During the duration του Σαββατοκύριακου, διέρρευσαν 400GB εξαιρετικά ευαίσθητα αρχεία της Ιταλικής εταιρείας ανάπτυξης software spyware-malware Hacking team.
Διέρρευσε ο Source Code του κακόβουλου λογισμικού που αναπτύσσει η εταιρεία, η οποία είναι γνωστό ότι το πουλάει σε κυβερνήσεις όλου του κόσμου.
Spyware exploits security vulnerabilities in the victim's computers and installed phones send data to the attacker.
With source code released freely on the Internet, these vulnerabilities can be repaired, causing huge financial losses to governments and private companies that have made millions available to them.
But the Hacking Team is not the first company of "security experts" to be violated by other more expert investigators.
Who remembers HBGary Federal? It was a security consultancy company set up to offer its services to governments and businesses, again watching online activities for a fee of course.
In February of 2011, the HBGary Federal Chief Executive Officer, Aaron Barr, interviewed the BSides security conference that year in the United States that he had identified members of Anonymous and that he was able to name them.
The statement triggered reactions from Anonymous that targeted HBGary Federal. This time, however, the attacks were not limited to simply denial-of-service, the page literally looted. From HBGary's servers, thousands of emails and documents leaked.
It was not necessary because the e-mails that were released were rather annoying, because they proved that HBGary Federal aimed to discredit WikiLeaks and its supporters using journalists and dirty tricks against the site.
The one who declared a triumphant was destroyed. Barr's presentation was canceled and he was forced to resign. Needless to say what happened to the reputation of the company was when the extent of the hack became known.
What was particularly embarrassing for the business was that most of the attack was made possible due to its precarious security. At the initial entry point there appeared to be a wrong configuration of the server and the attack was as successful as Barr, as well as other executives of the company, reused their passwords in multiple accounts.
We are still waiting for the details, but it seems very likely that something similar happened with the Hacking Team hack. Given the huge amounts of data leaked from the company, it does not seem that hack is due to some sloppiness, but that some security infrastructure was missing or not so safe.
The result; The Hacking Team's reputation was infringed, just as with HBGary Federal. The Italian company, meanwhile, has long denied the sale of surveillance software it deploys in repressive regimes.
But leaked files show it has signed deals with Kazakhstan, Ethiopia, and Bangladesh, countries which have been recognized as violators of human rights.
The company is reportedly also signed a $ 1 million contract with Saudi Arabia, which imprisons citizens who dare to question Arab theocracy.
Even the FBI has bought software from the Hacking Team, spending more than 700.000 dollars. All buyers of course lost their money.
The Hacking Team files also had a tracking code for jailbroken iPhones, internal investigation details, and everything was stored without encryption.
But who expects a security company to commit such errors? Ultimately how expert can be someone who does not care what he recommends to his clients.
Who can qualify as an expert and top security researcher when there are random hacks made by 10rons, and a saturated world of experts on the 2015 online scene?
How can the Hacking Team rebuild the trust of their buyers after such scandalous deficiencies?
