Hacking Team, an Italian company which sells surveillance tools to governments and law enforcement agencies, has had its systems breached and 400GB of internal documents leaked.
Tripwire security experts provided the following comments:
Craig Young, Computer Security Researcher for Tripwire (www.tripwire.com):
“These tools could be used by a private corporation to monitor employees. For example, a company concerned about employees stealing trade secrets may pre-load employee computing devices with monitoring software. It could also be the case that some companies would like to glean information from competitors. In some cases, the software may also be used to gain intelligence on customers like a bank validating whether funds are coming from an illegal enterprise. The worst case would be private corporations using this type of software to gain marketing intel by spying on the customers and the general public. It will definitely be interesting in the coming months to hear responses from the companies and anti-virus vendors about where HT software has been deployed.”
Tim Erlin, Tripwire’s Director of IT Security and Risk Strategy (www.tripwire.com):
“While it’s tempting to focus on the potential for scandal spread throughout this data, the details disclosed also provide insight into a previously difficult to characterize economy around custom exploit development. From the data revealed, it appears that government and law enforcement agencies around the world are willing to spend millions of dollars for the type of services that Hacking Team provides.
“This data will provide fuel to privacy organizations to ask difficult questions of government agencies around the world. With so many interested, and conflicting parties involved, the responses over the next couple of weeks will be revealing.”[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire, Inc., a global provider of risk-based security and compliance management solutions, today announced Tripwire® Enterprise™ version 8.3 featuring a new, stand-alone Policy Manager™. Tripwire Policy Manager provides the detailed visibility into system configurations critical to minimizing security risks and ensuring compliance.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.