One of the biggest hacks of the year so far resulted in the dumping on a torrent site of a 400GB file containing sensitive corporate data. The file has revealed that the firm’s root passwords for its servers were useless for their purpose.
For example, one of the root passwords was simply ‘P4ssword’, which would’ve taken any experienced hacker just minutes to crack.
Other passwords grabbed from Hacking Team founder Christian Pozzi included ‘wolverine’ and ‘universo’, and other variations of dictionary words like
— Micah Lee (@micahflee) 6. Juli 2015
Hacking Team sells malware and spyware technology to governments and law enforcement and intelligence agencies, and was hit by the large-scale security breach on Monday by hackers whose identities are unknown. The attackers took over Hacking Team’s Twitter page and posted links to a torrent file comprising more than 400GB of the company’s data for anyone to download. It seems that the breach is still having effects on the security industry. It was revealed on Wednesday that a zero-day attack exposed in the data leak has been integrated into an exploit kit and is currently being used by cyber crooks to target Adobe Flash Player users. Security firm Malwarebytes warned that Flash Player versions up to 126.96.36.199 are unpatched against the zero-day. The Neutrino exploit kit being used by hackers is “one of the fastest documented cases of an immediate weaponisation in the wild” thanks to the detailed instructions left in Hacking Team’s data. “We first discovered the Flash zero-day hit at 3PM PT and we believe it is the same as the one revealed in the Hacking Team hack,” said Malwarebytes senior security researcher Jérôme Segura in a blog post. Adobe acknowledged the CVE-2015-5119 flaw, and has now issued a patch, urging customers to update the software as soon as possible. “Adobe recommends users update their product installations to the latest versions using the instructions provided in the ‘Solution’ section in Security Bulletin APSB15-16,” the firm said. Hacking Team’s customers had never been formally disclosed. Until now. It emerged on Tuesday that the FBI was even a client of Hacking Team. While it had been rumoured for quite some time, it was confirmed yesterday that the FBI purchased services from the Italian company after hackers exposed corporate data revealing internal files including several spreadsheets giving evidence of transactions with the FBI. Another controversial aspect in Hacking Team’s past is that it was accused of selling spyware and targeted surveillance malware to Sudan. The company denied this at the time, but the recently leaked data suggests otherwise. One file shows how the company instructed the Sudanese government to pay €480,000 by wire transfer for systems that were used to access a subject’s personal information.
— Eva (@evacide) 6. Juli 2015
Hacking Team was founded in 2003 and focuses on offensive security. The company was the first to propose an offensive solution for cyber investigations in 2004, and is believed to have gained venture backing in 2007.
However, Reporters Without Borders lists the firm as “an enemy of the internet”, mainly owing to products such as the DaVinci remote control software.
DaVinci is commonly viewed as ‘legal malware’ by the security industry owing to its ability to break encryption and allow law enforcement agencies to monitor files and emails and other digital communication.
“It allows identification of the target’s location and relationships. It can also remotely activate microphones and cameras on a computer, and works worldwide,” Reporters Without Borders’ description reads.
This notoriety is perhaps one of the reasons behind the attack. Hacking Team’s methods have been called into question in the past over deliveries to Morocco and the United Arab Emirates, so the firm is likely to have many enemies.
Hacking Team’s Twitter page was still under the control of the hackers at the time of publication.
Hacking Team is yet to release a statement regarding the breach but the firm’s senior system and security engineer, Christian Pozzi, confirmed the hack in a tweet shortly before he deleted his Twitter profile.
The company said only that it is currently working with the police and cannot officially comment on the attack.