Modern field guide to security and privacy

Opinion: Hacking Team breach a gold mine for criminal hackers

While the breach at the Italian spyware firm shines a light on the shadowy world of surveillance technology, it has also made the Web a much more dangerous place, giving criminal hackers even more tools to ply their craft.

|
Aly Song/Reuters
Security cameras on a building at the Bund in front of the financial district of Pudong in Shanghai.

The intentions of the hacker who stole 400 gigabytes of data from Italian surveillance technology firm Hacking Team and dumped it online – revealing the company's valuable secrets, source code, tactics, and tradecraft – are still unknown. If it was a bout of digital vigilantism meant to strike a blow for a more secure and private Internet, however, it failed.

Leaking data that belongs to a company in the business of exploiting software vulnerabilities naturally exposes its techniques and tricks to many nefarious actors. Already, the aftermath of the breach reveals the staggering efficiency and speed with which previously unknown software vulnerabilities – known as zero-days – are being incorporated into exploit tools used by criminal hackers. As a result, the breach has quickly compounded headaches and risk management for overworked security teams.

Following the breach, Hacking Team chief executive officer David Vincenzetti said "terrorists, extortionists, and others can deploy [the Hacking Team] technology at will if they have the technical ability to do so." And he was right. Criminal hackers are already taken advantage of the data dump, putting to use previously unknown Adobe Flash exploits discovered within Hacking Team's source code. Mr. Vincenzetti does, however, omit any reference of Sudan and Bahrain, countries that were sold access to the company’s tools.

Just one day after the first Flash exploit surfaced, the vulnerability was added to numerous kits used to carry out cyberattacks. On July 10, a group of hackers running advanced persistent attacks leveraged this newly disclosed vulnerability in Flash. More recently, two other zero-days for Flash emerged. According to one report, those have also found their way into exploit kits.

This is not the first time vulnerabilities identified in a widespread breach have been incorporated into exploit kits. What stands out about the Hacking Team fallout, however, is the sheer speed at which the company’s zero-days were incorporated into attackers' tool kits.

The cybercrime and espionage underworld is already sophisticated and adept at integrating the latest techniques and technology to make attacks more lucrative and potent. A "cyberarms dump" such as the Hacking Team breach only serves to aid in those efforts. 

So, if there's any good that comes from exposing Hacking Team's business practices and customer lists – including shining a light on the shady world of spyware vendors – it has to be weighed against the possible collateral damage that comes with such exposures. 

James Chappell is the cofounder and chief technology officer of Digital Shadows. Follow him on Twitter @jimmychappell.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: Hacking Team breach a gold mine for criminal hackers
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0717/Opinion-Hacking-Team-breach-a-gold-mine-for-criminal-hackers
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe