Almost 48 hours after an unnamed hacker announced the breach of Hacking Team, exposing more than 400GB of secrets, the Italian surveillance tech company is investigating what happened, and coming out of its radio silence.
The cyberintrusion, which was “quite sophisticated,” was likely the work of people “with a lot of expertise,” according to the company spokesperson Eric Rabe, who spoke with Motherboard on the phone from Milan, where he flew after finding out about the attack.
“We don’t think this was the work of just some random guy,”
Rabe said, adding that it was more likely that it was an “organization,” either a criminal group or maybe even a government. “It’s hard to know.”
“We don’t think this was the work of just some random guy.”
Rabe questioned that the hacker, who told Motherboard that he was the same one who hacked Hacking Team’s competitor Gamma Group last year, was motivated by human rights issues. “I don’t know if we have any evidence of that.”
The spokesperson, however, hinted that the company knew how the hack had occurred, but declined to share details since two Italian law enforcement agencies are involved in the investigation.
He did, however, say that “all” Hacking Team’s files are encrypted, but since the attackers got access to the administration system, they got access “to encrypted documents.”
After the hack, the company asked all its customers to shut down their surveillance systems and suspend all operations using Hacking Team’s spyware, Rabe confirmed, after Motherboard first reported it yesterday. He said that they took the precaution to protect operations against terrorist and criminals. Hacking Team will let the customers resume operations as soon as they can upgrade and patch their systems, but Rabe didn’t know how long that would take.
“Oh, I don’t know, we’ll see,” he said.
Its customers, Rabe said, were not happy about the hack, but they understood that these things happen. Similar hacks were suffered by larger companies in the recent past, he said, mentioning the breaches on OPM, JP Morgan, and others—although some would argue that a company whose business is to take advantage of vulnerabilities to hack targets, perhaps they should’ve known better.
Hacking Team itself is now figuring out what was compromised, and finding the vulnerabilities that were exploited.
Hacking Team itself is now figuring out what was compromised, and finding the vulnerabilities that were exploited so that it can fix them. But Rab said that during the company’s internal security assessments, which happen “every night,” they didn’t find any holes.
“We would’ve corrected them if we had,” he said.
Asked about the leaked emails and documents that show that Hacking Team sold to repressive regimes, such as Sudan or Ethiopia, Rabe said he couldn’t comment on customers. He said that the invoice to the government of Sudan was old, since it was dated 2012, but declined to comment any further.
Rabe also declined to clarify what the expression “not officially supported,” which appears on the leaked list of customers next to Sudan and Russia, means.
“I’ll let you speculate on that,” he said.
He did, however, reveal that Hacking Team does not have a review board that helps establish when the company might sell to a questionable customer. After Hacking Team agreed to follow the export regulation imposed by the Wassenaar Arrangement, which limits the export of certain surveillance technologies, “the panel was not required anymore.”
Hacking Team used to describe the panel as an “an outside panel of technical experts and legal advisors,” but internal emails reveal it was simply the law firm Bird & Bird (Rabe declined to confirm nor deny), which also apparently did not review every sale. And in either case, given some of the emails reported on by The Intercept, it looks like Hacking Team did not necessarily follow its guidelines.
The hacker who hit Hacking Team, in the meantime, announced on Twitter that he will disclose how he did it once the company fails to figure it out.
I’ll writeup how hacking team got hacked once they’ve had some time to fail at figuring out what happened and go out of business
— Phineas Fisher (@GammaGroupPR) 7. Juli 2015
For Rabe, the fact that the hacker can hide behind the “anonymity of the internet” proves exactly why the people at Hacking Team “we do what we do.”
“This is one of the reasons why what Hacking Team does is so important,” he said. “This kind of activity is a threat to everybody who uses the internet.”