In Pictures: Hacking Team's hack curated

Hacking Team, a firm best known for helping governments spy on their citizens, has been hacked. Here's a curated look at the documents, contracts, and code discovered by researchers sorting the data online.

Hacked Team logo
Steve Ragan / Twitter

Hacking Team Exposed

Specializing in surveillance technology, Hacking Team has gotten a lesson in how it feels to have outsiders monitoring their affairs, all while privacy advocates enjoy a bit of schadenfreude at their expense.

The following slides are a curated collection of documents and various technical elements that researchers and journalists have uncovered as the 400GB cache of data taken from Hacking Team is sorted. Included here are contracts, code examples, emails, and other items that offer an inside look at a company that has turned espoinage into a business venture.

Original story

Follow-up story

hackingteam 1

Twitter compromised

The message shown here was sent shortly after the
Hacking Team account on Twitter was compromised. The attacker behind the incident is believed to be the same person that compromised another lawful interception company, Gamma International.

hackingteam 2

Email 1

Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files. Example 1 of 3.

hackingteam 3

Email 2

Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files. Example 2 of 3.

hackingteam 5

Email 3

Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files. Example 3 of 3.

hackingteam 8

Ethiopia

An email from a person linked to several domains allegedly tied to the Meles Zenawi Foundation (MZF), Ethiopia's Prime Minister until his death in 2012, was published as part of the cache of files taken from Hacking Team.

This is his email to the company thanking them for their help in getting to a high value target. His email address was used to register several MZF domains, all of them using similar themes, suggesting a Phishing campain of sorts.

hackingteam 9

Contract with Ethiopia

This is a copy of the contract with Ethiopia, valued at $1,000,000 Birr (ETB). The contract is for Hacking Team's Remote Control System, professional services, and communications equipment. It's also possible the funds listed are in Euro.

hackingteam 012

VPN servers

Hacking Team assigned Anonymizers to customers to use. Here the accounts assigned to customers in Lebanon and Egypt are shown. The IPs are for VPN services in the U.S. and Germany.

hackingteam 014

VPS servers

This researcher discovered a list of VPS credentails, all of them using root as the username with randomly generated passwords.

hackingteam 018

Customer lists

The first of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't.

hackingteam 019

Customer lists

The second of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't. Note that Sudan and Russia are not officially supported - but they're clients.

ht rcs 020

Incident Response

Hacking Team's Christian Pozzi was personally exposed by the incident, as the security engineer's password store from Firefox was published as part of the massive data dump.

He took to twitter and issued denials, and when those didn't work, he warned that the 400GB download contained viruses. Considering his company developed custom malware, it's a sure bet that the download does have viruses, as well as the source code to modify them.

His Twitter account was compromised, and later deactivated.

ht rcs 07

Exposed certs

An iOS Enterprise developer certificate used by Hacking Team

ht rcs 09

IOC data?

Possible IOC data for some administrators running Linux.

ht rcs 010

Poor MySQL

Ht2015! is not the most secure option available for a MySQL database.

ht rcs 012

Strong passwords for everyone!

Another example of poor password policies.

ht rcs 013

Cats and kittens

Administrator password is "kittens".

ht rcs 019

0-Day burned

Flash 0-Day exploit working on Chrome.

ht rcs 08

Fake news apps

Fake applicaions discovered on the source code leaked as part of the 400GB cache.

ht rcs 01

Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 02

Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 03

Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 04

Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 05

Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 011

Leaked code

Source code for a module that targets Bitcoin

ht rcs 014

Leaked code

Source code for a demo tool, the paths are pointed to fake child porngraphy videos. The source is for evidence collection, so it's likely not planting, but discovering.

ht rcs 015

Sales and financials

Total Hacking Team revenue by country in Euro.

ht rcs 018

Sales and financials

This is a list of their top ten customers based on order volume. Figures are in Euro.

ht rcs 021

Sudan

A contract with Sudan for €480,000 Euro. Hacking Team had recently told the UN that they had never done business with the country.

ht rcs 022

Barclays

A contract with Barclays Bank for €18,150 Euro.

ht rcs 025

Egypt

A contract with Egypt for €130,000 Euro.

ht rcs 024

Israel

A contract with a company in Israel for €55,000 Euro.

ht rcs 026

Lebanon

A contract with Lebanon for €100,000 Euro.

ht rcs 027

Mongolia

A contract with Mongolia for €149,000 Euro.