Please Support SilentVector:

Sunday, July 12, 2015

SilentVector33: July 5 - 12, 2015 Digest

Hacking Team - July 5, 2015

On July 5, 2015 Italian-based information security company Hacking Team (@HackingTeam) was breached.  400GB of software, email traffic, and internal details of the company's operations were leaked through links tweeted on its own Twitter account.  Embarrassing, indeed.  But embarrassment was the least of the company's problems until WikiLeaks published the information and pumped it through Twitter, where thousands of skilled information managers began to dissect it.

The online machinations of Twitter information security professionals may not pique your interest, but it should.  The trove of information gleaned from these accounts has much to do with the everyday Internet user.  Hacking Team's scope of operations is frightening, invades your privacy, and whether you like it or not, brings dangerous software and its effects directly into your living room.

Hacking Team Privacy Implications

Potentially dangerous implications of this type have not been revealed since Edward Snowden fled the country after revealing the inner-workings of the Prism project, directed by the United States National Security Agency.  If you have ever watched a YouTube video, accessed your banking or utilities statements online, the revelations of the Hacking Team's exploits could have potentially uncovered your identity.

The source for concern is born from a skilled computer security professional's ability to trace Hacking Team's business dealings back to Symantec Corporation.  Symantec is one of the keystone organizations that provides security for the everyday Internet user.  They are partnered with Norton Antivirus and Spyware Removal; some of the most trusted and connected computer security companies in the world.  Most modern computers ship with a version of the Microsoft Windows operating system already installed; Microsoft has a close corporate relationship with both Symantec and Norton Security.

To break it down, there are several different types of internet security certificates issued to reputable companies to do business online.  One is a Secure Socket Layer (SSL) certificate that assists in encrypting your private communications when you deal with your bank (that "lock" icon displayed in your web browser is an example).  
Hacking Team was given a "code signing" certificate, which according to Symantec "will help protect users from downloading compromised files or applications."  This includes "vetting and approval of software publishers, code signing, key protection, revocation, administrative controls and audit logs.  This cloud-based service also features unique or rotating keys to sign apps and centralized protection in Symantec's military-grade data centers."

If you have read Hacking Team's list of clients, that statement is terrifying.  Their clients include the governments of Mexico, Sudan, Morocco, and the United Arab Emirates.  Also listed on their client list are the United States Federal Bureau of Investigation (code named "Phoebe") and the Department of External Affairs (code named "Katie").  If you examine the human rights violations and government corruption of some of the countries on their client list, it is not difficult to question the purpose of their dealings with the United States.

Even more disturbing are file systems found within Hacking Team's leaks which contain traces of child pornography files, installed covertly on the systems of their company's targets.  Coding within their leaked documents shows executable malicious code capable of remotely installing these files on a target computer, which would make an open-and-shut case easily possible, but absolutely illegal.  According to American constitutional law, the execution of this code would be a violation of 4th Amendment rights if a warrant was executed by these means.

Further, all of this code is now in the hands of whomever visits the WikiLeaks website.  The initial breach was exploited because of the most fundamental security flaw imaginable: the CEO of Hacking Team's account was laughably protected by a simple aberration of the word "password."  When you continue reading this, remember that this malicious code and the "professionals" that produced it are still at large.


According to, the events that took place on July 8, 2015 are the equivalent of a cyber-war.  United Airlines grounded all flights, the New York Stock Exchange was taken offline for three-and-a-half hours, and the Wall Street Journal's website was taken down.  Isn't it interesting only three days after the largest IT upset (that did not make the evening news) since 2013 was followed by a huge information outage only three days later, after the Hacking Team's malicious files were released to the Internet?  No one is talking about this.

The government's official statement was that they did not suspect "malicious actors" were responsible for the NYSE computer crash.  Many media outlets blamed a so-called "Black Squirrel" incident, similar to ones that have crashed Wall Street's computer systems in previous years.

From a security perspective, it is now known that the New York Stock Exchange does not immediately route the most current trading data to its floor in the event of a data interruption.  Arguably, the most powerful financial network in the western hemisphere can be crashed by miscreant squirrels chewing through random wires.  Why backup systems, isolated from one another in quadruplicate are not prepared to process this critical financial data are not in place, makes me question the validity of the entire day's events as reported in the press.  Either the reports are faulty, or the information security professionals they hire are inept to plan for such occurrences.

These are not "technical glitches" like hiccups in your Internet connection.  If they are so simple to explain, Wall Street should take a hard look a how they occur and inform the public so their taxes can be better spent defending our infrastructure.

Greece & BitCoin

Because of the ongoing financial crisis in Greece, Bitcoin continues to improve performance.  At the time of publishing this article, @Bitcoin10min reports from July 6 - July 12:

July 6 = $271.59 | €249.09 | ¥1699.32 | £181.93

1h -0.84% | 1d +0.34% | 7d +5.97% | 1m +19.89%

$311.06 | €280.63 | ¥1974.55 | £207.15

1h +1.16% | 1d +6.19% | 7d +14.59% | 1m +33.84%

A $1000USD investment would have yielded $338.40USD since July 6, 2015.

Because of bank closures and the inability to withdraw money from Greek financial institutions, many Greeks have abandoned the Euro to seek shelter in BitCoin.  Price is expected to stay nearly level, with a slight increase as negotiations between Greece and the European Union continue.

Ghost Security & OpISIS

Operations continue between #GhostSec and their initiative, #OpISIS against the Islamic State.  GhostSec uses a unique reporting system, through a handle named the Controlling Section (#CtrlSec) to wage war against the propaganda machine ISIS continues to attempt to maneuver.

In the news, there are often reports of citizens being duped online, crossing borders, and ultimately assisting the Islamic State.  You, reading this right now, you have a voice.  Follow #CtrlSec and get involved.

Former United States Veterans, you can assist in the fight against ISIS by volunteering your skills.  Visit for more information.

No comments:

Post a Comment