Hacking Team: We’ll be back in the spyware biz before you know it
Meanwhile countries sue for the right to snoop
Hacked snoopware maker Hacking Team says it will continue its operations as soon as possible – and claims the huge source-code leak it suffered didn’t get all of the company's crown jewels.
"What happened earlier this summer in the attack on our company was a reckless and vicious crime," said CEO David Vincenzetti in the statement, which is legit, but isn't on the company's website yet due to "technical problems."
"We have reported it to Italian authorities who are investigating it and we expect the authorities of other nations to be involved as well. While it is true that criminals exposed some of our source code to internet users, it is also true that by now the exposed system elements because of universal ability to detect these system elements."
He went on to say that the hackers hadn't exposed "important elements of our source code," and that a protected sector had been set up to protect the company's assets. In the meantime the firm is rebuilding its internal infrastructure prior to setting up operations.
The firm shut down its service a week ago, after stolen copies of its corporate secrets were leaked online, but based on what the 400GB Hacking Team archive has shown us so far, it wouldn't be impossible to get everything up and running again. Writing malware isn't hard, you just need to develop or buy exploits to target vulnerable computers, and that’s just a matter of time and funds these days.
The company's own archive shows an email from March 2015 from US penetration testing firm Netragard – whose company slogan is seriously "We protect you from people like us" – showing it offering a "flawless" remote executable flaw in all Windows systems running IE and Chrome for $105,000 to Hacking Team.
The exchange between Hacking Team COO Giancarlo Russo and Netragard's CEO Adriel Desautels makes for interesting reading, with the latter keen to "seal the deal" and Russo agreeing to pay in quarterly payment terms if the Italian firm could use it in their commercial product.
"As for this item in particular. The developer is one of our super-star developers. He has always built flawless items for us," Desautels boasts. "Do you have PGP by the way? We really do need to encrypt these emails."
Netragard has issued a public apology over the incident, saying that it changed its rules about only dealing with US clients last year after a senior client introduced them to the Italian firm. "It was our mutual understanding that this buyer maintained the same code of ethics as our own. Unfortunately we were very, very wrong," it said.
The US firm has said it will no longer do business with Hacking Team, but it certainly isn't the only seller. While commercial bug bounty programs are scooping major winnings for some, there's a vast grey market for exploits that seems to provide a healthy living for some, and that should be able to get Hacking Team back in business relatively quickly.