Categories
Cybersecurity

This is wrong with the Hacking Team statement

Oh dear, Hacking Team is only making it more worse for themselves. Hacking Team has published a new statement on their site, which holds various arguments about the attack on Hacking Team. The Hacking Team company now publicly claims that the media is attacking “Hacking Team” while it has become the victim of a cyber attack. Well d’uh!, you are not selling cookies or anything. You are selling weapons (codes) which are dangerous if placed in the wrong hands.

Hacking Team placed the code in the wrong hands

Yes, hackers have hacked your company, but that is something which HACKERS do. So it is not the hack which is the problem, it is the way how you managed your arsenal and private information which is the problem.

If a physical arms dealer was robbed, you would hear it in the news, and it would be broadcasted globally as news.

Oh shit, that has already happened, Hacking team  – do you remember HBGary? 😉

HBGary Federal was hacked by Anonymous, and the reason was very simple, HBGary was tracking down cybercriminals and hacktivists. Oh wait, remember the GAMMA hack which led to a 40gb leak. Well, your leaked environment is MUCH bigger, so of course you are going to get a lot more MEDIA ATTENTION, and you said it yourself – cyber security is hot, and you failed to secure your own environment while you sell cyber weapons.

So here are the facts you published on your website:

Hacking Team was the victim of a criminal act or acts sometime before July 6.  The attackers stole and then exposed via the Internet company proprietary information as well as personal information of our employees and even some information about our clients.

True, you are the victim. That is very clear.

Data from investigations conducted by Hacking Team clients was not exposed during the attack.  Such information is only maintained on the systems of clients, and cannot be accessed by Hacking Team.

Well done. So you did think about privacy and security.

The criminals exposed some of our source code to Internet users, but by now the exposed system code is obsolete because of universal ability to detect it. However, important elements of our source code were not compromised in this attack, and remain undisclosed and protected.

False. The code can be adjusted, and it has been adjusted. You released a “part” of a “nuclear missile”, won’t be hard for the professionals to use the leaked code.

The company has always sold strictly within the law and regulation as it applied at the time any sale was made.  That is true of reported sales to Ethiopia, Sudan, Russia, South Korea and all other countries.

Sure, that is a very political correct answer. How about your partners and POC’s? 😉

There have been reports that our software contained some sort of “backdoor” that permitted Hacking Team insight into the operations of our clients or the ability to disable their software.  This is not true.  No such backdoors were ever present, and clients have been permitted to examine the source code to reassure themselves of this fact.

I believe that this is true. Why risk this as a security company.

Hacking Team has not been involved in any program to use airborne drones as has been reported.

Alright.

So what do you think about the official Hacking Team statement?!

By CWZ

Founder of Cyberwarzone.com.