I do not want to sound shockingly naive, but I wonder how these people can sleep at night. You've just sold software to some of the most brutal governments in the world, who will use your technology to track down and brutally torture incredibly brave human rights activists.
How can you do this, and still get up in the morning while looking at yourself in the mirror? I can understand petty crime if the alternative is watching your family starve, but these are all skilled software developers, it's not like they will have a hard time finding a job.
The people who are involved in this should be forced to watch videos of what those friendly governments do to the civil rights activists they catch.
People who join the US army should be forced to watch videos of Abu Ghraib and Guantanamo torture, they should be forced to watch testimonies of people in drone-bombed municipalities. But I am afraid that for many the "we good, they bad" mentality would justify those atrocities. Like another commenter said, who is bad and who is good really depends on your viewpoint.
I think that's a little bit of an excessively simple viewpoint. The US army does much more than Abu Ghraib, Guantanamo and drones (in fact, a lot of what you just described is probably managed by agents outside the army such as the CIA). To flip this around, should every employee of a Silicon Valley company be shamed for rising property values in the area that have left many homeless? Should every Google employee be shamed for the illegal wifi capture done by Streetview vans?
> should every employee of a Silicon Valley company be shamed for rising property values in the area that have left many homeless?
Property values have nothing to do with homelessness. The roots of homelessness lie in the closure of mental-health facilities all across the US and California. These people need mental health counseling more than anything else.
it's not just closure of mental-health institution. You may also say the roots of homelessness lie in liberal values.
Here is a bit of context for often mentioned closure of mental hospitals/services: at first there was a decision NOT to force anyone with mental issues to be admitted into such establishments against their will unless they dangerous to themself/others. And only ofter that closures of half-empty at that point mental facilities started.
How do you think, how many of those psychos on the streets of SF/SJ will seek institutionalising on their own?
" You may also say the roots of homelessness lie in liberal values."
LOL - no. Liberal values include state housing which is proven time and time again to end mass homelessness at a smaller cost than the law enforcement, judicial and social cost of managing homeless populations. Liberal values strongly support taking from the rich to support the poor, including the mentally ill and homeless. You do not see many liberal values at play here.
Conservative values of "everyone must work, no work means you get no pay, no pay means you have no home" is the core cause of modern homelessness.
Not everyone in our society will or can work, and those who don't are lucky enough to be supported privately or publically or they're eventually homeless. This is the reality of a conservative value system.
Also, it's not just mental illness, homeless and mental illness are not synonyms. Many people are homeless, living in cars, couch surfing, and are not mentally ill requiring institutionalization.
Not everyone in our society will or can work, and those who don't are lucky enough to be supported privately or publically or they're eventually homeless. This is the reality of a conservative value system.
That's not the reality of a conservative value system. That's just reality.
>LOL - no. Liberal values include state housing which is proven time and time again to end mass homelessness at a smaller cost than the law enforcement, judicial and social cost of managing homeless populations. Liberal values strongly support taking from the rich to support the poor, including the mentally ill and homeless. You do not see many liberal values at play here.
It's pretty ridiculous to say that when in democrat-controlled areas (I will strip the political posturing from the "liberal"/"conservative" weasel words to the teams they refer to, democrats and republicans) there is still plenty of homelessness, very little state housing, and plenty of law enforcement.
DC has been controlled by democrats for decades, as has Chicago, and I know DC has been having a great time selling off homeless shelters so developers can keep gentrification rolling.
Pretending that the other team is responsible for all the world's ills is so juvenile. Can you really not see how partisanship has literally blinded you?
That's almost certainly true. However, it's equally almost certain that they would agree with the statement that the Republican Party embodies conservative values.
I'd also like to clarify: I was neither assuming nor asserting that the Democratic Party "embodies" "liberal" "values". Rather, I was asserting that the use of the term "liberal" is a weasel word meant to refer to a in-group centered around the Democratic Party, not any political ideology.
I'll paraphrase it for you: psychos on streets are caused not by closure of mental health institutions, but by decision not to put them there in the first place. Closing of empty hospital after that was just a question of time.
to clarify it further:
I'm not trying to talk about homelessness in general. That's very complex subject. State housing - haha, welcome to 6th street/any sro in tenderloin, tell me how great that solution is.
DanBC: how does what work? It's not about availability of services, it about engagement in it. There are programs in US too.
Something people here looks like don't understand: there are resources for homeless. May not be enough but it's not nothing. There multiple programs to help. How about places where you should be sober to stay? AND HOW ABOUT STREET PEOPLE WHO'RE SAYING FK THAT, I"LL BE DOING WHAT I WANT? how about all the free rides to all the hospitals and emergencies? do you think they turned down? People here on HN are sitting in warm chairs and projecting themself on others. NOT EVERYONE IS THE SAME. And plenty of people on streets are genuinely fked up. but you may keep thinking about throwing little money toward them and how it suppose to fix it all.
actually fuck that. I keep forgetting how people like to talk about ideas and theories about crazies (crazy enough to be shitting in the middle of main city streets in front of eateries) suggesting that they just need a little money thrown their way to fix it all. Those are degenerates and not someone who just doesn't work.
I find it incredibly ironic that you're espousing these types of arguments in a thread dedicated to black-hat programs used by developing world States.
To anyone without sufficient knowledge, such tools would lend an air of almost magical ability to the reputation of organizations who already rely on fear, persecution, physical & emotional violence and so on.
The irony being that many of the tools of the trade can be used to break the will of those deemed non-acceptable. I'd suggest you look up "gas lighting".
Points if you understand what my user-name is referencing.
>Should every Google employee be shamed for the illegal wifi capture done by Streetview vans?
Oh FFS. I dislike Google. But doing tcpdump and forgetting to write -s 64 should hardly be a crime. Just because courts are technologically incompetent doesn't change the ethics of it.
No, the landlords and the activists who block new development should be shamed. They're milking the tech industry for all it's worth, with the side effect that middle income people are thrown under the bus. The tech industry is the victim of this scam.
> To flip this around
And that is to flip it a lot. The talk was about direct help to commit crimes against humanity. Your examples don't apply at all.
I think that helping dictatorial regimes to commit crimes should be itself a crime. "I just did it for money" is not an excuse legal nor moral.
> The US army does much more than Abu Ghraib, Guantanamo [...]
Sure. If it was just that stuff we'd abolish it.
But recruits (and the public) need to see the atrocities they needlessly commit all to easily. Without knowing the costs of the tool, how can we reasonably use it? Hmm?
> [...] illegal wifi capture [...]
No, nobody should be held liable for breaking stupid laws and making it illegal to listen to radio signals (that even pass through your body) is not only rude and unreasonable, but also 100% unworkable. Such a law only provides broken but apparently working security - the worst kind. Users think it's hard to get into their devices so they don't demand stronger devices, and so actual bad-guys have a field day.
Rising property values doesn't sound that bad compared to actively helping repressive governments to hunt, torture and murder the people speaking against them.
Another reply mentioned how the same questions can be asked of people joining the US military. And I'll add the examples of buying clothing made in sweatshops, hi-tech devices made in sweatshops, blood diamonds, bottled water, and even factory-farmed meat if your concern for suffering extends beyond human suffering.
It's easy to ignore the consequences of your choices when they do not directly impact you or the people you know and care about. I am not crying 'hypocrisy!' here--I take part in these systems too--only pointing to things that many of us do that can be viewed with equal abhorrence by those who pay attention to them. And I think that is the answer to your question: it's all in what you pay attention to.
A lot of people fail to understand what sociopaths are like. They do not, can not care in the way that most people do. The best they can do is pretend to care.
We should be very careful about labeling selfish people as sociopaths. It's easier to believe that there are incurable monsters among us, because this lets us be self-righteous in containing and punishing them.
IMHO simply realizing that there is a scale of selfishness that extends way beyond where you think the limits are is more predictive and actionable.
Because they're disconnected from the consequences of their actions.
I really doubt they're getting back business case studies talking about how they tracked down some dude and tortured him thanks to the information gleaned from their products (but now we can find out if they did get these).
I've asked people who work in these fields those same questions. Answers were along the lines of "someone else will do it if I don't" or "it's less violent than the actual violence the government would use otherwise." The reality of it is that you have to stop caring about the effects of your actions at some point: all the stuff we use daily is a product of exploitation and suffering of others with a dash of ruining the planet for future generations, yet we don't have a problem looking ourselves at the mirror.
You know, this is what I keep asking myself about all the fine folks in defense, developing the newest fucking weapons/plane/gun/drone/whatever which _will_ be used people in other countries.
We should introduce a "walk away from your job"-kickstarter thing to encourage leaving those positions.
There's a wide range of moral gray area there. Imagine, e.g., a US contractor who builds converters that make dumb bombs into smart bombs. The US is going to bomb people anyway; better that they hit fewer non-targets along the way.
> The US is going to bomb people anyway; better that they hit fewer non-targets along the way.
This has been used as a talking point pro smart bombs for some time now - and yet we have still bombings of weddings with a civilian hit rate of nearly 100%.
Killing is is still killing, no matter how smart the weapon is.
I think you should check out how bombing was conducted before the introduction of the smart bomb. We used to intentionally and systematically destroy entire civilian populations.
I'll let the people bombing you know that you are unhappy they have bombs and refuse to make your own to deter them from bombing you because you don't support the use of bombs.
Would you like your message to include the sound of the bomb explosion that killed your brother or should we leave that out?
The point people are trying to get you to understand is that there are hundreds (if not thousands) of years of human history that has shown that when two groups of people disagree and cannot come to an agreement: they war.
Even when they reach an agreement, it's possible that one group will backstab the other group. Or perhaps they interpreted a given part of an agreement in different ways and are now arguing over which is the proper interpretation (a naive understanding of the Shia-Sunni relations)?
So Group A decides they are correct and will force Group B to agree by force. They approach Group B with their army armed with bows and swords. Group B has to submit to Group A, die, or fight back. To fight back they need a better trained army with superior bows and superior swords.
Group A is fearful that Group B now has a superior army with superior weaponry. So Group A invents guns. The sword-armed troops of Group B no longer stand a fighting chance against Group A. Fearing they will have to submit to Group A or die - Group B invents explosives... and so on and so on.
Now we have nuclear weapons that devastate miles of land and kill anyone caught in the blast. Fearing that a war between Group A and Group B would kill both sides and a Group C might enforce their ways, Group A and Group B have decided against using such powerful weapons against each other.
Now imagine you have 250 groups.
248 don't believe in using bombs.
Which 2 groups are in power? Hint: it's not one of the 248 "peaceful" groups.
A nation's strong defensive capabilities deter action. If Ukraine had NATO level arms that could counter Russia's weapons, there would be no war in Ukraine right now. Instead, their military is all Soviet relics that current-gen and even most last-gen Russian arms can easily overrun; thus the Russian led artillery, Russian led AA, Russian led forces, and Russian special ops making mincemeat of their military.
Its incredible how people pretend deterrence isn't real or a social benefit. Nation state warfare follows pretty simple game theory rules. You'd think techies would understand this. We're living under the most peaceful time in human history thanks to major deterrence, including but not limited to nuclear arms.
--
Dr. Steven Pinker, Pulitzer prize-winning author and Harvard psychology professor, writes, “Today we may be living in the most peaceful era in our species’ existence.” He acknowledges: “In a century that began with 9/11, Iraq, and Darfur, the claim that we are living in an unusually peaceful time may strike you as somewhere between hallucinatory and obscene.” Pinker points out, wars make headlines, but there are fewer conflicts today, and wars don’t kill as many people as they did in the Middle Ages, for instance. Also, global rates of violent crime have plummeted in the last few decades. Pinker notes that the reason for these advances are complex but certainly the rise of education, and a growing willingness to put ourselves in the shoes of others has played its part.
The alternative to cold wars is hot wars. Do you really want another WWII (60 million dead)? The idea that peace will happen if we make shitty arms is historically untrue. The idea that peace happens when we make cutting-edge arms is historically true.
There is very little difference between arms and modern industrial chemicals. Without arms, we can still kill large populations by destroying their water supplies and crops. Even if you managed to rid the world of every weapon more advanced than a knife, if/when conflict arises, we can kill populations at a grander scale than ever before.
He is is making the correct assumption that even if some people want peace others will be more than happy to kill you and rationalise that it was actually a good thing. So you are both right: the alternative is peace or war. I would definitely prepare for war though. To do otherwise is naive and gratuitously stupid.
Si vis pacem, para bellum may be a practical advice, but the outcome of it is an arms race. Which is a big problem, because that feedback loop ties up resources and manpower that could be better used elsewhere. So even if it is the most practical option now (since we don't have a single global government), we need to recognize how shitty it is and maybe figure out how to reduce its impact.
But the nuclear game theorist's argument has always been that while functionally more dangerous (i.e. life on this planet could be obliterated at any moment), a nuclear-tipped détente has greater stability than any alternative (i.e. it is least likely to lead to hostilities).
I see the argument for nuclear de-foresting a lot like the argument against nuclear power. Yes, at face value it seems an obvious best option. However, when compared to the realistic alternatives, other approaches may be preferable.
It also allows both sides to maintain a minimal standing army while maximizing the cost of an opponent initiating hostilities. Most of the West's strategic nuclear position has historically been to counter an overwhelming Warsaw Pact numerical advantage in European conventional forces.
Deterrence indeed; the nations keenest right now on developing their own nuclear weapons (DPRK and Iran, I'm looking at you) are doing it because they know damn well it's the only way to be safe from the world's current invasion-happy globe-trotting nation and favoured sidekick (who, to be fair, do seem a lot less keen to invade other countries after the long series of monumental clusterfucks in Iraq and Afghanistan). The question is can they develop them before said warstarters decide to invade anyway?
China remembers what the US was thinking the last time it was yomping about near the Yalu River and certainly won't put up with anyone invading the DPRK, so they're safe at least from that quarter, but if I was Iran, having watched Iraq get invaded and then screwed over for a decade for essentially no reason whatsoever, I'd be really keen to have some kind of deterrence before the US decided to invade.
There is a relatively seductive and possibly correct argument that stability and predictability trumps human rights.
It's the reason Russians can be nostalgic for Stalin, etc. Revolution is messy. If the activists who were pressuring Assad for reforms had known that his reaction and the counter-reaction would lead to 250k+ deaths and the destruction of their country, would they have pushed as hard? Would they have been content with a phased approach, even though that would mean continued violations of their human rights?
One mans freedom fighter or activist is another mans terrorist.
Besides, it is human nature to be morally flexible. Many people don't really register atrocities of any scale as long as they don't affect their daily lives.
That's not to say this isn't terrible or shameful behaviour. It's just common terrible, shameful behaviour.
You've just sold software to some of the most brutal governments in the world, who will use your technology to track down and brutally torture incredibly brave human rights activists.
You make so many assumptions about the viewpoint of the other person and then state that you cannot understand how they behave like this. Of course you cannot, you've phrased the question in a way which doesn't necessarily even make sense from their point of view.
Of course, everybody has reasons, that's a given. Ranging from different perspectives (that is, knowing things others don't, or being ignorant to things others know), over rationalizations to pathology - nobody does anything ever without reason.
Yet "I didn't know" or "I really like doing this" or "I can't feel empathy and/or reason well" are not always a good argument for doing something. It's a good reason to not hate a person, but not to just let them do whatever.
Okay, if they're willing to issue a statement I'd be willing to hear them out :P But that's not the same as someone saying they might have a good reason.
It's very possible that I've made some unfair assumptions. Could you give me a more fair representation of what goes into the mind of someone selling surveillance software to Sudan or Omar?
I actually have software that'd be a decent fit for this use case. I'm working on bringing it to market for VoIP companies to use in troubleshooting networks. (Hint: It's super effective. At one place we cut ticket response times down by an enormous factor.) And one benefit I'm planning on adding is lawful intercept. A lot of VoIP companies are sitting at risk of getting a valid warrant and having no way to respond. Some companies sell technical insurance (pay monthly, they'll overnight an intercept box if you get a warrant) for this exact reason and it's not cheap. Only problem is CALEA has this dumbass weird format to provide the data in. But hey, that's worth like $100K a year per company or so...
But it'd also be rather well suited for a government wanting to monitor connections. Just some scaling issues. My thought process is currently going "Well I could definitely use the money. And that'd put me in a better position to compete. Otherwise another competitor will do it. Or worse, an open source version will step up to the scale."
I'm not sure it's much different than selling general services to the public. A lot of irrational people are going to buy your product and perhaps that might propel them to success. Taken to its conclusion, I'd have a super limited market as most people are idiots so given a choice, I'd only want to help a very limited range of people. I just have to put my personal feelings aside if I'm to deal with anyone in the real world.
Here's the problem: you think someone else will do it anyway thus damage is certain, so you can at least be the first to profit from it. And guess what, your competitors probably think the same thing. And you'll all rush to delivering morally dubious products. Because hey, if someone will defect anyway, it's best I defect fist.
I am increasingly convinced that the very point of morality is to steer society away from stupid coordination failures like this.
Fair point. I guess if I was convinced that my actions would actually matter, then I'd care. It's like voting for a third candidate in US elections - pointless.
Anyways I'm far more interested in how to get to a point to sell to governments the first place. Hacking Team's marketing seems juvenile and lame from the naming to the way they phrase stuff. But at E200K per license, they were obviously successful.
Someone's gonna do it anyways? So the choice is whether you do something and profit off it (and possibly use the money to accomplish good things) or if you let someone else do it and make the money and perhaps do bad things. Pretty easy choice for me.
In fact, I've written software to analyze VoIP networks (troubleshooting) at scale, and now I'm wondering if I can retarget that and sell to larger entities for much more money. I hadn't really though of it before, but I guess some of these shittier countries wouldn't be able to simply do the engineering themselves even if it's really not that hard.
On a separate note, we should be free to pursue scientific and engineering knowledge without having to deal with consequences of idiots that misuse such things. At least in this branch, imagine if all physicists last century had avoided furthering physics over nuclear weapons concerns. Now it's nowhere near as cool, but the challenge of indexing multiple 40G+ connections at linerate? It'll be fun at a minimum.
You can apply this reasoning to justify for absolutely anything that you want to do. And it is false.
> On a separate note, we should be free to pursue scientific and engineering knowledge without having to deal with consequences of idiots that misuse such things.
Completely agree. But this people are the "idiots" that are taking the scientific research of others and putting it in bad hands. And what they are doing should be punishable by law.
They are very similar to military contractors and weapon manufacturers, except that their industry has so far no regulations that prevents them for selling their product to anyone that has money to spend. Government could start defining this kind of tools as weapons but that prevent them for using it on their own population, and weapon trade is a very high profit industry.
Even if these outfits only sell to "good" countries there's no guarantee those countries won't give access to shady regimes like Egypt or Saudi Arabia to round up and torture political dissidents as these are supposedly allies of the West.
I've no idea about the whole story and what Hacking Team exactly did during the years, but I started to write serious code around 1998 working for Vincenzetti, so I think I can provide some hint about this to counter-balance all the hate.
* They allowed me to work on hping, releasing it as free software during most of my working hours. They supported my research that lead to https://en.wikipedia.org/wiki/Idle_scan
* Vincenzetti taught me personally many things about POSIX, and he was a very skilled programmer. He wrote, AFAIK before SSH existed, a secure shell that was in use at least in Italy for some time. It used UDP and implemented the reliable connection on top of it in a secure way using state of art encryption. So we are talking about serious programmers.
* Bedeschi, the co-founder of the company, is an incredible hacker, from the way he typed to the keyboard to the incredible Unix knowledged he had.
I worked for a couple of months for their "SecLab", then left the company to return in Sicily since I did not wanted to live in Milan. I don't want to provide an ethical evaluation of the people and don't have enough information, but I can assure you that they were an incredible team of talented hackers.
EDIT: For sure they were very competitive people. I remember than when I left, Vincenzetti told me that it was a shame, I was a very talented programmer in his opinion, and I would finish in my little town in Sicily writing "soccer bet programs". He just wanted to push me to stay in the big city to know more hackers and so forth. I'm glad I don't write soccer bet programs BTW.
They are cut of the same cloth as people like Viktor Bout. As a direct result of their actions, innocent people will be tortured and executed. Their technical skill is irrelevant. Or rather, you could consider it an aggravating circumstance: people of this class have a myriad of ways of earning a living, they deliberately chose this course of action.
They shouldn't be protesting of their innocence on Twitter, they should be wearing prison jumpsuits while awaiting sentencing.
I did not tried to justify any action, just provided what I remember of the times I met with them. I don't have enough info to analyze what they did but for sure I'm not a fan of seeing surveillance tools to governments killing people or freedom. For my political visions I would not sell even to US since I find death penalty not acceptable.
During the time you worked with them, did you contribute to projects you knew were used by LEOs and intelligence agencies? I'm curious about whether they got into "darker" stuff as they progressed.
No, that was a different company. We did plain penetration testings and other Security Firm works like firewalling, hardening. They sold this company, and started the new gig later when I was already gone for years.
Good to know your personal experiences but doesn't change or paint him or the company in any positive light. Sure the boy next door was quiet and friendly, until he goes on a shooting rampage.
And may I suggest to avoid leaving permanent evidence of association with them, some people might misinterpret what you wrote as defending their actions or might think you helped them where they are today, especially when they are about to be hanged, could be bad for your namesake.
I think it's public information that we worked together for some time, however I was never part of the new company "Hacking Team", so any claim of involvement would be far fetched :-) Btw I'm not a fan of eavesdropping on citizens, but I can see how you could use this kind of software to fight organizations like Mafia and other known criminals. So the software they provide is a tool that can be used in a good or bad way. However if they sold to people which are not known by high standards of ethics... and where it is likely there is a freedom-killer use of the software, I think it is not wise to sell to them (not wise or... really bad, actually). Moreover to be truly honest, I'm not a fan for any use of using zero-day security bugs to break into other people systems. I still have this romantic view of security researchers as people that share their findings so that bugs can be fixed.
Poetic justice. Serves the bastards right. I'm sure hackers are flocking to the download in search of awesome tools. If they're there, then we might see independent, malware authors building some interesting things to produce headaches with. Interesting times continue.
Note that many of us in INFOSEC said years ago that these offensive, cyber companies developing weapons was a risk to us if they double-dealed or got breached. Their weapons which we (and others) funded might get turned against us. Depending on what's in the torrent, that scenario might begin playing out.
Looks like they're double dealing, too. Invoices to Egypt and other oppressive governments have already been found in the torrent dump.
Christopher Soghoian on Twitter: "Just from Torrent File listing, Hacking Team's customers includes South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia."
I posted a link to his stream with the rest on Schneier's blog. The stream is... Hacking Team's own answer to Failblog. I only wish I had 400GB of storage handy with a good network in case it gets taken down or something. Hope people are copying the shit out of it.
Note: There torrent is so big and has so much stuff that this laptop I'm using (few years old) was lagging on scrollbar with fan on full blast. Had to close it lol.
Oh noes, pissing off abusive regimes to make a few bucks more, I'd say they deserve all they get and should have been part of their business risk assessment.
Not only for those reasons, but also for creating a malware market driven by nation state money. The way we have found and fixed vulnerabilities in civilian IT systems has been turned into a market where the end result are less secure persons, companies, organizations and states.
A fabulous way to spend tax money aim to protect us imho...
That program appears to creates evidence on the target machine. I hope there will be a way to link this to the parallel construction group. Don't like the guy, plant evidence!/s
I was under the impression that they were planting files on the user's computer to incriminate them. I don't really understand where this code is getting it's payload from though.
That could plausibly be a tool for generating test data for forensics tools. The hardcoded paths don't make a lot of sense for actually trying to plant evidence.
What's so interesting? They have a default value, most likely for testing.
I find it very hard to believe anyone thinks "child_porn.avi" is a compelling filename for child pornography. I'd imagine they'd be more like "<age> <gender> <explicit act>.mp4".
It's software sold to law enforcement/intelligence agencies, and it is designed explicitly to plant false evidence. Even post-Snowden I think that qualifies as interesting.
Look at the change. They went from a unix-like file system path name to a Windows one. Considering they call to_utf16le_binary_null I'm going to guess they just wanted it to look reasonable (and perhaps not crash?) on Windows.
This seems to include all their deals/financial data, the full source code to everything (including some novel things like EFI malware and possibly some Office/Flash 0days), all their mail, badges of every employee, personal screenshots/porn habits etc etc.
What if it was a deliberate effort from Hacking Team itself to fake a breach, produce a torrent file to be downloaded and compromise whoever is downloading it?
The size would need to be large enough that whoever trying to download it will have to stay a relatively long time.
The massive PR hit they're taking means their company will most likely die. And "compromising" someone merely by letting one download stuff is at best a gamble, any decent infosec professional will examine this stuff with the same precautions as when analyzing malware.
This is exactly what I'm talking about: What I'm being downvoted for and what each comment is doing is rationalizing why this simply can't happen. Everyone is confident about what Hacking Team is or isn't doing/thinking.
How can someone be so sure what an entity is thinking or doing? Yes, it's not likely. Yes, it's risky.. but what if they were really bold?
The PR hit is a non issue if it is the case, since they can simply say what happened: "Basically, here's how to own a huge number of very sophisticated people". Make nice slides, and show them at Black Hat or something like that. It's "research".
The icing on the cake would be to present this material to the very security researchers who've been ownd. This would be a huge PR stunt since it's basically security researchers who will download the file.. And if security researchers are as confident as most people that this simply can't be a con, then all the better :)
It is still not likely, but it would be beautiful.
PS: Something like that happened at NASA many, many, years ago. There was a security breach and instead of shutting it down, the security team uploaded a ton of bogus classified files, plans, and reports to keep the guy coming and unsuspecting. Until they got him.
> Yes, it's risky.. but what if they were really bold?
Isn't the question really how careless the people downloading the file are?
Is it possible to infect hardware through a virtual machine? Let's just assume it is; what's to stop someone from using a throwaway, one-way laptop? Get fresh laptop, install the tools you need, copy the files over via USB or network, disconnect the laptop and never connect it to anything ever again. What am I missing?
To transfer a lot of data (e.g. analysis results) back from the potentially infected machine, play back the data encoded as audio, record that with another computer and convert it back to binary/plain text/whatever. (There might be better ways but hey)
Sure, most people probably won't bother with any such stuff, and just stick to "only" viewing text files and images etc., but then all HT would have shown is what has been proven with email spam already: that if you can get people to treat unknown files carelessly, not to mention run executables, you can infect them.
It's very easy to spin up rTorrent on some machine not attached to you so this doesn't seem like a very good plan, especially considering the PR damage. Maybe if they managed to embed malware in some commonly trusted file format but that again doesn't seem likely since there are too many viewers, and security researchers will generally be careful.
> ...Hacking Team's customers include South Korea, Kazakhstan, Saudi Arabia, Oman, Lebanon, and Mongolia. Yet, the company maintains that it does not do business with oppressive governments.
I was curious if those were all oppressive governments, especially since South Korea was included. According to a couple indices on Wikipedia [1] South Korea is pretty free (only the press freedom index is lower than America's), and Mongolia's not so bad (political freedom, but weakness in press and economic freedom). Pretty hard to lump South Korea in with Saudi Arabia or Kazakhstan.
Update 5:
Hacking Team currently has, based on internal documents leaked by the
attackers on Sunday evening, customers in the following locations:
Egypt, Ethiopia, Morocco, Nigeria, Sudan
Chile, Colombia, Ecuador, Honduras, Mexico, Panama, United States
Azerbaijan, Kazakhstan, Malaysia, Mongolia, Singapore, South Korea, Thailand
Uzbekistan, Vietnam, Australia, Cyprus, Czech Republic, Germany, Hungary
Italy, Luxemburg, Poland, Russia, Spain, Switzerland, Bahrain, Oman
Saudi Arabia, UAE
South Korea is fairly recently free-ish. Up until 1987 South Korea had a heavily US-influenced authoritarian government with a token legal opposition. The US still has a very strong influence in South Korea. There are also recent incidents that betray a lack of confidence in democracy: http://www.wsj.com/articles/south-korea-court-dissolves-left...
It's a perfectly nice place to visit. People there apparently feel free to talk about everything: The war, the Park era, etc. Unions can be quite militant. But they are not as free as Americans.
Oh, give over! As if the US of A were the ultimate land of freedom. With the NSA, Guantanamo, race-based police violence...
[Disclaimer: I have nothing against the USA (well, almost nothing). But I can't stand people talking about it as if it was the only true democracy/free country/heaven on earth.]
But they have guns. For some reason there is the belief that if you have guns then you are more free than someone without guns. Perhaps because the original intention was that if you have an armed population then they cannot be ruled over by means of force or they would at least be able to rise up against their opressors in a meaningful fashion.
Guns in America are a bit of an opiate for the masses, people have guns and feel free therefore they dont need to rise up against their government no matter what other constitutional freedoms they shit on as long as they dont attempt to take their guns they will pretty much let them get away with anything.
That's an interesting way of looking at it, though I disagree. Consider the society depicted in Brave New World (or, more recently, District 1 in the Hunger Games).
It may be fiction, but I think it showcases a true-to-life phenomenon where people feel free only because of hyper-stimulation. Because they have so much, they don't think about everything they lack.
One could say the same about any so-called free people. Do you feel free? Even though you don't have eternal life? Even though you can't afford to fly to work every day in a jetpack? Even though you can't have sex with a woman other than your wife? If you have the things that matter to you, and can make the choices that are meaningful to you, then you are free.
I have to disagree. There are some very definite indicators of whether someone is free or not. You can be conditioned to accept your situation but that doesnt make you free.
Everyone has their own indicators. If you are conditioned to accept your situation in a way that makes you feel free, then you are free. Birds and dolphins probably have their own definite indicators of whether someone is free or not that the "freest" human by your criteria would fail spectacularly.
This is something I wish was addressed more in conversation when it devolves into a pissing match of freedom.
Here's the deal. Yes, the US has been getting into some shady areas, even more-so since 9/11. All the things you reference are big issues that haven't been addressed properly yet. I'll grant you all that and more, because it's true.
Here's the problem though. This is where I generally hear about how the Nordic/Scandinavian countries have a much higher level of "freedom", (que statistics dump here), and how the US isn't really free.
The problem I have with this outlook is that it forgets the history and origins of the US, and it's purpose and function as a place of freedom where there was little in other places; namely freedom under the laws of the land, which in the US is the Constitution.
Yes, the Constitution is in tatters at the moment. We have had presidents abusing it and stretching it, congress who disregards it, and a public that is largely apathetic about it. The bottom line though, is that while, functionally, we are indeed less "free" than many other nations, we at least have a legal framework to base a new kind of freedom upon, where as many of those other countries lack key freedoms.
I think the best example of this is freedom of speech. The US still has the best levels of freedom of speech according to law (an important distinction to be made between the law, eg the Constitution, and practice, eg stifling of dissent via programs like COINTELPRO.)
Here some some experts from a Christopher Hitchens speech on the related matters.
“…It’s not the right of the person who speaks to be heard, it is the right of everyone in the audience to listen and to hear; and every time you silence somebody, you make yourself a prisoner of your action because you deny yourself the right to hear something.
…It’s a tiny thought experiment: if you hear the Pope saying he believes in God, you think, well, the Pope is doing his job again today. If you hear the Pope saying he’s really begun to doubt the existence of God, you begin to think he might be on to something.
…And one person gets up and says, “you know what, this holocaust, I’m not even sure it happened. In fact, I’m pretty certain it didn’t. Indeed, I begin to wonder if the only thing is that the Jews brought a little bit of violence on themselves.”—That person doesn’t just have a right to speak, that person’s right to speak must be given extra protection. Because what he has to say must have taken him some effort to come up with. Might be, might contain, a grain of historical truth; might, in any case, give people to think why do they know what they think they already know. How do I know I know this except I’ve always been taught this and never heard any thing else? It’s always worth establishing first principle….don’t take refuge in the false security of consensus and the feeling that, whatever you think, you’re bound to be okay because you’re in the safely, moral majority. One of the proudest moment in my life, that’s to say, in the recent past is defending the British historian David Irving, who is now in prison in Austria, for nothing more than the potential of uttering an unwelcomed thought on Austrian soil. He didn’t actually say anything in Austria. He wasn’t even accused of saying anything; he was accused of perhaps planning to say something that violated an Austrian law that says only one version of the history of the Second World War may be taught in our brave little Terellian republic. The republic that gave us Kurt Waldheim, Secretary General of the United Nations, a man wanted in several countries for war crimes. You know, the country that has Jorg Haider, the leader of its own Fascist party, in the cabinet that sent David Irving to jail.”
So you are absolutely right. The US is not the only place that values freedom, and in many cases the US is far from the best, but its Constitution, the associated Bill of Rights, and the Declaration of Independence still stand as beacons for every nation and person to aspire to.
America has simply been failing at it's own ideals. I won't devolve yet into who I think is behind it all, as that's a conversation best left for another time.
I have the highest respect for the history of the United States and where they came from. Perhaps the founding fathers were not the first to think thoughts of freedom, but they were among the forerunners in implementing a system that was actually based on the idea of freedom.
But I also very much agree that there is an increasing difference between freedom in theory and in practice in the States - something that I hope its citizens will manage to sort out sooner rather than later.
As Jefferson said: "The natural progress of things is for liberty to yield and government to gain ground."
Allegedly a South Korean assemblyman created a sleeper cell that would become 'activated' when North Korea attacks South Korea based on a testimony by an unknown member of the sleeper cell who have never appeared in public or known to even exist. They dissolved the opposition group based on a report by the NIS (intelligence agency of Korea with a long tradition of torturing and suppressing dissidents). The same agency also tied cement around former president Kim Dae Jung (who happens to be from the west province of Korea, who have long been oppressed and persecuted for centuries) after kidnapping him from a Japanese hotel during 70s, but just as they were about to throw him over the boat, guess who, American soldiers stopped them.
You pick up a Korean newspaper, you are almost certainly reading a mouthpiece of the government.
There are even more frightening stories during this time. Playing national anthem 4 oclock every fucking day, forcing people to stop what they are doing, and sing, many of which were propaganda songs composed by the president with the help of his daughter, the current president of Korea.
The most scary one is where people just 'disappear' only to reappear in mental hospitals because they got a bit drunk and talked shit about the government during the 70s or 80s.
Plenty of young men conscripted into Korean military would die because what the concept of human rights has long been an alien ideology, basically a curfew and martial law during this period where you couldn't do jack shit after 10pm or you'd get arrested or get a good beating.
Let's not also get started with women's rights, but perhaps the most frustrating is the social fabric of Korea is hierachial and oppressive. Kindergarteners going to overly priced private tutors after school ends and coming home at midnight because they are told the same lie that studying will get you places, teachers beating kids with corporal punishment for low scores on exams, and the constant war drumming of the 'suffering' or 'han' of Korean history and teaching to hate neighboring countries, especially Japan.
It's no wonder that millenial Koreans are desperate to leave the country, even if it means being a plumber in Germany with an advanced degrees.
By no means has South Korea ever been a democracy, the same traditions continue but hidden beneath disinformation and surveillance of opponents.
This sounds quite different from all the things I have heard about South Korea and the general impression I have of the society and the people. Do you have some sources to back these claims up?
However, the cynic in me suggests that those who sell weapons to nation-states tend to receive protection from nation-states.
Which percentage of their customers will not be pissed off enough to watch them burn over sticking their neck out to help, though? Probably only the most corrupt, if an appropriate amount of funds are dispersed to support rapid processing.
"We do not sell products to governments or to countries blacklisted by the U.S., E.U., U.N., NATO or ASEAN.
We review potential customers before a sale to determine whether or not there is objective evidence or credible concerns that Hacking Team technology provided to the customer will be used to facilitate human rights violations."
"regulations are annoying, it cuts into our profit margin when we have to find a reseller and give them a percentage"[0]
Well this could certainly shed light on the role that contractors operate in ways we have yet to see from the snowden "leaks" (of which most still remains unleaked[1])…
RE: "Media practice of consulting with governments on what to publish or withhold of material disclosed by risk takers, is anti-democratic, unconsitutional, venal, protective of privilege and betrayal of public trust."[2]
Normally I'm a bit more reserved when a company I dislike gets hacked, but take a look at Hacking Team's history and you'll probably want to celebrate too.
This is actually really bad, happy as I am to see this company get ruined.
People with an agenda are going to latch on to this to further push bad legislation like Wassenar, and criminalize security research, or worse, make it "terrorism", because Soghoian runs his mouth and policy makers don't understand how things really work.
Just looking at the torrent I found Coca Cola, Google, Carrefour, and Movistar. I would love to see an index of this information to quickly search the content.
I had a look at the contents of the files I grepped with Google in the name and it appears most of them are invoices and contracts for things like Maps, Earth and Adwords.
My guess is they use Google Maps for finding addresses from GPS or vice versa. Or something like that.
I'm on windows trying to download this. qBittorent gives an error message on import, utorrent does nothing (0% metadata loaded) and transmission loads metadata to 100 % and then starts over. In the logfile it says: "[ERROR] Hacked Team: Invalid metadata entry "path"". Transmission version is 2.84 (14386). Is there anyone loading this torrent on windows?
The magnet link didn't work for me.
But then I tried using http://infotomb.com/eyyxo.torrent instead, which worked immediately with Transmission 2.90 (OSX) and Tixati (Windows).
btw:
The MD5 of eyyxo.torrent is 26183ae8f24e798a15d77dd3476f5ed9
David Vincenzetti's page on LinkedIn (https://www.linkedin.com/in/vincenzetti) features a recommendation from Tommaso Vincenzetti (brother? Cousin?) and a list of many skills, including "Information Security", "Security Audits", "Vulnerability Management", "Ethical Hacking" and less funny ones.
Marco Valleri, another Hacking Team employee, lists himself on LinkedIn as a "Jedi". Nice corporate culture.
I'm actually surprised this doesn't happen more often.
I think it's hacking organizations like Anonymous that steer away people from "justice" hacking into populism hacking.
We need more of these shady & dirty secrets to come to light.
I don't know how it is over there, but legally mandated record keeping requirements are a pretty good excuse for not using public key encryption on corporate mail servers. There are products that act as middlemen that transparently convert between keys that are public and self generated... but that kind of defeats the purpose of public key encryption.
Not at all. Just securely store a copy of all work keys on a non-networked, "cold storage" server and back it up for redundancy. Record keeping is preserved while you gain the full benefits of PGP.
You're right about the cold storage aspect, I was thinking about some of the transparent encryption gateway products that are out there. Email sent to folks without PGP would still be unencrypted when it goes through the corporate MTA, but a copy encrypted with the sender's public key would be stored long term.
Lorenzo Franceschi-Bicchierai at Motherboard reports evidence that PhineasFisher hacked Hacking Team.[0] It's also possible that someone else hacked both Hacking Team and PhineasFisher, of course.
I doubt it was PhineasFisher that was hacked; there's almost no attack vector. S/he hadn't used the twitter account in almost a year , there's extremely little info about them for any attacker to go on, and there's little obvious motive for a hacker to impersonate them as opposed to starting their own pseudonym or anything.
The only method of attack would be to know what email is used for the twitter and hack it, or guess the password, neither of which should be easy against someone using minimal security precautions. (Or, I guess, it could be a false-flag by the US, who could force twitter to do stuff; but that seems way too much risk of PhineasFisher coming out elsewhere and exposing that. Did PF ever put a pgp key somewhere?
Another question came to my mind, slightly related, what is another interesting Italian company to check?
I think "movimento 5 stelle", it's a """party""" which makes up whatever, it would be fun to show the fake votes and all.
i wonder who is behind this massive hack, is it a positive or even worst group?
i wouldn't want to be in the private pictures leaked once the world knows you are responsable for torture and murder of potential innocent people, very nasty karma
The childporn evidence being planted and esp. the violation of the Sudan export restrictions will make a very good case for the procuratore di milano, which famously is very independent.
So they will face jailtime, yeah.
It's been quite a while, surprised Twitter hasn't caught on to this and stepped in or something? I guess it's not necessarily their responsibility though.
South Korea? Well I'm not surprised. Beneath the veil of democracy is a nanny state, forcing kids to install surveillance tool on their mobile phones, forcing bank and military to use IE and wonderfully secure ActiveX (required to do just about anything private and sensitive in Korea), requiring social insurance number to sign up for any website, use your real name so they can take you away if you write a blog post in Korean about smoking marijuana in Amsterdam, insanely bizarre Korean defamation law, polarized view of 'right' and 'left', with left being persecuted and painted in the same light as North Koreans, oppression of laborers, workers working for family owned conglomerates, indecency law (make Korean porno in Canada and get arrested once in Korea), hiding Gwangju massacre (officially a north korea inspired rebellion), silence and censorship of poor treatment of foreign workers (especially poorer Asian countries), east & west regionalism that creates discriminating policies based on lineage, the shit list far too long to go on.
It's no North Korea or Saudi Arabia, but there is active surveillance which seems to be readily tolerated along with nepotism and corruption, because Confucius says you should do what someone with an earlier birth date or higher social status. To go against this machine is to give up the government's version of Korean identity, a constant victim of passed aggressions of neighboring countries which happened because Korea has never been blessed with a great government or kings that always put the country in such predicaments.
Confucius says you should do what someone with an earlier birth date or higher social status
That's categorically false.
In one example in an old confucian book I read - if you are the ruler of the country, and your parents committed a murder, you should first send an arrest order against your parents - even if they protest otherwise, and then abdicate and help your parents escape the law.
This example directly contradicts your generalised assertion[1].
In confucianism - you must try to fulfil your roles at all times. Yes you must respect your elders, but in no way you should obey their commands without considering your own position - and even if you wish to, do not obey them blindly to the point of betraying the responsibilities of your other roles. Don't murder your brother just because your parents told you to do so.
The "in confucianism you must obey your elders at all times" is a convenient myth perpetrated by various governments and parents throughout history.
[1] According to confucianism, the parent always has higher social status than the child, and, the parent could also be a visiting ruler of a much larger country.
Your argument may be true but it's semantics. The poster's point was that Confucianism has a hierarchical/obedience type of effect on society, promoting a mindset that fosters an acceptance of totalitarian rule. That's hard to argue against.
The major Confucian-derived modern states are China, Japan, North Korea, South Korea, arguably Singapore, Taiwan and Vietnam.
Personally, my visit to the headquarters of one of the major Korean major mobile device manufacturer felt like a hideous preview of a dystopian future where the workers are forced in to utter obedience: entering through airport levels of security on a daily basis, living in numbered cells provided by the company, taking company-provided transport from their assigned residence to work. Even smoking was only permitted between certain regulated minutes, at certain areas. Everyone wore a personalized tracking device used in order to move about the campus. It was hard to describe as anything but oppressive, yet the conditions for those workers are reportedly sought after!
(Edit in reply to below: Yes, I'm definitely in the Taoist camp.)
Ah, what you see is one reason why the old Taoists railed against Confucianism so much in their philosophy - Confucianism tells people what they should or should not do, and in doing so, defeats itself in the kind of society it wants to promote.
Confucianism claims the values of humanity are filial piety, kindness, benevolence, justice, loyalty. The following passage from Tao Te Ching challenges Confucianism directly.
The great Tao fades away
There is benevolence and justice
Intelligence comes forth
There is great deception
The six relations are not harmonious
There is filial piety and kind affection
The country is in confused chaos
There are loyal ministers
Chapter 18, Tao Te Ching
The Taoists say, by the time you're writing a rulebook about how to have humanity, all the values you're "treasuring" have already been lost. They complain as you do the lack of spontaneity in a society following confucian order.
The Sinic civilisation has been following a cycle swinging the pendulum between Taoism "spontaneity" and Confucian "filial piety and benevolence" for the past two thousand years, so I wouldn't worry about it.
The Tao is constant in non-action
Yet there is nothing it does not do
Chpater 37, Tao Te Ching
Not sure at all what you mean by 'Sino countries'.
AFAIK in Japan the predominant pre-Buddhist shinto beliefs paralleled Taoism in their nature-focus.
Korea and Vietnam had Taoism, at least in Vietnam it is still sort of alive, though Buddhism far dominates. In Korea Buddhism and Christianity dominate. Taiwan has numerous Taoist shrines, though Buddhism dominates it is not to the same extent. Mainland China has effectively killed off Taoism almost entirely.
IMHO, what Confucius meant was that parental authority should be respected on condition that elders behaved like role models. In his ideal, the kings, officials and subordinates should all follow their ethics, like atoms in regular expression, which of course was overambitious like other thoughts of idealism in the history and met its contemporary Waterloo.
"Our network security staff hard at work while 5 MB/s is transferred out of our internal network through his computer." along with presumably is a screenshot of said staff watching youtube and reading facebook.
> It has come to Privacy International’s attention that Hacking Team appears to have received €1.5 million from two venture capital funds originating from the Region of Lombardy in 2007. One of the funds, Finlombarda Gestioni SGR S.p.A (FGSGR) has only a single shareholder - Finlombarda S.p.A, a public financial services agency whose only shareholder is the Region of Lombardy. Finlombarda S.p.A. designs, builds and manages financial services on behalf of the Region of Lombardy, placing the profits of Hacking Team hand-in-hand with the public finances of Lombardy. FGSGR also lists the Head of Venture Capital as being a Board Member of Hacking Team itself.
"The licences, which cost €200,000 (£171,228) per annum, are never sold to states that are under EU or UN arms embargoes or to private companies or individuals."
Quote from the Telegraph article seems to provide the definition of 'ethical government' that the company was using.
Normally I'm not one for ad hominems but he comes off as a huge poser dbag. The only things missing were the duck grimace and Donald Trump pluging his 2016 campaign.
How can you do this, and still get up in the morning while looking at yourself in the mirror? I can understand petty crime if the alternative is watching your family starve, but these are all skilled software developers, it's not like they will have a hard time finding a job.
The people who are involved in this should be forced to watch videos of what those friendly governments do to the civil rights activists they catch.