Major threat: Hacking Team warns its spying tools are now in the hands of terrorists
Following a massive security breach over the weekend, Hacking Team has issued a warning that its surveillance and remote access software could now be used by anyone -- including terrorists. The Italian security and surveillance firm fell victim to an attack that relieved it of 400GB of company data, including source code for its software.
Whoever was responsible for the security breach made this data available via torrent, meaning that anyone was able to get hold of it. Hacking Team's software is favoured by governments around the world for mounting NSA-style surveillance and monitoring programs and the company has now issued a stark warning: "Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so".
Hacking Team says that "a major threat exists" as a result of the source code having been made available online. The security outfit launched an investigation in the wake of the breach and has since determined that "sufficient code was released to permit anyone to deploy the software against any target of their choice".
'Anyone' includes not only the likes of you and I, but also script-kiddies, criminally-minded hackers, and terrorists. The full repercussion of the leak is not yet known, but Hacking Team's technology was sold exclusively to governments and their agencies and this technology is now in the wrong hands. As a result of this, the company says the "ability to control who uses the technology has been lost".
Put bluntly, Hacking Team says:
We believe this is an extremely dangerous situation.
Work is underway to determine if anything can be done to limit any potential damage, but the prognosis is not good. These are tools that were designed to evade detection, to circumvent security measures, and to provide access to just about anything; they were not designed to be reined in. There has been talk recently about governments wanting backdoors to be built in security products, but this is not something that applied to Hacking Team's arsenal:
There have been reports that Hacking Team has 'backdoors' in its systems that would allow us to control the systems remotely. This is simply not true. Clients operate our technology on their own computer systems, and so it is clients who must take action to suspend operations.
For the time being, the majority of Hacking Team's clients have suspended use of its tools and it's now just a case of waiting to see if any group uses the source code for nefarious purposes.