In Pictures: Hacking Team's hack curated

Hacking Team, a firm best known for helping governments spy on their citizens, has been hacked. Here's a curated look at the documents, contracts, and code discovered by researchers sorting the data online.

Hacked Team logo
Credit: Steve Ragan / Twitter
Hacking Team Exposed

Specializing in surveillance technology, Hacking Team has gotten a lesson in how it feels to have outsiders monitoring their affairs, all while privacy advocates enjoy a bit of schadenfreude at their expense.

The following slides are a curated collection of documents and various technical elements that researchers and journalists have uncovered as the 400GB cache of data taken from Hacking Team is sorted. Included here are contracts, code examples, emails, and other items that offer an inside look at a company that has turned espoinage into a business venture.

Original story

Follow-up story

hackingteam 1
Twitter compromised

The message shown here was sent shortly after the
Hacking Team account on Twitter was compromised. The attacker behind the incident is believed to be the same person that compromised another lawful interception company, Gamma International.

hackingteam 2
Email 1

Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files. Example 1 of 3.

hackingteam 3
Email 2

Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files. Example 2 of 3.

hackingteam 5
Email 3

Shortly after the Hacking Team account on Twitter was compromised, the attacker started to publish emails that were leaked as part of the 400GB cache of files. Example 3 of 3.

hackingteam 8
Ethiopia

An email from a person linked to several domains allegedly tied to the Meles Zenawi Foundation (MZF), Ethiopia's Prime Minister until his death in 2012, was published as part of the cache of files taken from Hacking Team.

This is his email to the company thanking them for their help in getting to a high value target. His email address was used to register several MZF domains, all of them using similar themes, suggesting a Phishing campain of sorts.

hackingteam 9
Contract with Ethiopia

This is a copy of the contract with Ethiopia, valued at $1,000,000 Birr (ETB). The contract is for Hacking Team's Remote Control System, professional services, and communications equipment. It's also possible the funds listed are in Euro.

hackingteam 012
VPN servers

Hacking Team assigned Anonymizers to customers to use. Here the accounts assigned to customers in Lebanon and Egypt are shown. The IPs are for VPN services in the U.S. and Germany.

hackingteam 014
VPS servers

This researcher discovered a list of VPS credentails, all of them using root as the username with randomly generated passwords.

hackingteam 018
Customer lists

The first of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't.

hackingteam 019
Customer lists

The second of two slides. This is a list of Hacking Team customers with maintenance agreements. Here you can see who is active and who isn't. Note that Sudan and Russia are not officially supported - but they're clients.

ht rcs 020
Incident Response

Hacking Team's Christian Pozzi was personally exposed by the incident, as the security engineer's password store from Firefox was published as part of the massive data dump.

He took to twitter and issued denials, and when those didn't work, he warned that the 400GB download contained viruses. Considering his company developed custom malware, it's a sure bet that the download does have viruses, as well as the source code to modify them.

His Twitter account was compromised, and later deactivated.

ht rcs 07
Exposed certs

An iOS Enterprise developer certificate used by Hacking Team

ht rcs 09
IOC data?

Possible IOC data for some administrators running Linux.

ht rcs 010
Poor MySQL

Ht2015! is not the most secure option available for a MySQL database.

ht rcs 012
Strong passwords for everyone!

Another example of poor password policies.

ht rcs 013
Cats and kittens

Administrator password is "kittens".

ht rcs 019
0-Day burned

Flash 0-Day exploit working on Chrome.

ht rcs 08
Fake news apps

Fake applicaions discovered on the source code leaked as part of the 400GB cache.

ht rcs 01
Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 02
Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 03
Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 04
Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 05
Product lists

An example of the type of products offered by Hacking Team and their associated cost in Euro.

ht rcs 011
Leaked code

Source code for a module that targets Bitcoin

ht rcs 014
Leaked code

Source code for a demo tool, the paths are pointed to fake child porngraphy videos. The source is for evidence collection, so it's likely not planting, but discovering.

ht rcs 015
Sales and financials

Total Hacking Team revenue by country in Euro.

ht rcs 018
Sales and financials

This is a list of their top ten customers based on order volume. Figures are in Euro.

ht rcs 021
Sudan

A contract with Sudan for €480,000 Euro. Hacking Team had recently told the UN that they had never done business with the country.

ht rcs 022
Barclays

A contract with Barclays Bank for €18,150 Euro.

ht rcs 025
Egypt

A contract with Egypt for €130,000 Euro.

ht rcs 024
Israel

A contract with a company in Israel for €55,000 Euro.

ht rcs 026
Lebanon

A contract with Lebanon for €100,000 Euro.

ht rcs 027
Mongolia

A contract with Mongolia for €149,000 Euro.