Hacking Team, an Italian IT company who creates and sells surveillance tools to various bodies, have themselves been the victims of a hack; a hack which has haemorrhaged 400GB of data online.
This data includes emails, client lists (which contained some big names) and other internal communications.
As Mark James, IT security specialist at ESET UK, puts it: “from their point of view, it’s very bad, the type of software they sell relies on a very high degree of not only secrecy but trust, unfortunately for them both of those have been compromised overnight.”
To add insult to injury “passwords and personal information was also taken allowing access to other systems including twitter and other social networks,” which were swiftly defaced.
Hacking-as-a-service
Hacking-as-a-service is seeing something of a boom and is certainly placing itself firmly in the public eye: just look at the massive publicity that LizardSquad and their LizardStresser gained earlier in the year.
Other such companies certainly exist and from the released Hacker Team client list we can glean that some big players are using such services.
Mark James explains that “it could be just as simple as a client of a company that delivers network monitoring software for internal use.
“All the hype around the Hacking Team is do with the “bad” software that put them on the map, they had to start somewhere and this client list makes no indication of exactly what does and does not make them a client.
“Large corporations need to protect their data, for some it’s one of the most important aspects of their portfolio; it makes sense to protect that.”
That protection means knowing how a ‘hacker’ could attack them and with what tools. Therefore the question becomes, do we pay for an exploit kit and figure out how it works? Or do we risk a zero-day being exploited in a way we don’t expect?
It’s an interesting thought and raises an even more interesting point: some malware is merely software which has been used for something malicious.
Join the ESET UK LinkedIn Group and stay up to date with the blog. If you’re interested in seeing where ESET has been featured in the news then check out our new ‘In the news’ section.
Does anyone on the hacked client list stand out to you?