On July 6th a piece of proprietary hacking software, “Remote Control System” was released by an unauthorized party on the internet that could pose a dangerous risk to organizations around the globe. HackingTeam based out of Milan Italy, with offices in Annapolis, the USA, and Singapore, created the tool specifically for IT stealth investigations for law enforcement agencies. According to a powerpoint presentation that was released, RCS can monitor and log any actions performed on a personal computer, including web browsing, opened/closed/deleted files, keystrokes, printed documents, camera snapshots, audio, and Skype video.
RCS can control the targets systems regardless of encryption and mobility. It also offers a centralized graphical user interface to allow the user to monitor multiple targets at once. Eric Babe, Hacking Team’s CMO, has released a statement saying that they understand that now that the software is in the wild a “major threat exists” and that it is “an extremely dangerous situation.” They are hoping anti-virus companies around the globe are working to provide signatures for the compromised RCS. In addition, HackingTeam engineers have a challenge ahead of themselves to alter their code enough to ensure that police and intelligence organizations can continue using the software.
Hacking Team probably sold spying tools to Malaysia
Another leak as part of a 400 GB data heist against HackingTeam was that they allegedly sold the spying tools to the Malaysian Prime Minister’s Office as well as the Malaysian Anti-Corruption Commission. The company appears to have many customers around the globe according to the data that was stolen. Reporters without Borders posted this statement from Hacking Team:
Software developed by Hacking Team is sold exclusively to government agencies, and it is never sold to countries that international organizations including the European Union, NATO and the US have blacklisted. An external committee of legal experts reviews each proposed sale to assure compliance with our policies. Contracts with the government purchasers limit the permissible uses of our software. We monitor news media and other public communications such as blogs and Internet comment for reports of abuses and investigate when appropriate.
It seems however that there are traces around the web by IT security experts that Hacking Team software is coming from countries that don’t necessarily follow the best democratic processes or human rights laws. Some of their clients were Sudan, Ethiopia, Uzbekistan, Kazakhstan, the UAE, and many more. Reference pastebin for the actual document.
For now, all we as a security community can do is update our anti-virus systems and hope we can detect the RCS software. I’m pretty sure no one wants a terrorist literally watching over their shoulder via Skype. Scary stuff.