How Did Hacking Team Target Its Victims – Thanks to the “most beautiful Flash bug”

Rafia Shaikh
Posted Jul 8, 2015
26Shares
Share Tweet Submit

Spyware company “Hacking Team” has taken up all of our news feeds this week. A major leak of some 400 GB of internal files has revealed how the group based in Italy has supported many, including governments, in surveillance and spying of targets. Saudi Arabia, Oman, Russia, United States, Egypt are only some of the high profile clients of this spyware company. This week’s breach of the hacking group made the company taste its own medicine – well, sort of. It also is helping cyber analysts understand how the group was carrying out its activities with such a strong success rate.

Leaked internal files have revealed much of information containing source code, file, and of course the embarrassing emails. What should be more relevant to us as the end users is the software flaws that have been helping the hacking team in their missions. Latest reports basing on the confidential source code stolen from the Hack Team reveal some “extremely serious” software vulnerabilities exploited by the group.

Security exploits include two unpatched vulnerabilities in Adobe’s Flash software (hah!) and Windows operating system. These security loopholes were used by the group to inject malicious code into computers installing surveillance tools to monitor the target’s communications.

Adobe Flash vulnerability used by Hacking Team:

Hacking Team has described the Flash bug as “the most beautiful Flash bug for the last four years,” strongly suggesting that the company was using the exploit for quite a many targets. This Flash bug allowed the group to execute code on the target’s machine through a website affecting Windows, OS X, and Linux. Almost all the major browsers including Chrome, Safari, Internet Explorer, and Firefox are affected by the bug. Hacking Team used the exploit to install its own code to remotely monitor victim’s machines.

Windows Bugs Exploited by Russia-Linked Cyberspies with Patch Still a Week Away

Adobe is reportedly working on the patch which is expected to come some time later today.

The zero-day vulnerability in Windows is also related to Adobe. It affects Adobe font driver (atmfd.dll) in the operating system and all the 32-bit and 64-bit Windows machines running on Windows XP through to Windows 8.1 are affected. This second security flaw lets the attackers elevate their “privileges to administrator level, allowing more damage or surveillance to be carried out.”

It can be chained with the aforementioned Flash zero-day to first execute code as a user and then gain more powers to fully hijack the system.

Microsoft has claimed that the “overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine.” Company is also encouraging users to apply the Adobe update.

While there are many other tools, vulnerabilities, and exploits Hacking Team must have used to target its victims worldwide, today’s details show how the everyday software used by millions could be turned against the users. Windows is the predominant operating system used by customers globally and with Flash vulnerability, Hacking Team was able to infect Mac OS X and Linux too. Cyber security analysts have always recommended users to keep their machines and software updated. But what would a customer do when the major companies are themselves unaware about these critical vulnerabilities for years?

Share Tweet Submit