Hacking Team to conjure up new surveillance software after security breach
Following a massive security breach, Italian security firm Hacking Team warned that its government-strength surveillance tools could have fallen into the hands of terrorists. The company advised its customers -- including governments and law agencies around the world -- to stop using its software, and is now launching something of a damage-limitation exercise.
Hacking Team has released a statement indicating that far from giving up and admitting defeat, a new, more powerful version of its software will be released soon. The replacement for Galileo, called Remote Control System 10, is described as a "complete revision" of the old system and "not simply an update". The security firm also stresses that not all of its source code was compromised, only code which is considered obsolete.
The statement, which has more than a slight air of a company trying to save face, is defiant in tone. It describes Hacking Team's surveillance software as the most comprehensive and powerful available. It also goes on to say -- in a bid to wipe aside criticism that has cropped up in recent days -- that its system has only ever been sold to government agencies for "lawful" use. It points out that in the cases of Sudan, Ethiopia, and Russia, business relationships have been brought to an end.
Chief Operating Officer David Vincenzetti said:
While it is true that the criminals exposed some of our source code to Internet users, it is also true that by now the exposed system elements are obsolete because of universal ability to detect these system elements. Today we believe it is extremely unlikely that this obsolete code can be used to surveil cell phones, mobile devices or computer communications. However, important elements of our source code were not compromised in this attack, and remain undisclosed and protected.
He went on to try to allay fears that may have arisen following the breach:
We have already isolated our internal systems so that additional data cannot be exfiltrated outside HackingTeam. A totally new internal infrastructure is being buil[t] at this moment to keep our data safe.
Of course, our top priority here has been to develop an update to allow our clients to quickly secure their current surveillance infrastructure. We expect to deliver this update immediately. This update will secure once again the “Galileo” version of Remote Control System.
And because we have always been committed to being the leading technology company in our field, for months HackingTeam has been building a complete revision of our system. Remote Control System, version 10, will be released in the fall. This is a total replacement for the existing Galileo system, not simply an update. Of course, it will include new elements to protect systems and data considering the impact of the attack against HackingTeam.
Despite what Hacking Team says, it is unknown just who has access to the data that was leaked, and how much of it is actually useful. It makes sense that the company would play down any risks that might exist, after all.