It’s very interesting to watch the public undressing of a company like Hacking Team–especially when that undressing seems to prove that claims the company has made about its ethics are completely false. Based on the leaked data Hacking Team appears to have a long and distinguished list of less-than-savory nations as customers, but I highly doubt that Hacking Team is alone among security vendors in working with governments.
I wrote a post about why it’s a mistake to assume that Hacking Team is somehow unique in this:
What happens when the hackers get hacked? In the case of Hacking Team the results are not pretty. While the world watches the takedown of Hacking Team and sifts through 400GB of leaked data with morbid curiosity, though, executives at other security vendors are probably getting nervous. What if they’re next to get the “Sony treatment”?
Hacking Team Hacked
Hacking Team specializes in surveillance software—software designed to enable a corporation or government to surreptitiously monitor and collect data. The catalyst for the breach of Hacking Team data is probably related to which nations or governments Hacking Team is working with. The Enemies of Internet project lists Hacking Team as an offender due to alleged ties with countries known for human rights violations, but Hacking Team has publicly denied working with such repressive governments. The leaked data seems to prove The Enemies of Internet right.
Steve Ragan has been covering every detail of the unfolding events in a sort ofliveblog-esque pair of posts he has been updating frequently. In one update Ragan notes, “Christopher Soghoian says that based on the Torrent’s file listing, Hacking Team’s customers include South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia. Yet, the company maintains that it does not do business with oppressive governments.”
Later Ragan provides a more detailed lists of countries Hacking Team has allegedly worked with or is still working with, including Egypt, Ethiopia, Morocco, Nigeria, Sudan, Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States, Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand, Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary, Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman, Saudi Arabia, and UAE. He points out that the list of clients and invoices for large sums seem to invalidate Hacking Team’s claims that it doesn’t do business with abusive governments.
Hacking Team Is Not Alone
This is all very interesting in a schadenfreude / train-wreck sort of way. It’s similar to the way Sony executives were dragged through the mud like tabloid cover stories when its data was leaked to the public. Instead of thinking, “Wow. Hacking Team is a really deceptive and evil company,” though, you should be thinking, “I wonder which other security vendors are working with which other governments?”
You can read the full story on Forbes: Don’t Assume Hacking Team Is Unique Among Security Vendors.
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022
- Maggie MacAlpine Chats about Collaborative Threat Intel Initiative - October 14, 2022
- Intel Outlines Focus on Innovative Security Technologies - October 8, 2022