Hacking Team Is Back In Business, But Struggling To Survive
Earlier this year, a representative for the notorious surveillance vendor Hacking Teamtraveled to South America to pitch the company’s marquee spyware product to a potential new customer.
The representative gave a presentation at the office of a government agency, showed off the spyware control center, and handed out some marketing materials.
It was an unremarkable sales pitch—affirmed by the fact that the potential client decided not to buy, according to a source who attended the meeting—except for the timing, which was almost six months after what some consider Hacking Team’s near-death experience.
“The presentation was crappy, their [source] code is available [online], and they have lots of technical limitations.”
Companies providing hacking services to government and law enforcement are gaining increasing attention. This week, an Israeli company called Cellebrite came into the spotlight after it was reported that it may be helping the FBI break into a dead terrorist’s iPhone.
Hacking Team is possibly the most notorious example of this type of company, in no small part thanks to a mysterious hacker only known as PhineasFisher, who allegedlybroke into Hacking Team’s internal servers, exposing virtually all its secrets, including its secret list of customers, as well as the source code of its software in July of 2015.
Some experts predicted this would be the end of Hacking Team’s business. How can a company that claims to be an expert on hacking allow itself to be so thoroughly compromised? And yet, since the breach, Hacking Team has been rebuilding. The sales pitch in South America shows that Hacking Team is back in business—or at least, it’s trying to be.
There is other evidence of the company’s return. At the end of last month, security researchers found traces of a new sample of the company’s spyware in the wild. Hacking Team itself has gone on a rare PR push, claiming a comeback. In a glowing article in an Italian magazine that resembles more of a press release, Hacking Team’s CEO claimed to have recovered all the company’s customers.
“Our technology is now even more invisible, and stronger than before,” he told the newsweekly Panorama in a recent print article titled “Hacking Team’s Revenge.”
“Our technology is now even more invisible, and stronger than before.”
But according to sources close to the company, the company is struggling to get back on its feet.
A person close to Hacking Team, who also spoke on condition of anonymity, said that the company has lost some of its customers, and hasn’t added any new ones in the last few months. Ten employees, including the chief technology officer, the chief operations officer, and the operations manager, left in the months following the hack.
Furthermore, the source who attended the meeting in South America was decidedly underwhelmed. “The presentation was crappy, their [source] code is available [online], and they have lots of technical limitations,” said the source, who spoke on condition of anonymity because he wasn’t allowed to talk to the media about the meeting.
Hacking Team also apparently had a few new tricks that former employees found worrisome. During the meeting with the South American government agency, according to the source who was present, the company’s representative circulated a list of current customers, as well as a table comparing RCS with the competing spyware FinFisher, which was also hacked as part of a breach at Gamma International in 2014.
Both practices, according to multiple former Hacking Team employees, were never part of the protocol when dealing with new potential customers.
A portion of the table comparing Hacking Team’s Remote Control System and FinFisher.
Especially talking about FinFisher was a “big no,” according to a former employee, who also requested anonymity. “[That’s] just tacky and looks bad on you,” the former employee told me. “Does not really change idea of anything. You always are selling the best. Why compare?”
Most of the documents shared by the source were part of the leaked data posted online last summer by the PhineasFisher. But the table comparing FinFisher to Hacking Team appears to be more recent, and was not included in the leak. In fact, the document mentions Apple’s iOS 9.1 as one of the operating systems that can be spied on with RCS. iOS 9.1 was released on October 21, 2015, which suggests the new software was prepared after the hack.
While no document such as this one exists in the leak, another former Hacking Team employee told me that during his time at the company, he had seen a similar document.
“Those tables existed. I’ve seen them many times, concerning older versions,” the former employee, who reviewed the leaked document, told me. “They used the same format, same font, and same color. This is very likely genuine.”
There’s also another sign of the document’s legitimacy. The file’s metadata lists Daniele Milan, Hacking Team’s chief operating officer, as the author of the document.
The fate of Hacking Team is anyone’s guess, but it’s clear that the company is trying all it can to stay afloat.
In February, however, Hacking Team’s spokesperson Eric Rabe claimed everything was A-OK at the company. “Business continues at [Hacking Team],” he said in an email. “The customers’ systems were back online last fall.”
Asked about the loss of key employees, Rabe dodged the question, saying that “employee turnover has been normal, so some have moved on, but the company is always looking for good computer scientists and sales people.”
When asked about the South America meeting, Rabe declined to answer questions. “You must realize that these questions ask Hacking Team to disclose proprietary information,” Rabe said in an email.
Rabe added that “Hacking Team does not discuss current or pending business deals, nor identify clients or their locations,” and “the company does not sell against FinFisher or any particular competitor, but rather makes the best possible presentation and lets the quality of the Hacking Team technology and service speak for itself.”
But thanks to last year’s hack, we at least know which countries in South America were already Hacking Team’s customers: Brazil, Colombia, Chile, and Ecuador. Moreover, leaked emails from 2014 and 2015 show that the company was already trying to expand its reach in the continent, trying to set up meetings and demos with government agencies in Paraguay, Uruguay, Argentina, Peru, and Bolivia.
At this point, the fate of Hacking Team is anyone’s guess, but it’s clear that the company is trying all it can to stay afloat.
Source | Motherboard