Your Source for Leaks Around the World!

Archive for the ‘Hacking’ Category

Hacking Team Hacked: 400GB Data Dump of Internal Documents/Emails/Source Code from Notorious Spyware Dealer

In Archive, Hacking, Hacking Team, Malware, Surveillance, WikiLeaks on July 7, 2015 at 9:07 AM

hacked-team

07/05-09/2015

The controversial Italian surveillance company Hacking Team, which sells spyware to governments all around the world, including agencies in Ethiopia, Morocco, the United Arab Emirates, as well as the US Drug Enforcement Administration, has been seriously hacked.

Hackers have made 400GB of client files, contracts, financial documents, and internal emails, some as recent as 2015, publicly available for download.

What’s more, the unknown hackers announced their feat through Hacking Team’s own Twitter account.

hacked-team

Torrent Links:
https://mega.nz/#!Xx1lhChT!rbB-LQQyRypxd5bcQnqu-IMZN20ygW_lWfdHdqpKH3E
http://infotomb.com/eyyxo.torrent
Mirror:
https://ht.transparencytoolkit.org/
Source Codes:
https://github.com/hackedteam?tab=repositories

Last year, a hacker who only went by the name “PhineasFisher” hacked the controversial surveillance tech company Gamma International, a British-German surveillance company that sells the spyware software FinFisher. He then went on to leak more than 40GB of internal data from the company, which has been long criticized for selling to repressive governments.

hacking-team-finfisher-hack

That same hacker has now claimed responsibility for the breach of Hacking Team, that sells a similar product called Remote Control System Galileo.

Lorenzo Franceschi-Bicchierai/Motherboard:

On Sunday night, I reached out to the hacker while he was in control of Hacking Team’s Twitter account via a direct message to @hackingteam. Initially, PhineasFisher responded with sarcasm, saying he was willing to chat because “we got such good publicity from your last story!” referring to a recent story I wrote about the company’s CEO claiming to be able to crack the dark web.

Afterwards, however, he also claimed that he was PhineasFisher. To prove it, he told me he would use the parody account he used last year to promote the FinFisher hack to claim responsibility.

“I am the same person behind that hack,” he told me before coming out publicly.

The hacker, however, declined to answer to any further questions.

The leak of 400GB of internal files contains “everything,” according to a person close to the company, who only spoke on condition of anonymity. The files contain internal emails between employees; a list of customers, including some, such as the FBI, that were previously unknown; and allegedly even the source code of Hacking Team’s software, its crown jewels.

——————————————————————————————————————————————————————————————————-

HIGHLIGHTS:

——————————————————————————————————————————————————————————————————-


Download Spreadsheet


Download Spreadsheet

——————————————————————————————————————————————————————————————————-


Download Spreadsheet

——————————————————————————————————————————————————————————————————-

Screenshot shows an email dated 2014 from Hacking Team’s founder and CEO David Vincenzetti to another employee. In the email, titled “Yet another Citizen Lab attack,” Vincenzetti links to a report from the online digital rights research center Citizen Lab, at the University of Toronto’s Munk School of Global Affairs, which has exposed numerous cases of abuse from Hacking Team’s clients.

hacking-team-citizen-lab

Hacking Team has never revealed a list of its clients, and has always and repeatedly denied selling to sketchy governments, arguing that it has an internal procedure to address human rights concerns about prospective customers.

The email about Citizen Lab is filed in a folder called “Anti HT activists.”

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

via Thomas Fox-Brewster/Forbes:

In-depth notes on the level of exploitation across a number of Android devices, from the likes of Samsung, HTC and Huawei. It appears the exploits weren’t always successful in accessing voice or texts on phones.

Hacking Team operations manager Daniele Milan’s email from January indicated some imminent features in Hacking Team’s tools included “physical infection of BitLocker protected disks”, thereby bypassing the much-used Microsoft disk encryption technology, as well as “extraction of information from pictures posted on Facebook and Twitter”. It will also soon be able to “capture of documents edited using Google Docs or Office 365”, the roadmap suggested.

Another email from Milan, dated 15 May, indicated the security-focused messaging application Wickr was on the target list too, thanks to a request from the US government. “I had a call this morning with an agent from Homeland Security Investigations [a body within the Department of Homeland Security], and he told me he got some requests to intercept suspects using this application, Wickr… we may want to keep an eye on it and eventually evaluate to add support.”

via Dan Goodin/ArsTechnica:

Another document boasts of Hacking Team’s ability to bypass certificate pinning and the HTTP strict transport security mechanisms that are designed to make HTTPS website encryption more reliable and secure. “Our solution is the only way to intercept TOR traffic at the moment,” the undated PowerPoint presentation went on to say.

Elsewhere, the document stated: “HTTPS Everywhere enforces https and could send rogue certificates to the EFF SSL Observatory.” HTTPS Everywhere is a browser extension developed by the Electronic Frontier Foundation that ensures end users use HTTPS when connecting to a preset list of websites. The statement appears to be a warning that any fraudulent certificates Galileo relies on could become public if used against HTTPS Everywhere users when they have selected an option to send anonymous copies of HTTPS certificates to EFF’s SSL Observatory database.

——————————————————————————————————————————————————————————————————-

Renowned cryptographer Bruce Schneier: “The Hacking Team CEO, David Vincenzetti, doesn’t like me:”

In another [e-mail], the Hacking Team CEO on 15 May claimed renowned cryptographer Bruce Schneier was “exploiting the Big Brother is Watching You FUD (Fear, Uncertainty and Doubt) phenomenon in order to sell his books, write quite self-promoting essays, give interviews, do consulting etc. and earn his hefty money.”

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

Lorenzo Franceschi-Bicchierai/Motherboard:

After suffering a massive hack, the controversial surveillance tech company Hacking Team is scrambling to limit the damage as well as trying to figure out exactly how the attackers hacked their systems.

But the hack hasn’t just ruined the day for Hacking Team’s employees. The company has told all its customers to shut down all operations and suspend all use of the company’s spyware, Motherboard has learned.

“They’re in full on emergency mode,” a source who has inside knowledge of Hacking Team’s operations told Motherboard.

Hacking Team notified all its customers on Monday morning with a “blast email,” requesting them to shut down all deployments of its Remote Control System software, also known as Galileo, according to multiple sources. The company also doesn’t have access to its email system as of Monday afternoon, a source said.

A source told Motherboard that the hackers appears to have gotten “everything,” likely more than what the hacker has posted online, perhaps more than one terabyte of data.

It’s unclear how the hackers got their hands on the stash, but judging from the leaked files, they broke into the computers of Hacking Team’s two systems administrators, Christian Pozzi and Mauro Romeo, who had access to all the company’s files, according to the source.

In a series of tweets on Monday morning, which have been since deleted, Pozzi said that Hacking Team was working closely with the police, and warned everyone who was downloading the files and commenting on them.

“Be warned that the torrent file the attackers claim is clean has a virus,” he wrote. “Stop seeding and spreading false info.”

The future of the company, at this point, it’s uncertain.

Employees fear this might be the beginning of the end, according to sources. One current employee, for example, started working on his resume, a source told Motherboard.

It’s also unclear how customers will react to this, but a source said that it’s likely that customers from countries such as the US will pull the plug on their contracts.

Hacking Team asked its customers to shut down operations, but according to one of the leaked files, as part of Hacking Team’s “crisis procedure,” it could have killed their operations remotely.

The company, in fact, has “a backdoor” into every customer’s software, giving it ability to suspend it or shut it down—something that even customers aren’t told about.

To make matters worse, every copy of Hacking Team’s Galileo software is watermarked, according to the source, which means Hacking Team, and now everyone with access to this data dump, can find out who operates it and who they’re targeting with it.

Hacking Team did not answer to repeated requests for comment, both to its US spokesperson Eric Rabe as well as directly to its office in Milan, Italy.

——————————————————————————————————————————————————————————————————-

When asked about the identity of the person or group who carried out the attack, Rabe indicated that he believed the attack was the work of a nation state or a criminal gang, and not the work of an activist as many have speculated:

“Doing our own forensics here, we think this was a very sophisticated attack, and certainly not the work of an amateur. The press seems to take the view that this was some sort of human rights activist but I think that is far from certain and it could easily have been criminal activity or some government activity,” adding that “this is almost certainly an international crime”.

When it was pointed out that if a government or criminal group was behind the attack then posting all the information online seems a strange move, Rabe said: “I am not sure why anybody would do that, but part of the effort here was to disrupt our operations as much as possible so I think that would be a motive for many different people.”

When asked if this could be the work of one of Hacking Team’s competitors such as UK-based Gamma International or Israeli NSO Group, Rabe said: “I think that is unlikely” though he admitted that just like everyone else he was speculating.

While some media reports have suggested the company is working with the Italian police to investigate the attack, Rabe says that all he will say is that the company is “working with law enforcement” reiterating that this was an international attack.

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

——————————————————————————————————————————————————————————————————-

*This post will be continuously updated as there is much more new information emerging. Post anything you find in the comments below and I will add them to the article. LAST UPDATE: 07/13/2015 @ 8PM EST

——————————————————————————————————————————————————————————————————-

Related Links:

WikiLeaks SpyFiles on HackingTeam

To Protect and Infect: The Militarization of the Internet – Claudio Guarnieri, Morgan Marquis-Boire, Jacob Appelbaum @ 30c3

Secret Manuals Show the Spyware Sold to Despots and Cops Worldwide

USG Questionnaire for National Security Positions

In Archive, China, Hacking, InfoSec, OPM, USA on June 8, 2015 at 8:08 PM

via OPM.gov

PDF

Related Links:

OPM to Notify Employees of Cybersecurity Incident

U.S. Suspects Hackers in China Breached About 4 Million People’s Records, Officials Say

China Calls U.S. Hacking Accusations ‘Irresponsible and Unscientific’

Data Hacked from U.S. Government Dates Back to 1985: U.S. Official

U.S. Was Warned of System Open to Cyberattacks

Hacking as Offensive Counterintelligence

What’s In a Background Investigation, Anyway?

Gibbs: When You Gain Security Clearance,Taken Into Room Filled with Photos of Convicted Spies

CSE’s Cyberwarfare Toolbox: False Flag Ops/Deception Techniques/Destroying Infrastructure Among 32 Tactics Revealed

In Archive, Canada, CSEC, False Flag, Hacking, NSA, NSA Files, PSYOP, Surveillance on April 2, 2015 at 11:07 AM

cse-cyber-activity-spectrum

03/23/2015

CBC/Ryan Gallagher/TheIntercept:

Top-secret documents obtained by the CBC show Canada’s electronic spy agency Communication Security Establishment (CSE) has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept.

The latest top-secret documents illustrate the development of a large stockpile of Canadian cyber-spy capabilities that go beyond hacking for intelligence, including:

  • destroying infrastructure, which could include electricity, transportation or banking systems
  •  “false flag” operations to “create unrest” — ie. carrying out an attack, but making it look like it was performed by another group — in this case, likely another government or hacker
  • “effects” operations to “alter adversary perception” – ie. sending out propaganda across social media or disrupting communications services with such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers
  • “honeypots” – ie. some sort of bait posted online that lures in targets so that they can be hacked or monitored

It’s unclear which of the 32 cyber tactics listed in the 2011 document are actively used or in development. CSE wanted to become more aggressive by 2015, the documents also said.

Document: CSEC Cyber Threat Capabilities – SIGINT and ITS: An End-to-End Approach (2011)

Previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what’s called a botnet ​— that it uses to disguise itself when hacking targets.

Other leaked documents revealed back in 2013 that the CSE spied on computers or smartphones connected to Brazil’s mining and energy ministry to get economic intelligence.

Canada’s electronic spy agency and the U.S. National Security Agency “cooperate closely” in “computer network access and exploitation” of certain targets, according to an April 2013 briefing note for the NSA.

Document: NSA Intelligence Relationship with CSEC (April 2013)

Their targets are located in the Middle East, North Africa, Europe and Mexico, plus other unnamed countries connected to the two agencies’ counterterrorism goals, the documents say. Specific techniques used against the targets are not revealed.

Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations.

The apparent involvement of CSE in using the deception tactics suggests it is operating in the same area as a secretive British unit known as JTRIG, a division of the country’s eavesdropping agency, Government Communications Headquarters, or GCHQ. Last year, documents from Snowden revealed that JTRIG uses a range of effects operations to manipulate information online, such as by rigging the outcome of online polls, sending out fake messages on Facebook across entire countries, and posting negative information about targets online to damage their reputations.

According to the documents, the CSE wanted more aggressive powers for use both at home and abroad.

In 2011, the Canadian agency presented its vision for 2015 to the Five Eyes allies at a conference.

“We will seek the authority to conduct a wide spectrum of Effects operations in support of our mandates,” the top-secret presentation says.

Document: CASCADE: Joint Cyber Sensor Architecture (2011)

Effects operations refer to manipulating and disrupting computers or devices.

In an increasingly hostile cyberspace, Canada has also turned its attention to figuring out ways to better protect itself against such attacks.

Documents: CSEC Cyber Threat Detection (November 2009)
                          CSEC SIGINT Cyber Discovery (November 2010)

See Also: EONBLUE: CSE’s Cyber Threat Detection Platform; Access Internet Core Infrastructure with 200 Sensors Across Globe

Back in 2011, CSE envisioned creating a “perimeter around Canada” to better defend the country’s interests from potential threats from other countries and criminals, raising the prospect the agency was preparing a broad surveillance program to target Canadians’ online traffic.

At the time, “full visibility of our national infrastructure” was among its goals, according to a planning document for 2015. Security analysts wanted the means to detect an attack before it hit a target like a government website.

“If we wish to enable defence, we must have intelligence to know when attacks enter our national infrastructure,” the 2011 top-secret CSE presentation says.

The agency would not answer how far it got with the 2015 plan.

Document: CSE Response to CBC Re: Cyberwarfare Revelations

Experts say the Anti-Terrorism Act, Bill C-51, currently being debated, could legalize use of some of the capabilities outlined in these classified documents.

Though the act would give CSIS, Canada’s domestic intelligence agency, the power to disrupt threats to the security of Canada both at home and abroad, the Canadian Security Intelligence Service relies on its sister service, the CSE, for technical help with surveillance and infiltration of cellphones and computers.

Cisco Using Dead Drops for Sensitive Customers to Avoid NSA Interdiction

In Archive, Cisco, Hacking, NSA, Surveillance, TAO on March 22, 2015 at 6:12 PM

nsa-tao-cisco-interdiction

03/18/2015

Jeremy Kirk/PCWorld/Darren Pauli/TheRegister:

One of the most successful U.S. National Security Agency spying programs involved intercepting IT equipment en route to customers and modifying it.

At secret workshops, backdoor surveillance tools were inserted into routers, servers and networking equipment before the equipment was repackaged and sent to customers outside the U.S.

The program, run by the NSA’s Tailored Access Operations (TAO) group, was revealed by documents leaked by former NSA contractor Edward Snowden and reported by Der Spiegel and Glenn Greenwald.

One of the leaked Snowden documents, dated June 2010, has two photos of an NSA interdiction operation, with a box that said Cisco on the side.

The document, labeled top secret, goes on to say that supply-chain interdiction operations “are some of the most productive operations in TAO, because they pre-position access points into hard target networks around the world.”

During a panel session at the Cisco Live conference in Melbourne last week, Cisco’s chief security and trust officer John Stewart disclosed that the company had started shipping equipment to alternative addresses with fake information for its most sensitive customers.

“We ship [boxes] to an address that’s has nothing to do with the customer, and then you have no idea who ultimately it is going to,” Stewart said. “When customers are truly worried … it causes other issues to make [interception] more difficult in that [agencies] don’t quite know where that router is going so its very hard to target – you’d have to target all of them.”

In theory, that makes it harder for the NSA to target an individual company and scoop up their package. But supply chains are tough to secure, Stewart said, and once a piece of equipment is handed from Cisco to DHL or FedEx, it’s gone.

“If a truly dedicated team is coming after you, and they’re coming after you for a very long period of time, then the probability of them succeeding at least once does go up,” Stewart said. “And its because they’ve got patience, they’ve got capacity and more often than not, they’ve got capability.”

Stewart said some customers had also begun driving up to distributors to pick up their hardware at the door.

Stewart was asked if Cisco ever identified any strange hardware put inside any of its products. “No, we couldn’t, because the only people who would know that for sure is the NSA,” Stewart responded.

In May 2014, Cisco CEO John Chambers sent a letter (PDF) to President Barack Obama, arguing that the NSA’s alleged actions undermine trust with its customers and more broadly hurt the U.S. technology industry. Cisco also asserted that it does not work with any government to intentionally weaken its products.

CIA’s “Jamboree” to Hack Apple Products: Break iPhone Security, Modified Xcode DevTool Backdoors, OS X Updater Keylogger

In Apple, Archive, CIA, Encryption, Hacking, NSA Files, Surveillance on March 12, 2015 at 8:38 PM

ispy

03/10/2015

Jeremy Scahill/Josh Begley/TheIntercept:

Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.

The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “keylogger.”

Other presentations at the CIA conference have focused on the products of Apple’s competitors, including Microsoft’s BitLocker encryption system, which is used widely on laptop and desktop computers running premium editions of Windows.

The revelations that the CIA has waged a secret campaign to defeat the security mechanisms built into Apple’s devices come as Apple and other tech giants are loudly resisting pressure from senior U.S. and U.K. government officials to weaken the security of their products. Law enforcement agencies want the companies to maintain the government’s ability to bypass security tools built into wireless devices. Perhaps more than any other corporate leader, Apple’s CEO, Tim Cook, has taken a stand for privacy as a core value, while sharply criticizing the actions of U.S. law enforcement and intelligence agencies.

“If U.S. products are OK to target, that’s news to me,” says Matthew Green, a cryptography expert at Johns Hopkins University’s Information Security Institute. “Tearing apart the products of U.S. manufacturers and potentially putting backdoors in software distributed by unknowing developers all seems to be going a bit beyond ‘targeting bad guys.’ It may be a means to an end, but it’s a hell of a means.”

Apple declined to comment for this story, instead pointing to previous comments Cook and the company have made defending Apple’s privacy record.

The CIA declined to comment for this story.

Read full article published by The Intercept here

Source Documents:

%d bloggers like this: