The Hacking Team

Italy is not a country one usually thinks of when they think of hackers or even IT in general. With its perennially slow growing economy and focus on traditional businesses, like wine and sport cars, there are not a lot of startup tech companies there as compared to other places. Nor are there many startup criminal hacker enterprises either, such as one finds in nearby Romania. But Italy is home to one of the most important professional hacking companies used by governments, known simply as Hacking Team. They call their product Galileo.

The company makes no secret of who their target customers are. They headline their website with with “The Hacking Suite for Governmental Interception,” underlining that with, “We believe that fighting crime should be easy: we provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities.”

Usually espionage firms keep a low profile. But The Hacking Team was shoved into the public limelight by one highly embarrassing data leak. In 2015, a hacker stole internal emails and their valuable source code and put it on bittorrent sites.

 The hacker named Phineas Fisher stole an incredible 400 GB of files and hacker into their Twitter account. This is the same hacker who hacked into the German intelligence hacking firm Gamma, who writes the highly effective million dollar Finfisher exploit set of tools. They have no website, preferring to be secret like an intelligence firm should be.

The hacker gained access by hacking the accounts of system administrators at Hacking Team. That just stress the point that people with root access to file systems do not need access to all repositories as it exposes a company to this risk. None of the company’s data was encrypted either. Ouch. That is two black eyes for a company who is supposed to know about such things.

the hacking team

The leak led Abode and other vendors to quickly rush to fix security weaknesses in their software that Hacking Team had been exploiting.

WikiLeaks has indexed their emails in a searchable archive here. Journalists and others went through all those emails and showed that Hacking Team had been working with repressive governments, like Saudi Arabia, as well as those that are not repressive, like, Chile, as well as the USA. You can see that list on Wikipedia here.

That article says Hacking Team got its start when the Italian government approached two Italian programmers, Alberto Ornaghi and Marco Valleri, who wrote Ettercap, which is used to spy on Skype phone calls. The government wanted the programmers to modify the program to put it to other use.

Now the source code for Ettercap is public source. You can download it here from Github. The site says it can be used for man-in-the-middle attacks. No one has updated it since 2014.

hacking team galileo

If you download it and look at the README it tells you something rather clever. They explain that when you use a tool like this to do packet sniffing it does not matter what order the packets are in, as you can read them anyway. Here is how they explain that:

Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer are in the rghit pclae.

They then go on to explain how to exploit bridged networks and use other techniques to set up a man-in-the-middle attack. All of this should be required reading for those of you who want to learn more about how to protect yourself from such mischief.

▼ Show Discussion

About the author:

Karolis Liucveikis

Karolis Liucveikis - experienced software engineer, passionate about behavioral analysis of malicious apps.

Author and general operator of PCrisk's "Removal Guides" section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over five years working in this branch. He attended KTU University and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications. Contact Karolis Liucveikis.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Virus and malware removal

This page provides information on how to avoid infections by malware or viruses and is useful if your system suffers from common spyware and malware attacks.

Learn about malware removal