back to article Hacking Team: Oh great, good job, guys ... now the TERRORISTS have our zero-day exploits

Spyware peddler Hacking Team is moaning that, since its internal source code was leaked online, its tools for infecting PCs with malware are now in the hands of "terrorists and extortionists." The Italian biz is not wrong ... in a way: the leaked code, which exploits vulnerabilities in Adobe Flash and the Windows operating …

Coffee/keyboard

"Before the attack, Hacking Team could control who had access to the technology..."

Thank you! Thank you! Oh, you've been a great audience tonight, it's truly been a pleasure telling our jokes to you, but all good things must end and now Hacking Team has to fuck off pronto and stop telling such pathetic lies to an audience as clever as this, who wouldn't actually believe for a moment that nobody else in the whole world could be resourceful enough to find exploitable bugs in the Flash runtime and that all of the staff of all our customers in all of the thugocracies we hawk our wares to are intelligent, diligent, and trustworthy...

g'night!

24
1
Silver badge

"Before the attack, Hacking Team could control who had access to the technology..."

So why didn't they?

7
0
Silver badge

I'm sure that every country's security agencies on the face of the earth have downloaded those files also and are busy using the info in them.

So why would they put source files in a not air-gapped network? I want to say they're not that stupid or ignorant but obviously they were.

7
0
Mushroom

" I want to say they're not that stupid or ignorant but obviously they were."

Why would you not describe them as they are? Not only that they have been acting in ways that are devious, underhand and mercenary. They obviously have no ethical standards at all and are solely concerned with making as much money as possible.

These character are the "enemy within". The scum of the earth and to start whining, about how their incompetence has made the world a more dangerous place defies belief.

So not only stupid or ignorant but hypocrites and liars as well.

16
1
Silver badge
Linux

"patching" needs fixing

We all read articles like this and stroke our beards (or in my case wish I had any useful amount of hair above my neck line), nod appreciatively and look for the next patch window. This is bollocks: patching has to happen yesterday and be unobtrusive: end of.

The first step is removing the need for a reboot when patching. Why the hell does a word processor patch need a reboot? Oh, it doesn't: the only thing at the moment that needs a reboot is a kernel patch and that is being addressed.

Cool.

8
1
Silver badge

Left out the worst part for them.

"Now, Hacking Team warns, the leak will allow its surveillance tools to be used by anyone who has "the technical ability" to use its software."

"And we ain't gettin' paid for it! They'll be using it for free! AAAUUUGGGHHH!"

21
0
Gold badge
Joke

""And we ain't gettin' paid for it! They'll be using it for free! "

Indeed.

You spend literally hours weeks looking for vulnerability in flash and suddenly some thieving ingrate comes along and steals it.

Outrageous.

1
0
Silver badge
Alien

As ye sow ...

"Among those who were said to have purchased the Hacking Team Remote Control System (RCS) spyware package were the authorities in Saudi Arabia, Sudan, Russia, and Honduras. The US government was also a customer."

... so ye shall reap

Cheers

Jon

PS The y above is really a thorne and pronounced "th" so ye is actually "thee".

21
0
Silver badge

Re: As ye sow ...

have an extra upvote for the the correct use of ye olde English

3
0

Re: As ye sow …

Jon, ye was the second-person nominative plural pronoun; it is correct as is. Thee was the second-person singular object form; using thee there would be ungrammatical. If it were intended to be said to a single entity, it would have been “As thou sowest, so shalt thou reap”.

Where “ye” was really “þe” was for the definite article the, e.g. “Ye Olde Hacke Shoppe” was really “Þe Olde Hacke Shoppe”.

0
1

An apt description of "Hacking Team"

As "terrorists and extortionists."

Utter shits, who find zero day exploits and refuse to disclose them to the creators of the software but sell them to others instead.

I can't be bothered to download their crap, can anyone tell me if they have contracts that explicitly prohibit licensees from disclosing the vulnerabilities to the actual authors of the software ? Other similar companies (let's hope you get hacked too, you disgraceful bastards) have such clauses. I remember knowing about a vulnerability because of one of these companies, but being unable to fix it for a while because of these contracts. We eventually figured it out.

As a Free Software author myself, this makes my blood boil.

21
1
Silver badge

Re: An apt description of "Hacking Team"

can anyone tell me if they have contracts that explicitly prohibit licensees from disclosing the vulnerabilities to the actual authors of the software ?

There's no incentive and only a downside to ratting out the software authors. If they do that, a patch will be kicked out and the Hacking Team software will be useless.

4
0
Silver badge
Facepalm

Re: An apt description of "Hacking Team"

"...cyber criminals of Hacking Team..."

Or that's how I read it - very appropriate!

7
1

Well maybe this wouldn't be a problem if Hacking Team had reported the vulnerabilities when they discovered them, would it. That everything is out in the open now is a good thing, at least now everything can be patched rather than exploited by oppressive governments. Hacking Team deserves all the blame here.

As for the terrorist comment, what exactly are terrorists going to do with this? Deface a few small websites? The governments of Saudi Arabia, Sudan, Russia, and Honduras (and depending on your point of view, UK and USA) are far more of a problem.

25
1
Anonymous Coward

The people who hacked "hacking team" could have been black hat and been using their source code for months to aid terrorist activities. If "hacking team" were open they should be thankful if the only people who got into their network were a group who doxxed their very precious cargo rather than using it themselves or selling it on.

What is to stop Government X (Bad) using this same kit against Government Y ("good") as most of Government Y probably had these same vulnerabilities as their software would also not be patched. Did the USA know this software was also in the hands of some hostile regimes?

6
0
Silver badge

A vulnerability is just that

And this, ladies and gentlemen, is the problem with the concept of hoarding exploits - they get out.

This should be instructive for our governments when considering their various proposals to mandate 'crackable' encryption - these 'tools' they covet and demand are vulnerabilities and their existence is a security risk whether they are 'in the wild' or hoarded by a government agency or a private firm.

One thing we need to clear up is this misconception that having someone trustworthy controlling this information somehow makes it all okay. It doesn't; the vulnerabilities still exist. What has been managed is simply the knowledge of those vulnerabilities.

Someone else will come across the same vulnerabilities and, once that happens, you have instant risk to everyone using the software/hardware. There is also the possibility - some would say inevitability - that, as has happened here, the information will be stolen.

The fact that it has happened here should give every government pause. This is a company whose very reason for existing is identifying and understanding vulnerabilities. They get paid to understand the world of 'cyber security' and what is required to breach systems. They are a professional outfit with serious commercial incentive to keep this information safe* and they were breached.

Remember - a vulnerability does not magically disappear simply because only the 'right' people know about it. Sooner or later, someone else will - no matter how clever those protecting that knowledge or how sincere their intentions.

* - After all, if the vulnerabilities are patched, their products become ineffective and thus their business has nothing to sell.

25
1
Silver badge
Mushroom

Wow, these disgusting fucks are disgusting.

These guys sure sound like they are getting serious help from various governmental P.R. departments. Freshly flown in from various repressive regimes, the Cameron outfit and the Hopey-Changey Snake Oil show. Their lobby must be a multicultural event!

"Blame it on Snowden" bullshit emission starting in 3...2...

10
0
Silver badge
Facepalm

"Before the attack, Hacking Team could control who had access to the technology"

"Before the attack, Hacking Team could claim to control who had access to the technology, now we have been exposed as liars and have been forced to rely on misleading PR to maintain our business model."

FTFY.

They knew their job included defending against "terrorists and criminals", and they failed.

Who's for making knowingly concealing a vulnerability from the developer concerned a crime?

10
0
Silver badge

Re: "Before the attack, Hacking Team could control who had access to the technology"

"Who's for making knowingly concealing a vulnerability from the developer concerned a crime?"

Not unless you first make shooting the messenger a crime. Far too many people have tried to report vulnerabilities and promptly been arrested.

6
0
Anonymous Coward

Re: "Before the attack, Hacking Team could control who had access to the technology"

A crime in which country'?

0
0
Silver badge

Oh gee

This is only one of hundreds of different hacking kits available. Face it: you're hacked.

0
0

Any chance

Someone could deface their web page with caricatures of Mohammed so ISIS/IS or whatever they are called this week can bomb the sods into oblivion? Also the same for the FinFisher mob please.

4
2

This post has been deleted by its author

love it !

I love the comment on their banner on the front page:

"Interesting data never gets to the web. It stays ON THE DEVICE".

*BANG*

Damn, my irony meter!!! And it was only 24hrs away from retirement.. :(

11
0
Childcatcher

"Our tools are now in the hands of terrorists and extortionists."

They forgot to include paedophiles and drug dealers...

12
0
Silver badge
Holmes

These guys are a hoot. They are using the newspeak definition of "ethical"

"Whatever I do to get ahead, is ethical"

Hacking Team had not responded to a request for comment on this story at time of publication. On Tuesday, a spokesman for the company told the International Business Times: “We don’t have anything to hide about what we are doing and we don’t think that there is any evidence in this 400GB of data that we have violated any laws and I would even go so far as to argue that there is no evidence that we have behaved in anything but a completely ethical way.”

That kind of culture is totally like seen at the HBGary outfit. These are just collections of "any goes" sociopaths with some technical skills. The worst.

7
0
Silver badge

Or the US government definition.

"If the US government does it, it's ethical. If anyone else does it, it's terrorism"

9
0
Silver badge

Ethics

In this case ethics can be found to the east of London and just north of the Thames.

Sure ain't nowhere else.

5
0
Mushroom

The first rule of twat club

Is to stop publicly highlighting just how much of an inept bunch of twats you are!

Bleating and moaning because you failed in such an epic fashion is probably the worse p.r possible and they deserve to crash and burn.

And that's not withstanding the money they have made providing this stuff to evil and repressive regimes and then lying about it, they deserve it all and much, much more

10
0
Anonymous Coward

"its programmers are "working around the clock" on a fix"

There is not enough duct tape in the world to patch the diarrhea from leaking all over the internet.

8
0

Re: "its programmers are "working around the clock" on a fix"

"its programmers are "working around the clock" on a fix"

Should be:

"its PR is "working around the clock" on a fix"

The shit has hit the fan, it's too late for anything other than damage limitation.

Oh, and good luck with that, I reckon it might be quite a job.

5
0
Silver badge

Re: "its programmers are "working around the clock" on a fix"

Amateurs -- using duct tape that is.

Proper gaffa/gaffer tape would do the trick, but it costs more . . .

0
0
Silver badge
Happy

Re: "its programmers are "working around the clock" on a fix"

"it remains to be seen just what the "fix" would be for having the source code and customer list of your flagship product posted on the BitTorrent network, various websites and GitHub."

Maybe they'll use their '133t h4x0r skillz' to reboot the interwebs and restore it from a pre-hack backup.

0
0

So what you're saying is that only you can be trusted to use the vulnerabilities you discover in code responsibly?

HAHAHAHAHAHAHAAAAAA! That's fucking hilarious!

Dude, if you found them then sooner or later someone else would have too. Chances are people already had and were exploiting them. The fact that all these vulns are now known can only be good news because now it means they'll actually be fixed.

If you discover a vuln and you don't report it to the developer then you're not being responsible. End of.

4
0
Silver badge
Happy

More Popcorn please

The last barrel is empty.

3
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018