The Italian surveillance company that lost 400GB of data to hackers, Hacking Team, has warned customers terrorist groups may be using its products to target them.
Hacking Team made the claim in a public statement, warning customers sufficient amounts of its products’ source code was leaked during the breach for hackers to effectively use them.
“Hacking Team’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice. Before the attack, Hacking Team could control who had access to the technology which was sold exclusively to governments and government agencies,” read the statement.
“Now, because of the work of criminals, that ability to control who uses the technology has been lost. Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so.”
Hacking Team offered no evidence terrorist groups are actually using its services.
Hacking Team were breached over the weekend when a group of hackers successfully stole and posted online 400GB of stolen data.
The data included the source code of its surveillance products, customer details, internal emails and employees’ personal details.
Controversially, the leaks also suggested Hacking Team has dealings with some of the countries hosting the terrorist groups it references in its statement.
Specifically, the leaks have also lead to concerns Hacking Team is selling its surveillance products to countries international organisations, including the United Nations, NATO, European Parliament, and the US have blacklisted.
The leaks also included some of the vulnerabilities Hacking Team’s products were using to infect victim systems and spy on people.
These have included exploits for jailbroken iPhones, Android tablets and smartphones and a previously undiscovered Adobe Flash vulnerability.
The Flash flaw caused ripples in the security community as common cyber criminals began using it to spread a nasty form of malware, known as CryptoWall.
CryptoWall is a blackmail focused malware that locks people out of their machines and demands payment to return access. Adobe has released a patch update fixing the flaw.
F-Secure security Advisor Sean Sullivan told Business Insider, while Team Hacking’s statement is over the top, the Flash attacks prove businesses should begin protecting themselves from the leaked exploits.
“There is no lack of hyperbole in their statement, but this part is very true: Terrorists, extortionists and others can deploy this technology at will if they have the technical ability to do so,” he said.
“We’ve already seen a leaked Flash exploit integrated into malware exploit kits. (Others.) The crimeware ecosystem will undoubtedly take advantage of the available source code and it is quite likely that some IS extremists will as well.”
Prior to Team Hacking’s warning FBI director James Comey listed terrorist groups, such as the Islamic State’s (IS), use of online services as proof of need for fresh legislation controlling companies’ use of end-to-end encryption in a public statement earlier this week.