The infamous spyware dealer, Hacking Team, has now begun to complain that their recently leaked Remote Control System (RCS) spyware tool which can be used to infect targeted computers with malware are now in the hands of criminals and terrorists.
Actually, from one perspective, this Italian-based security firm is not wrong. Recently, their leaked source code was used by ad fraud Torjan to hijack outdated computers, this malware made use of the vulnerable exploits found in Adobe Flash plugin. But this wouldn’t have happened if Hacking Team had kept their source code hidden and used a secure network to keep the hackers from stealing it.
However, the vulnerabilities found in Flash and other web-browser based plugins has already been patched by Adobe, while the security researchers at Microsoft are working to release a fix for their exploitable kernel driver.
So now, the Hacking Team is warning that their leaked Remote Control System (RCS) surveillance software i.e. “Da Vinci” can be used by anyone having the required “technical ability” to operate this software.
The statement released by HackingTeam’s Chief Marketing and Communications Officer Eric Rabe states that, “It is now apparent that a major threat exists because of the posting by cyber criminals of HackingTeam proprietary software on the Internet the night of July 6.” He further added, “HackingTeam’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.”
Furthermore, Hacking Team who are well-known for providing spyware tools to the Drug Enforcement Administration (DEA) as well as various government agencies throughout the world, said in the announcement that it has become an “extremely dangerous” situation because now they no longer have the ability to “control who uses the technology”.
“Before the attack, HackingTeam could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.” – HackingTeam’s news release says.
Hacking Team also said that their systems analyst and developers are working “around the clock” to release a fix which will allow the clients and government agencies to carry on their surveillance operations. While, at the moment, all the clients have suspended the usage of spyware tool on HackingTeam’s request.
“[Suspension of system] is an important step to protect on-going police and intelligence investigations. […] HackingTeam is evaluating if it is possibile to mitigate the danger. We expect too that anti-virus companies are upgrading their programs to detect the compromised RCS.”
Earlier this week, some unknown hackers somehow managed to hack Hacking Team and then released the 400 gigabytes of dump which contained personal data of employee, internal documents, outlines and source code of their RCS tool as well as the lists of organizations and governments to whom the surveillance software was sold.
The breached internal documents revealed that Da Vinci spyware tool was bought by government authorities of numerous countries including United States, Sudan, Saudi Arabia, United Arab Emirates, and Lebanon.
Report typos and correction to firstname.lastname@example.org