Two hacking groups with seemingly close relationship to China hacked an infamous security firm Hacking Team, known for its business with intelligence agencies of un-democratic regimes.
As exposed after an attack on an Italian cybersecurity firm recently, it is clear that two leading groups of hackers connected to China have been using their exploits. Their attacks aimed at areas such as aerospace and defense, telecommunications and healthcare, and energy. Hacking Team – the company that lost over 400GB of data to hackers – sells surveillance software to intelligence organizations from around the world. The tools they seem to use were made public after the attack.
The company itself doesn’t hold a high reputation. In 2012, it was given the title of “enemy of the Internet” by Reporters Without Borders. This was because, as mentioned above, the company provides surveillance and hacking tools to law enforcement and intelligence services to dozens of countries – not excluding regimes accused of serious crimes against humanity and abuses. The hacker groups published the stolen data online and subsequently these were subjected to the examination of cybersecurity experts.
It seems the criminals made use of the data and exploited its weaknesses. They took advantage of the vulnerabilities and got various information, hoarded by Hacking Team, leaked. This concerned mainly zero-day exploits. These kinds of vulnerabilities are known as software flaws that are not familiar even to their creators. This makes them very dangerous as it is almost impossible to protect against them.
“Zero-day exploits are extremely valuable to attack groups,” Bryce Boland, FireEye’s chief technology officer for Asia Pacific, told the South China Morning Post. “When we discover attackers using unknown exploits, we work with technology vendors to get them addressed quickly.”
He said that Hacking Team was playing with fire by stockpiling such exploits in the first place. “By design, stockpiling exploits maintains a vulnerable status quo. [It] also introduces a new risk that the exploits could be stolen and used by others,” he said. The Flash exploit was apparently sold to the company by an anonymous Russian hacker for US $45,000, according to an email included in the leaks.
It was initially believed that the two groups were not cooperating together. The latest evidence, however, suggests the contrary. Both of them were observed using Hacking Team’s zero-day exploits to pervert the generally popular software – Adobe Flash Player, claims FireEye. Its chief technology officer, Bryce Boland, said that zero-day exploits are of extreme value to hacking groups. “When we discover attackers using unknown exploits, we work with technology vendors to get them addressed quickly,” he said, according the South China Morning Post.
The groups managed to launch their attacks, even though Adobe issued a patch quickly after they had noticed the problem. In an interview for Italy’s newspaper La Stampa, the chief executive of Hacking Team, David Vincenzetti, conveyed that the leak could be used by terrorists.
“Sufficient code was released to permit anyone to deploy the software against any target of their choice,” said Vincenzetti. It is believed that a risk is not off the table since many users usually keep older versions of the software, even after the release of an update by operators.
