Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said.
The Motherboard report has since been confirmed by Reuters, who spoke to Hacking Team spokesman Eric Rabe who said the company expects there “to be a relatively short suspension of service” while it determines whether specific operations by law enforcement agencies have been exposed by the leaking of 400 GB of the firm’s internal documents, source code, and email archives.
Hmm. I would expect that Hacking Team’s customers would be pretty livid about the hack, which has not only put the code for technology used to snoop upon people into the public domain, but also exposed the contracts that intelligence agencies have with Hacking Team to provide their services.
Furthermore, according to the Motherboard report, the leaked information could even prove who is spying on particular groups:
To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.
“With access to this data it is possible to link a certain backdoor to a specific customer. Also there appears to be a backdoor in the way the anonymization proxies are managed that allows Hacking Team to shut them off independently from the customer and to retrieve the final IP address that they need to contact,” the source told Motherboard.
One imagines that even law enforcement agencies who haven’t used the services of Hacking Team will be taking a high level of interest in the hack, seeing as it appears to have exposed the Italian company providing spyware and surveillance technology to countries with particularly dodgy ruling regimes.
You also have to question which government agencies would feel comfortable working with Hacking Team in future, after it was revealed that the so-called security company had staff following spectacularly sloppy password practices.
And now, a word from Alanis Morissette:
- Hacking Team hacked – bad news for firm that helps governments spy on their citizens
- Lesson #1 from the Hacking Team hack: Choose strong passwords
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.