June 26, 2017, 08:39:41 AM

Author Topic: Italian "Cyber Arms Dealer" Hacking Team, has been hacked  (Read 4287 times)

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian SpyWare company Hacking Team Hacked
« Reply #15 on: July 07, 2015, 12:13:55 PM »
Revenue breakdown in Euros

unclear if this is for 1 year or over lifetime

Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian SpyWare company Hacking Team Hacked
« Reply #16 on: July 07, 2015, 12:16:46 PM »
Someone Just Leaked The Price List for Cyberwar
http://www.defenseone.com/technology/2015/07/someone-just-leaked-price-list-cyberwar/117043/

breakdown soon...
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian SpyWare company Hacking Team Hacked
« Reply #17 on: July 07, 2015, 12:18:25 PM »
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian SpyWare company Hacking Team Hacked
« Reply #18 on: July 07, 2015, 12:25:48 PM »
Hacking Team hacked: Spy tools sold to oppressive regimes Sudan, Bahrain and Kazakhstan
http://www.ibtimes.co.uk/hacking-team-hacked-spy-tools-sold-oppressive-regimes-sudan-bahrain-kazakhstan-1509460
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian SpyWare company Hacking Team Hacked
« Reply #19 on: July 07, 2015, 12:33:59 PM »
HT's U.S. Expansion Plans and Prospective customers
https://drive.google.com/file/d/0B2q69Ncu9Fp_VDAwRVk1VDQ1aTQ/view?pli=1

Included: Potential customers NY District Attorneys Office, Office of Naval Intelligence (ONI), Bureau of Alcohol, Tobacco, and Firearms (ATF), Royal Canadian Mounted Police (RCMP), DEA, Naval Criminal Investigative Service (NCIS), Department of Justice (DOJ).
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian "Cyber Arms Dealer" Hacking Team, has been hacked
« Reply #21 on: July 07, 2015, 03:23:34 PM »
Here is Hacking Team's Full price sheet for your governmental surveillance needs
https://admin.govexec.com/media/gbc/docs/pdfs_edit/price_scheme_2015q3.pdf
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian "Cyber Arms Dealer" Hacking Team, has been hacked
« Reply #22 on: July 07, 2015, 04:56:57 PM »
Whats on HT's calendar?
https://www.google.com/calendar/embed?src=q6u0m5c45190u3ukh2fvssm774%40group.calendar.google.com&ctz=Europe/Italy



Mar. 23-27, 2015 - Delivery of Pilot program for Brazil Federal Police
Apr. 13-17, 2015: Training for the FBI (PHOEBE)
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian "Cyber Arms Dealer" Hacking Team, has been hacked
« Reply #24 on: July 08, 2015, 04:25:57 PM »
Probably unrelated, but there is just something too funny about military grade "cyber-weapons" being released onto the internet and then the next day:

Wall Street Journal website goes down mysteriously
http://www.ibtimes.com/wall-street-journal-homepage-wsjcom-down-nyse-stops-trading-computer-glitch-1999756


New York Stock Exchange unprecedented trading halt, major "glitch" blamed
http://www.washingtonpost.com/business/economy/nyse-trading-has-been-halted/2015/07/08/46b51974-2588-11e5-b72c-2b7d516e1e0e_story.html


Computer "GLITCH" halts United Airlines flights for two hours
http://www.reuters.com/article/2015/07/08/us-ual-flights-idUSKCN0PI1IX20150708


« Last Edit: July 08, 2015, 07:55:29 PM by Mr.X »
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian "Cyber Arms Dealer" Hacking Team, has been hacked
« Reply #25 on: July 08, 2015, 07:54:21 PM »
Cybercriminals start using Flash zero-day exploit leaked from Hacking Team
http://www.computerworld.com/article/2945495/security/cybercriminals-start-using-flash-zero-day-exploit-leaked-from-hacking-team.html

Some of the so-called leaked "cyber weapons" are already being used out in the wild...hmmm.
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian "Cyber Arms Dealer" Hacking Team, has been hacked
« Reply #26 on: July 09, 2015, 02:10:57 PM »
Can RCS software plant evidence on a targeted computer to frame them?
https://github.com/hackedteam/rcs-common/blob/master/lib/rcs-common/evidence/file.rb#L17

Source code from the HT leak seems to indicate that the surveillance software used by Governments around the world, has this particular capability. This particular bit of code looks pretty interesting...


Line 14 appears to open a process, for example they use several of the most popular internet browsers:
Code: [Select]
process = hash[:process] || ["Explorer.exe\0", "Firefox.exe\0", "Chrome.exe\0"].sample

On Line 17, it picks a path to the file, the examples are quite telling about what exactly this feature is for:
Code: [Select]
path = hash[:path] || ["C:\\Utenti\\pippo\\pedoporno.mpg", "C:\\Utenti\\pluto\\Documenti\\childporn.avi", "C:\\secrets\\bomb_blueprints.pdf"].sample

Starting from Line 20 to 34, the program appears to generate meta data for a file including a time and date when it was created, and then writes it to the specified path selected above on Line 17:
Code: [Select]
content = StringIO.new
    t = Time.now.getutc
    content.write [t.sec, t.min, t.hour, t.mday, t.mon, t.year, t.wday, t.yday, t.isdst ? 0 : 1].pack('l*')
    content.write process
    content.write [ 0 ].pack('L') # size hi
    content.write [ hash[:size] || 123456789 ].pack('L') # size lo
    content.write [ 0x80000000 ].pack('l') # access mode
    content.write path
    content.write [ ELEM_DELIMITER ].pack('L')
    content.string
  end

  def generate_content(*args)
    [content(*args)]
  end

So now there should be a freshly planted file on the targets computer named, using HT's own example, bomb_blueprints.pdf, just ready and waiting for the Fed's to find. But its lacking any content, its simply an empty container file.

From line 36 to 61, it looks like content is the streamed in and then pieced together:
Code: [Select]
def decode_content(common_info, chunks)
    stream = StringIO.new chunks.join

    until stream.eof?
      info = Hash[common_info]
      info[:data] = Hash.new
      info[:data][:type] = :open

      tm = stream.read 36
      info[:da] = Time.gm(*tm.unpack('l*'), 0)
      info[:data][:program] = ''
      info[:data][:path] = ''

      process_name = stream.read_ascii_string
      info[:data][:program] = process_name.force_encoding('US-ASCII') unless process_name.nil?

      size_hi = stream.read(4).unpack("L").first
      size_lo = stream.read(4).unpack("L").first
      info[:data][:size] = size_hi << 32 | size_lo
      info[:data][:access] = stream.read(4).unpack("l").first

      file = stream.read_utf16le_string
      info[:data][:path] = file.utf16le_to_utf8 unless file.nil?
     
      delim = stream.read(4).unpack("L*").first
      raise EvidenceDeserializeError.new("Malformed FILEOPEN (missing delimiter)") unless delim == ELEM_DELIMITER



I'm not a coding expert, but this looks like a real nasty way for users of the software to plant evidence which according to the softwares own samples would be child porn and bomb blueprints, and then frame the target.  and don't forget that the FBI is using this software...
Open Source Intelligence

BuddhaForce

  • Staff
  • Full Member
  • *****
  • Posts: 103
    • View Profile
Re: Italian "Cyber Arms Dealer" Hacking Team, has been hacked
« Reply #27 on: July 10, 2015, 10:21:01 PM »
Wikileaks releases searchable database of over 1 million emails from HT.
https://wikileaks.org/hackingteam/emails/
Open Source Intelligence

Tags: