Leak Shows That Hacking Team Targeted Cryptocurrency

By hacking targets' systems, grabbing their wallet files and waiting for victims to enter passwords, Hacking Team eliminated the anonymity cryptocurrency users seek.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Hacking Team hack

Hacking Team, the creator of a digital remote-access and surveillance platform, had specifically targeted Bitcoin and other cryptocurrencies to allow government officials and law-enforcement agencies (LEAs) to follow the money, according to email messages stolen from the company in a breach earlier this month.

The messages, posted publicly by Wikileaks, indicated that the company's platform for compromising and monitoring targets' computers, known as the Remote Control System, gained new functionality in 2014 to track the use of Bitcoin, LiteCoin, Feathercoin and Namecoin. The software update allowed the copying of the target's wallet, transaction history and contact information.

Hacking Team focused on Bitcoin and three other cryptocurrencies as tools criminals used to launder money, despite efforts to foster legitimate markets for the digital money.

"Cryptocurrencies are a way to make untraceable transactions, and we all know that criminals love to easily launder, move and invest black money," Daniele Milan, operations manager for Hacking Team, stated in one email hosted by Wikileaks. "LEAs, by using our Intelligence module combined with this new capability, can correlate the usage of cryptocurrencies, defeating the financial opacity they provide."

In early July, hackers took control of the Milan, Italy-based Hacking Team's Twitter feed, announcing that they had breached the company's network and stolen 400 gigabytes of sensitive business communications and email messages. The company decried the attack, calling it a criminal act.

"Make no mistake about it, what happened earlier this summer in the attack on our company was a reckless and vicious crime," David Vincenzetti, CEO of Hacking Team, said in a statement on July 14. "We have reported it to Italian authorities who are investigating, and we expect the authorities of other nations to be involved as well."

The company developed a module, dubbed "Money," for its platform that could search for cryptocurrency data on a compromised system, according to emails. The inclusion of cryptocurrency tracking functionality in the software is unsurprising, given law enforcement's interest in Bitcoin, Andrew Conway, a research analyst with messaging security firm Cloudmark, told eWEEK.

"Drug purchases, illegal goods purchases, unlicensed gambling, and one we see all the time, ransomware, is facilitated by Bitcoin," he said. "Obviously, if you are in law enforcement, you are interested in these transactions, because Bitcoin is an annoyance and will end up being more than an annoyance."

The most interesting fallout from the Hacking Team breach is the sudden disclosure of a handful of highly critical vulnerabilities: three in Adobe Flash, one in Internet Explorer and another in Oracle's Java. The company that brokered the sale of one of the Adobe Flash vulnerabilities to Hacking Team shut down its program for buying and selling vulnerabilities following the revelation that Hacking Team had done business with Sudan and Egypt.

"The Hacking Team breach proved that we could not sufficiently vet the ethics and intentions of new buyers," Adriel Desautels, CEO of Netragard, said in a blog post. "Hacking Team unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations."

Desautels argued that the market for zero-day vulnerabilities needs to be held to a legal standard in which each company that buys or sells the information is accountable for the use of the technology.

"It's important that the regulations do not target zero-days specifically but instead target those who acquire and use them," he said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...