Written By Josh Harriman And Presented By Ziften CEO Charles Leaver
Hacking Team Impacted By Lack Of Real Time Vulnerability Tracking
Nowadays cyber attacks and data breaches are in the news all of the time – and not just for those in the high worth industries such as health care, financing, energy and retail. One especially intriguing occurrence was the breach against the Italian company Hacking Team. For those who don’t recall Hacking Team (HT) is a company that focuses on monitoring software catering to federal government and authorities agencies that wish to conduct covert operations. The programs created by HT are not your run-of-the-mill remote control software application or malware-type recording devices. One of their crucial products, code-named Galileo – much better known as RCS (Remote Control System)– declared to be able to do basically whatever you needed in regards to “controlling” your target.
Yet as gifted as they remained in developing these programs, they were unable to keep others from entering into their systems, or spot such vulnerabilities at the endpoint through vulnerability tracking. In one of the most high-profile breaches of 2015, HT were hacked, and the material taken and consequently launched to the general public was substantial – 400 GB in size. More significantly, the material included very harmful info such as emails, client lists (and prices) that included nations blacklisted by the UN, and the crown jewels: Source code. There was likewise in-depth paperwork that included a few very effective 0-day exploits against Flash and Adobe. Those 0-days were utilized soon after in attacks against some Japanese companies and United States government agencies.
The huge question is: How could this occur to a company whose sole existence is to make software that is undetectable and finding or producing 0-day exploits for others to use? One would believe a breach here would be next to impossible. Clearly, that was not the case. Currently there is not a lot to go on in regards to how this breach occurred. We do understand however that someone has declared responsibility and the individual (or group) is not new to getting into locations similar to HT. In August 2014, another surveillance business was hacked and delicate files were launched, just like HT. This included client lists, costs, code, and so on. This was against Gamma International and their software was called FinFisher or FinSpy. A user by the name of “PhineasFisher” published on Reddit 40 GB worth data and announced that he/she was accountable. A post in July this year on their twitter account mentioned they likewise attacked HT. It seems that their message and function of these breaches and theft where to make individuals aware of how these companies run and who they provide their services to – a hacktivist attack. He did publish some details to his approaches and some of these techniques were most likely used against HT.
A final concern remains: How did they break in and what preventative measures could HT have taken to avoid the breach? We did understand from the launched documents that the users within HT had really weak passwords for example “P4ssword” or “wolverine.” In addition, one of the main employee systems where the theft might have taken place made use of the program TrueCrypt. However, when you are logged in and utilizing the system, those hidden volumes are accessible. No information has been published as of yet regarding how the network was infiltrated or how they accessed the users systems in order to download the files. It is apparent, though, that companies have to have a system such as Ziften’s Continuous Endpoint Visibility running in their environment. By keeping an eye on all user and system activity notifications might have been created when an activity falls beyond typical behavior. Examples are 400 GB of files being submitted externally, or understanding when susceptible software is running on exposed servers within the network. When an organization is making and selling sophisticated monitoring software – and having unknown vulnerabilities in business deliverables – a better plan needs to have been in place to restrict the damage.