海角大神

Skip to footer
Passcode
Modern field guide to security and privacy

Opinion: Hacking Team breach a gold mine for criminal hackers

While the breach at the Italian spyware firm shines a light on the shadowy world of surveillance technology, it has also made the Web a much more dangerous place, giving criminal hackers even more tools to ply their craft.

|
Aly Song/Reuters
Security cameras on a building at the Bund in front of the financial district of Pudong in Shanghai.
  • By James Chappell Contributor

The intentions of the hacker who stole聽400 gigabytes of data from Italian surveillance technology firm Hacking Team and dumped it online 鈥 revealing the company's valuable secrets, source code, tactics, and tradecraft 鈥 are still unknown. If it was a bout of digital vigilantism meant to strike a blow for a more secure and private Internet, however, it failed.

Leaking data that belongs to a company in the business of exploiting software vulnerabilities naturally exposes its聽techniques and tricks to many聽nefarious actors. Already, the aftermath of the breach reveals the staggering efficiency and speed with which previously unknown software聽vulnerabilities 鈥 known as zero-days 鈥 are being incorporated into exploit tools used by criminal hackers.聽As a result, the breach has quickly compounded headaches and risk management for overworked security teams.

Following the breach, Hacking Team chief executive officer聽David Vincenzetti said "terrorists, extortionists, and others can deploy [the Hacking Team] technology at will if they have the technical ability to do so." And he was right.聽Criminal hackers are already taken advantage of the data dump, putting to use聽previously unknown Adobe Flash exploits discovered within Hacking Team's source code.聽Mr. Vincenzetti does, however, omit any reference of聽Sudan and Bahrain, countries that were sold access to the company鈥檚 tools.

Just one day after the first Flash exploit聽, the聽vulnerability was聽added to聽numerous kits used to carry out cyberattacks.聽On July 10, a聽group of hackers running advanced persistent attacks leveraged this newly disclosed vulnerability in Flash. More recently, two other zero-days for Flash聽emerged. According to one聽, those have also found their way into exploit kits.

This is not the first time vulnerabilities identified in a widespread breach have been incorporated into exploit kits. What stands out about the Hacking Team fallout, however, is the sheer speed at which the company鈥檚 zero-days were incorporated into attackers' tool kits.

The cybercrime and espionage underworld is already sophisticated and adept at integrating the latest techniques and technology to make attacks more lucrative and potent. A "cyberarms dump" such as the Hacking Team聽breach only serves to aid in those efforts.聽

So, if there's any good that聽comes from exposing Hacking Team's business practices and customer lists 鈥 including聽shining a light on the shady world of spyware vendors 鈥 it has to be weighed against the possible聽collateral damage that comes with such exposures.聽

James Chappell is the cofounder and chief technology officer of Digital Shadows. Follow him on Twitter .

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines 鈥 with humanity. Listening to sources 鈥 with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That鈥檚 Monitor reporting 鈥 news that changes how you see the world.
QR Code to Opinion: Hacking Team breach a gold mine for criminal hackers
Read this article in
/World/Passcode/Passcode-Voices/2015/0717/Opinion-Hacking-Team-breach-a-gold-mine-for-criminal-hackers
QR Code to Subscription page
Start your subscription today
/subscribe