Even The Elite Hackers Lack Vulnerability Monitoring – Chuck Leaver

Written By Josh Harriman And Presented By Ziften CEO Charles Leaver

 

Hacking Team Impacted By Absence Of Real Time Vulnerability Monitoring

 

These days cyber attacks and data breaches are in the news all the time – and not just for those in the high worth markets such as healthcare, finance, energy and retail. One especially fascinating event was the breach against the Italian company Hacking Team. For those who do not recall Hacking Team (HT) is a company that specializes in monitoring software catering to federal government and authorities agencies that wish to perform hidden operations. The programs developed by HT are not your run-of-the-mill push-button control software or malware-type recording devices. Among their essential products, code-named Galileo – much better called RCS (Remote Control System)– declared to be able to do practically whatever you needed in terms of “managing” your target.

Yet as gifted as they were in developing these programs, they were not able to keep others from entering into their systems, or detect such vulnerabilities at the endpoint through vulnerability monitoring. In one of the most prominent breaches of 2015, HT were hacked, and the information stolen and consequently launched to the general public was big – 400 GB in size. More significantly, the information included extremely damaging info such as e-mails, consumer lists (and costs) which included countries blacklisted by the UN, and the crown jewels: Source code. There was also thorough documents that included a few very effective 0-day exploits against Flash and Adobe. Those 0-days were used very soon after in cyber attacks against some Japanese businesses and United States government agencies.

The huge question is: How could this occur to a company whose sole presence is to make software that is undetected and finding or producing 0-day exploits for others to use? One would think a breach here would be almost impossible. Undoubtedly, that was not the case. Currently there is not a lot to go on in terms of how this breach occurred. We do know however that somebody has claimed responsibility and that individual (or group) is not new to getting into locations similar to HT. In August 2014, another monitoring business was hacked and delicate files were launched, similar to HT. This included customer lists, prices, code, and so on. This was against Gamma International and their software was called FinFisher or FinSpy. A user by the name of “PhineasFisher” published on Reddit 40 GB worth data and revealed that he/she was accountable. A post in July this year on their twitter handle discussed they also attacked HT. It appears that their message and function of these breaches and theft where to make people knowledgeable about how these companies operate and who they sell to – a hacktivist attack. He did submit some information to his techniques and some of these methods were likely utilized against HT.

A final concern is: How did they break in and what precautions could HT have implemented to prevent the breach? We did understand from the released documents that the users within HT had very weak passwords e.g. “P4ssword” or “wolverine.” In addition, one of the main employee systems where the theft might have occurred used the program TrueCrypt. Nevertheless, when you are logged on and using the system, those concealed volumes are accessible. No information has been launched as of yet as to how the network was breached or how they gained access to the users systems so that they could download the files. It is apparent, though, that businesses need to have a solution such as Ziften’s Continuous Endpoint Visibility running in their environment. By keeping track of all user and system activity alerts could have been created when an activity falls beyond regular habits. Examples include 400 GB of files being published externally, or understanding when susceptible software applications are running on exposed servers within the network. When an organization is making and selling advanced surveillance software applications – and having unidentified vulnerabilities in commercial products – a better plan needs to have been in place to restrict the damage.

~leaverchuck1


No Responses Yet to “Even The Elite Hackers Lack Vulnerability Monitoring – Chuck Leaver”

Leave a Reply