Fallout from yesterday's enormous dump of internal documents from Italy's notorious Hacking Team, a cyber-arms dealer for the world's worst autocratic regimes, is just getting started.
French privacy consultant Mustafa Al-Bassam received a bogus DMCA takedown from another French company, Lexsi, who claim that the documents he's mirroring "displays sensitive and confidential information." The DMCA is an American statute, of course, and only applies to copyright infringement. Lexsi's interest in Hacking Team is unclear as they don't appear to be mentioned in the dump.
This internal document reveals that the US Drug Enforcement Agency sought Hacking Team's assistance with a tool that let them "receive all the traffic for Columbian ISPs."
Other documents reveal Hacking Team's concerns over EFF's HTTPS Everywhere plugin, which could "send rogue certificates to the EFF SSL Observatory," a public database of known cryptographic certificates used to protect online communications.
Other documents suggested the US FBI was among the customers paying for software that allowed targets to be surreptitiously surveilled as they used computers or smartphones. According to one spreadsheet first reported by Wired, the FBI paid Hacking Team more than $773,226.64 since 2011 for services related to the Hacking Team product known as "Remote Control Service," which is also marketed under the name "Galileo." One spreadsheet column listed simply as "Exploit" is marked "yes" for a sale in 2012, an indication Hacking Group may have bundled some sort of attack code that remotely hijacked targets' computers or phones. Previously, the FBI has been known to have wielded a Firefox exploit to decloak child pornography suspects using Tor.
Security researchers have also scoured leaked Hacking Team source code for suspicious behavior. Among the findings, the embedding of references to child porn in code related to the Galileo.
Massive leak reveals Hacking Team’s most private moments in messy detail [Dan Goodin/Ars Technica]