Spyware peddler Hacking Team is moaning that, since its internal source code was leaked online, its tools for infecting PCs with malware are now in the hands of “terrorists and extortionists.”
The Italian biz is not wrong … in a way: the leaked code, which exploits vulnerabilities in Adobe Flash and the Windows operating system to hijack computers, has already made its way into criminals’ toolkits. But one could argue that it would have been highly useful if Hacking Team hadn’t left this sort of code lying around for someone to steal in the first place.
Adobe has now patched the security bug in its Flash plugin, and Microsoft is working on a fix for its vulnerable kernel driver.
“It is now apparent that a major threat exists because of the posting by cyber criminals of Hacking Team proprietary software on the internet the night of July 6,” reads a statement on the Hacking Team website.
“Hacking Team’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.
“Before the attack, Hacking Team could control who had access to the technology which was sold exclusively to governments and government agencies. Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so. We believe this is an extremely dangerous situation.”
Hacking Team was thoroughly owned by hackers who managed to extract and dump online this week 400GB of internal company data, including the blueprints to its surveillance software tools and lists of the governments and organizations it had sold the spyware to.
Among those who were said to have purchased the Hacking Team Remote Control System (RCS) spyware package were the authorities in Saudi Arabia, Sudan, Russia, and Honduras. The US government was also a customer.
Now, Hacking Team warns, the leak will allow its surveillance tools to be used by anyone who has “the technical ability” to use its software.
Hacking Team said that “virtually all” of its customers have stopped using RCS, and its programmers are “working around the clock” on a fix, though it remains to be seen just what the “fix” would be for having the source code and customer list of your flagship product posted on the BitTorrent network, various websites and GitHub.
The leaked files also showed that Hacking Team was working on a key-logging Newsstand replacement app for iOS devices; victims would have to be tricked into installing the software from outside the official Apple Store.