The document discusses lessons learned from the hacking of Hacking Team, an Italian company that sells surveillance technology to governments. It describes how Hacking Team was compromised after using weak passwords, failing to properly secure their network and data, and not following security best practices. Over 400GB of internal documents and source code were leaked, exposing exploits and surveillance tools. The takeaway is that security companies must practice rigorous security and prepare for being a prime target if they want to advise others on security.
1. Thijs Bosschert
27 oktober 2015, Den Haag
info@radicallyopensecurity.com
thijs@radicallyopensecurity.com
Wat hebben we geleerd van de
Hacking Team hack?
2. May 12, 2014
Radically Open Security
Non-Profit Computer Security Consultancy
We're an idealistic bunch of security researchers,
networking/forensics geeks, and Capture The
Flag winners that are passionate about making
the world more secure. We believe in
transparency and openness. And our goal is to
secure the society that allows us to run a
company in the first place.
https://radicallyopensecurity.com/
3. May 12, 2014
Thijs Bosschert
Freelance Security Professional
• Incident Response
• Forensics
• Penetration tester
• Security researcher
• Trainer
• CTF player (Eindbazen, Hack.ERS)
6. May 12, 2014
HackingTeam
Remote Control System
Take control of your targets and monitor them
regardless of encryption and mobility. It doesn’t
matter if you are after an Android phone or a
Windows computer: you can monitor all the
devices. Remote Control System is invisible to
the user, evades antivirus and firewalls…
Source: http://www.hackingteam.it/images/stories/galileo.pdf
7. May 12, 2014
HackingTeam
Remote Control System
Hack into your targets with the most advanced
infection vectors available. Enter his wireless
network and tackle tactical operations with ad-hoc
equipment designed to operate while on the
move. Keep an eye on all your targets and
manage them remotely, all from a single screen.
Be alerted on incoming relevant data and have
meaningful events automatically highlighted.
Source: http://www.hackingteam.it/images/stories/galileo.pdf
8. May 12, 2014
You will be hacked
Source:
https://twitter.com/hackingteam/status/563356441885835264
25. May 12, 2014
What went wrong?
● Weak passwords usage and re-usage
● No network Segmenting and protection
● No data encryption
● No secure email
● No data classification
● No monitoring
● Incorrect incident response procedures
● Usage of illegal software
27. May 12, 2014
Protection level
Source: http://www.slideshare.net/jaredcarst/cyber-threats-cybersecurity-are-you-ready
28. May 12, 2014
Wat hebben we geleerd?
Als security bedrijf ben je een
gewild target voor aanvallers, dan
kan je maar beter zorgen dat je
daar dan ook op voorbereid bent.