After the hack of the controversial government spying and hacking tool vendor Hacking Team by an outside attacker, a large numbers of media headlines worldwide reported the events. [1,2,3]
The hacker announced his attack through Hacking Team’s own Twitter account some of its most guarded secrets have started to come to light including the list of the customers, internal emails and the source code of their most valuable software, RCS (Remote Control System) Galileo. [4]
The legend of Hacking Team had fallen in the mud: the Italian Ministry of Industry closed the story recently revoking the export license for the Italian company’s products. [5]
As Lorenzo Franceschi-Bicchierai (@LorenzoFB) wrote later on Motherboard in his famous article: “A Notorious Hacker Is Trying to Start a ‘Hack Back’ Political Movement” [6] the Hacker not only shown himself with the name of Phineas Fisher as the responsible of the attack. He wanted to give to his act a background based on a true political intention: “After eight months of almost complete silence, the pseudonymous digital vigilante [7] behind the hack has resurfaced, publishing a detailed explanation [8] of how he broke into the company’s systems and laid bare its most closely guarded secrets.” [6]
In this description was reported not only a style of attack, rather a “hacking lifestyle” a way to fight against “the System” of the banks and corporations, defenders of the status quo: against this “System”, all free people must start to fight:
“Hacking is a powerful tool. Let’s learn and fight!” he wrote, adding sentences like “our keyboard is our weapon”. His main thought can be summarized in this sentence: “I don’t want to be the lone hacker fighting the system. I want to inspire others to take similar action.” [6]
But like for many “political movements” of the 20th century the heterogony of ends was behind the corner: the “heterogony of end” is a famous expression formulated in 1886 by the German philosopher Wihelm Wundt and denote the phenomenon that a goal-directed activity in the History often causes exactly the opposite result of the goal was intended to achieve, event beyond the most faithful intentions.
A very interesting article on this side was written by Nicole Perlroth (@nicoleperlroth) on the New York Times:
“Governments Turn to Commercial Spyware to Intimidate Dissidents” [9] and gives the sense of a possible paradigm shift, a probable change of the “business model” regarding the procurement process of surveillance and state spyware technologies by Governments and Law Enforcement Agencies.
Maybe not for all the governments at the same time, maybe not all at once, but is possible to figure out that something has changed definitely after Hacking Team data breach.
Times seems to be mature, in fact, for many Governments to build up their own surveillance and spyware systems for many “good” reasons: this is going to create a new age of specialized technologies like never before.
Let us analyze the reasons behind what seems an inexorable choice unintentionally promoted by Phineas Fisher attacks.
First of all the breach realized of Hacking Team exposed the secrets of a lot of States like U.A.E. and many others, achieving what they absolutely never wouldn’t like to see: their secret and classified information regarding their internal affairs spread all around the world.breach realized of Hacking Team exposed the secrets of a lot of States like U.A.E. and many others, achieving what they absolutely never wouldn’t like to see: their secret and classified information regarding their internal affairs spread all around the world.and many others, achieving what they absolutely never wouldn’t like to see: their secret and classified information regarding their internal affairs spread all around the world.
Second, today like never before, they are aware that the use of foreign company’s tools as Hacking Team revealed as a necessary evil of which they have repented bitterly and that probably now is a strategy that belongs to the past.that probably now is a strategy that belongs to the past.
Third, if in the past years, they “had” to buy external tools, now how as Nicole Perlroth writes, now how as Nicole Perlroth writes, “a number of companies in the United States are training foreign law enforcement and intelligence officials to code their own surveillance tools. In many cases, these tools are able to circumvent security measures like encryption.” [9]
Fourth, paradoxically now, thanks to Phineas Fisher, States like U.A.E not only are growing in skills as a mandatory necessity to keep anonymous their secrets: they can be able to customize even the source code of Galileo if they want, for example, and this sounds like a nemesis.
Fifth, now the new under developing State spyware and Surveillance tools will be probably even more difficult to locate and recognize because every single State will develop its own internal technology, giving to life so many different instances of “Galileo facsimile tools” difficult to intercept – at least at the beginning – especially for the human rights advocate hackers.
History is a strange thing and the heterogony of ends it is not always able to succeed: but from the premises, it seems that this new road is the obliged choice after the Hacking Team data breach. Writes again Nicole Perlroth: “The U.A.E. has gotten much more sophisticated since we first caught them using Hacking Team software in 2012.” … “They’ve clearly upped their game. They’re not on the level of the United States or the Russians, but they’re clearly moving up the chain.” [9]
They have clearly upped their game: being able to “developing their own custom spyware to monitor their critics at home and abroad”. [9]
We will see if all the States have been customers of the Italian company will effectively follow this new move.
[1] https://www.theguardian.com/technology/2015/jul/06/hacking-team-hacked-firm-sold-spying-tools-to-repressive-regimes-documents-claim
[2] http://www.zdnet.com/article/hacking-team-hit-by-breach-files-suggest-it-sold-spyware-to-oppressive-regimes/
[3] http://www.forbes.com/sites/thomasbrewster/2015/07/06/hacking-team-hacked/#391039fe350f
[4] https://motherboard.vice.com/tag/Hacking+Team
[5] http://securityaffairs.co/wordpress/46060/laws-and-regulations/hacking-team-export-license-revoked.html
[6] http://motherboard.vice.com/read/notorious-hacker-phineas-fishers-is-trying-to-start-a-hack-back-political-movement
[7] https://motherboard.vice.com/read/hacker-claims-responsibility-for-the-hit-on-hacking-team
[8] http://pastebin.com/raw/GPSHF04A
[9] http://www.nytimes.com/2016/05/30/technology/governments-turn-to-commercial-spyware-to-intimidate-dissidents.html?_r=0
About the Author: Odisseus
Independent Security Researcher involved in Italy and worldwide in topics related to hacking, penetration test and development.
[adrotate banner=”9″]
(Security Affairs – Hacking Team, surveillance)