Hacking Team got Hacked!

Hacking Team is an Italian company that sells intrusion and surveillance tools to governments and law enforcement agencies. Recently they got hacked badly which resulted in a massive data breach. The attackers have published a Torrent file over 400GB containing internal documents, source code, and email communications. In addition, the attackers have taken to Twitter, defacing the Hacking Team account with a new logo, biography, and published messages with images of the compromised data.

Overview of hacked Data.

The breached data amounts to a massive 415.77G in size. Downloading the whole file is not so feasible but there is a workaround. A refined version is available, which is about 1.3 GB in size. The original files contain numerous the email communications, which explains its huge size. However, the refined version of the database is very useful if you are really interested in digging for something useful. You can visit the following URL for searching and downloading the data.


This contains accounts and passwords of Christian Pozzi, the person whose computer was hacked and eventually lead to the data breach.

Android Data Files

This is a collection of snooped data gathered from various android devices. Their surveillance app not only monitors telephone calls but also intercepts the audios on wechat, Whatsapp and skype.

iOS & Mac OS

It mainly uses dylib injection to monitor user input, GPS, and the screen information.

Windows Phone & Symbian & blackberry

A RCS Trojan for Windows Phone was found. The implementation of "Activation Track" on WP devices leverages a 0day exploit in the system, which allows the third-party code application to run it as trusted on the system. This RCS can also retrieve information such as contact list, calendar, call history, locations, SMS, and sensor status.


The source code of a fuzzer for Windows was found which includes the Fuzzer testing system targeting IE and fonts. A source code of fuzzer for Android which includes the Fuzzer testing system targeting jpg, SMS, and system call etc was found in the data dump.

Bypass Antivirus Detection

Contains a collection of tools which are used to guarantee their products can bypass the AV detection. From the data, it can be seen that the Hacking Team's tools could bypass almost all major antivirus programs including BitDefender, Kaspersky, AVG, Avast, Norton etc.

Exploit & 0day

There are two major zero day exploits affecting flash, in namely ActionScript ByteArray Buffer Use After Free and the other one CVE-2015-0349. Hacking Team also leverages a kernel driver in Windows: Adobe Font Driver(atmfd.dll) which has a font 0day exploit which can escalate privilege and bypass the sandbox mechanism.

Hacking Team's Tools List

Some dangerous tools used by the Hacking Team is available for free on Github. Those who hacked them uploaded the tools under the name 'Hacked Team'(Suits well :P ). Head over here for over 53 repositories of tools. https://github.com/hackedteam

WikiLeaks Posts Over I million Hacking Team Emails!

WikiLeaks has created a searchable database of more than 400 GB of private emails and source codes dumped on the Internet after unknown hackers breached into Hacking Team's systems and leaked their files online. The WikiLeaks database has around 415 GB of information about Hacking Team's affairs ripe for the picking right there, so it might not be surprising if we find out more governments have been in contact with the Italian firm to purchase its surveillance software. So far, Russia, Chile, Spain, Honduras, Panama, and Malaysia have been exposed to be Hacking Team clients, and no one knows for sure which other countries come up as journalists dive into the treasure trove of information. It can be accessed here Hacking Team Email Database

Want More?

Here is a list of sites from where the sensitive & Interesting data can be obtained.

Audio recordings: http://ht.transparencytoolkit.org/audio/

SQL backdoor left by Hacking Team in in their products:http://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/ALoR/htdocs/conf.php

legal Keys for VMProtect Professional.
https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/ALoR/VMProtect.key https://ht.transparencytoolkit.org/rcs-dev%5cshare/HOME/Ivan/vmprotect/

Check if you are vulnerable to flash 0day. Open this URL http://zhengmin1989.com/HT/index.htm. If the browser pops up a calculator the flash version has this 0day vulnerability. Update it immediately.

Post a Comment