Last week Hacking Team made a big deal about terrorists having access to its advanced technology. This week everything is different. Hacking Team wants the world to know that the technology that was obtained from its internal network is old and crappy and no big deal:
On Monday, Hacking Team released a statement saying that while some of its surveillance-related source code was released to the public, the firm still retains an edge. “Important elements of our source code were not compromised in this attack and remain undisclosed and protected,” the release said. “We have already isolated our internal systems so that additional data cannot be exfiltrated outside Hacking Team. A totally new internal infrastructure is being build [sic] at this moment to keep our data safe.”
Hacking Team must work very fast if it was able to discover all new exploits between last week and today that allows it to regain its edge as a top purveyor of surveillance software to countries that regularly commit atrocities. At best the company is literally making up bullshit, which wouldn’t be the first time considering how often it denied doing business with many of the countries it was doing business with, or at worst has been able to buy a slew of new zero-day exploits. Either way I doubt the damage against Hacking Team’s brand can be undone. Being a malware seller that was breached is one thing but being a malware seller that has demonstrably shitty internal security practices isn’t likely to put its customers’ minds at ease.
My highest hope is that Hacking Team goes bankrupt and its top brass are raked through the coals.