Hacking Team leaks: We’re not out of the woods yet: Page 2 of 2
By Gabey Goh August 4, 2015
Given the high profile nature of the Hacking Team breach and the on-going fallout from the information revealed in the online document dump, DNA asked some security professionals – many of whom had been attending the recent RSA Conference Asia Pacific & Japan (RSAC APJ) 2015 in Singapore – for their take on the longer-term implications for their industry.
Charles Lim, senior industry analyst of the Networking, Information & Cyber Security practice at Frost & Sullivan’s Enterprise ICT unit in Asia Pacific, said that all organisations, including cybersecurity companies themselves, should do a thorough assessment of their security setup.
He said that most solutions in the market currently perform infiltration protection, but from examples such as this, it is also critical to detect and block data exfiltration instances in case a breach occurs.
“We will see more focus in this area, where the paradigm will shift towards preventing consequences – which in this incident, have severe implications for its [Hacking Team’s] clients made up of high-profile regulatory boards across the world.
“Organisations may also look more into assessing the security integrity of their vendors as a best practice before conducting business,” Lim said.
RSA chief technology officer (CTO) Dr Zulfikar Ramzan (pic) said that the incident demonstrates how even people with good security can be compromised.
“The folks at Hacking Team understand cybersecurity issues and they were still compromised. It can happen to anyone.
“Part of it has to be that shift away from focusing on detection and being more intelligent about response – I think you can mitigate a lot of the risk that way,” he said.
Jack Chan, security strategist with Fortinet’s FortiGuard Labs, said he believes that in a way, the Hacking Team breach was a good thing for the industry.
“It raises more awareness of what could potentially happen. For example, the dark web is home to a lot of hackers selling malware, and some of them can even guarantee that their malware products can’t be detected.
“It’s become a trade – cybercrime-as-a-service for anyone with the money and motivation to procure,” he added.
RSA’s Ramzan believes the biggest takeaway its customers should take from this incident is that it’s not just about defence ability but mind-set.
“Ultimately, you can’t use yesterday’s mind-set for today’s threat landscape – do that, and you'll have problems tomorrow,” he said.
FireEye CTO Grady Summers said that he wouldn’t defend nor condone the actions of Hacking Team, which has come under criticism for having sold its wares to oppressive regimes around the world.
According to the leaked Hacking Team documents, these regimes include Azerbaijan, Egypt, Ethiopia, Kazakhstan, Nigeria, Oman, Panama, Russia, Saudi Arabia, Sudan, Thailand, Tunisia, Turkey, and Uzbekistan.
“Most of all I feel bad, because you just hate to see anybody in any industry have all their internals exposed, so I am taking a more sympathetic view of the breach,” said Summers.
“It may be fascinating to read but it’s still a crime at the end of the day, and I’d hate to see anybody be a victim of a crime,” he added.
Summers (pic) said he believes the people who sell zero-day exploits are now going to be more cautious about it, and that the incident was a reminder to the industry about the need to ‘eat their own dog food’ and practise safe security.
“As this stuff comes more to light about the zero-day market, you start wondering about regulation. There are already some who are calling for it to be regulated the same way the sales of firearms are, which I think is ridiculous.
“Unlike arms manufacturing, zero-days can be dropped from anywhere in the world and are difficult to regulate the same way,” he added.
Blue Coat Systems is no stranger to the type of the controversies which have plagued Hacking Team.
On March 12, 2013, Reporters Without Borders named the company as one of five ‘Corporate Enemies of the Internet’ and “digital era mercenaries” for selling products that have been or are being used by governments to violate human rights and suppress freedom of information.
Asked for his take on the Hacking Team incident, Blue Coat CTO Dr Hugh Thompson said that such incidents have fallen into a predictable pattern, with the Hacking Team breach the latest to emerge.
“It’s amazing how many times in this industry an event has happened that we have said – at the time of the event – that ‘all of time will be demarcated from this point, everything will be post-this and pre-that, that’s how important this event was.’
“We’ve had event, after event, after event …,” he said.
Thompson (pic) pointed out that previously, one just had to worry about cybercriminals, who were predictable – they would go after higher-value targets versus companies with no value, and “they’re just bored on the weekends.”
Such cybercriminals are profit-driven and logical – and that’s why financial institutions have naturally been the biggest investors in security.
“I’d say that there’s a couple of things that have changed in the last few years, and this attack is an example of it,” said Thompson.
“The first is the introduction of a very different set of threat actors. Since the introduction and rapid growth of hacktivism and nation-state attacks, it’s completely thrown the world on its head in terms of targeting – it’s very difficult to predict who’ll be targeted now.
“The heads of security of water purification plants never had to worry about cybercriminals – they were okay with their firewalls in place … but then suddenly, you have a group of people very interested in what you’re doing,” he added.
Thompson said that there has also been “a couple of weird breaches” that buck the trend, pointing to a rising number of healthcare companies that have been targeted in the past six months.
“Now, that’s a harder type of data to monetise versus credit card information, which has a healthy market.
“But healthcare data … possesses two unique properties: The first is that the data is going to be as important five years from now as it is today, unlike credit card accounts that can get deactivated.
“The other thing is that this data lends itself well to an extortion model, which would be the most logical way to monetise it, via the use of sophisticated ransomware.
“Now that’s the really interesting yet disturbing trend, because you can sit on that data while you build up the infrastructure you need to monetise it, and that data will still be valid three years from now,” he added.
Related Stories:
Singapore is using spyware, and its citizens can’t complain
Malaysian Govt spyware use unconstitutional, call for action
What Malaysia bought from spyware maker Hacking Team
Exposed: Cybercrime-as-a-Service
Cybercriminals targeting healthcare organisations: Fortinet
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.