The intentions of the hacker who stole 400 gigabytes of data from Italian surveillance technology firm Hacking Team and dumped it online – revealing the company's valuable secrets, source code, tactics, and tradecraft – are still unknown. If it was a bout of digital vigilantism meant to strike a blow for a more secure and private Internet, however, it failed.
Leaking data that belongs to a company in the business of exploiting software vulnerabilities naturally exposes its techniques and tricks to many nefarious actors. Already, the aftermath of the breach reveals the staggering efficiency and speed with which previously unknown software vulnerabilities – known as zero-days – are being incorporated into exploit tools used by criminal hackers. As a result, the breach has quickly compounded headaches and risk management for overworked security teams.
Following the breach, Hacking Team chief executive officer David Vincenzetti said "terrorists, extortionists, and others can deploy [the Hacking Team] technology at will if they have the technical ability to do so." And he was right. Criminal hackers are already taken advantage of the data dump, putting to use previously unknown Adobe Flash exploits discovered within Hacking Team's source code. Mr. Vincenzetti does, however, omit any reference of Sudan and Bahrain, countries that were sold access to the company’s tools.
Just one day after the first Flash exploit surfaced, the vulnerability was added to numerous kits used to carry out cyberattacks. On July 10, a group of hackers running advanced persistent attacks leveraged this newly disclosed vulnerability in Flash. More recently, two other zero-days for Flash emerged. According to one report, those have also found their way into exploit kits.
This is not the first time vulnerabilities identified in a widespread breach have been incorporated into exploit kits. What stands out about the Hacking Team fallout, however, is the sheer speed at which the company’s zero-days were incorporated into attackers' tool kits.
The cybercrime and espionage underworld is already sophisticated and adept at integrating the latest techniques and technology to make attacks more lucrative and potent. A "cyberarms dump" such as the Hacking Team breach only serves to aid in those efforts.
So, if there's any good that comes from exposing Hacking Team's business practices and customer lists – including shining a light on the shady world of spyware vendors – it has to be weighed against the possible collateral damage that comes with such exposures.
James Chappell is the cofounder and chief technology officer of Digital Shadows. Follow him on Twitter @jimmychappell.