terrorism”, but if the documents are genuine they suggest it may be willing to sell to non-state actors as well. One invoice apparently reveals the company dealing with a private Brazilian firm, YasNiTech, to whom it sold three months access to its remote access tool, allowing the firm to hack in to Android and Blackberry phones, and Windows devices. We do not know if this sale was part of a wider contract with the Brazilian government.
That’s interesting. They have the ability to hack into Android and BlackBerry phones. The former I can see, but the latter is surprising. I’m pretty sure that there are some people in Waterloo who are going to have to explain how it is possible for someone to hack into BlackBerry phones which the company touts as being secure. But if that’s not enough, MacWorld has the same story on its website with a slightly different angle that will be of interest to Apple fans:
iOS users should therefore take note that the long-running concern that jailbroken iPhones and iPads were susceptible to vulnerabilities that could include access by so-called state actors appears to be confirmed by the data breach.
Two security outfits—the commercial Kaspersky Lab in Russia and academic Citizen Lab in Canada—first revealed in June 2014 that they had discovered and decoded Hacking Team’s smartphone-cracking software. The reports at that time indicated that only jailbroken iOS devices could be hijacked, but that malware could be installed on an iOS device when connected to a computer that was confirmed as trusted, and which had been compromised.
That external analysis has now been complemented by the Hacking Team’s internal documents. One pricelist shows a €50,000 ($56,000) price tag on an iOS snooping module with the note, “Prerequisite: the iOS device must be jailbroken.”
Take home message: If you have a jailbroken iOS device, You can become a victim of their software. Thus it highlights what I’ve said for a long time. You may not like the walled garden of Apple. But you’re better off with it than without it.
So, let’s recap,…. Hacking firm gets hacked and info showing that they sell their services to anybody with cash leak out. Plus info that they can get into almost any phone leaks out as well.
Scary stuff indeed.