Cyber Attacks On Elite Hackers Could Have Been Prevented With Vulnerability Monitoring – Charles Leaver

Written By Josh Harriman And Presented By Ziften CEO Charles Leaver

Hacking Team Impacted By Absence Of Real Time Vulnerability Tracking

These days cyber attacks and data breaches remain in the news all the time – and not just for those in the high value industries such as healthcare, finance, energy and retail. One particularly intriguing occurrence was the breach against the Italian company Hacking Team. For those who don’t recall Hacking Team (HT) is a company that focuses on monitoring software applications catering to government and police agencies that want to perform hidden operations. The programs produced by HT are not your ordinary remote control software application or malware-type recording devices. One of their key products, code-named Galileo – better called RCS (Remote Control System)– declared to be able to do basically whatever you require in regards to “controlling” your target.

Yet as talented as they remained in producing these programs, they were unable to keep others from entering their systems, or find such vulnerabilities at the endpoint through vulnerability monitoring. In one of the most prominent breaches of 2015, HT were hacked, and the information stolen and subsequently launched to the public was big – 400 GB in size. More notably, the material included extremely damaging info such as emails, client lists (and prices) which included countries blacklisted by the UN, and the crown jewels: Source code. There was also in-depth documents which included a couple of really effective 0-day exploits against Flash and Adobe. Those 0-days were utilized very soon after in attacks against some Japanese businesses and United States government agencies.

The big concern is: How could this happen to a company whose sole existence is to make software that is undetected and finding or developing 0-day exploits for others to use? One would think a breach here would be next to impossible. Clearly, that was not the case. Currently there is not a lot to go on in regards to how this breach took place. We do know nevertheless that someone has declared responsibility and the individual (or team) is not new to getting into locations much like HT. In August 2014, another monitoring business was hacked and sensitive files were launched, just like HT. This consisted of client lists, prices, code, etc. This was against Gamma International and their software was called FinFisher or FinSpy. A user by the name of “PhineasFisher” released on Reddit 40 GB worth data and revealed that he or she was accountable. A post in July this year on their twitter handle discussed they likewise attacked HT. It appears that their message and function of these breaches and theft where to make individuals aware of how these businesses operate and who they sell to – a hacktivist attack. He did publish some information to his methods and some of these strategies were most likely used against HT.

A last concern remains: How did they break in and exactly what safety measures could HT have implemented to prevent the theft? We did understand from the launched documents that the users within HT had extremely weak passwords such as like “P4ssword” or “wolverine.” In addition, one of the primary employee systems where the theft may have happened used the program TrueCrypt. However, when you are logged on and utilizing the system, those hidden volumes are accessible. No information has been released as of yet regarding how the network was breached or how they accessed the users systems in order to download the files. It appears, though, that companies have to have a service such as Ziften’s Constant Endpoint Visibility running in their environment. By keeping an eye on all user and system activity notifications might have been created when an activity falls outside of typical habits. Examples are 400 GB of files being published externally, or understanding when vulnerable software applications are working on exposed servers within the network. When a service is making and selling sophisticated security software – and possessing unidentified vulnerabilities in commercial products – a better plan ought to have implemented to minimize the damage.