Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.
There are also reports of exploits for a vulnerability in Windows and one in SELinux, a Linux kernel security module that enforces access control policies. The flaws were supposedly used by the company's customers to silently deploy its software on computers belonging to surveillance targets.
Hacking Team was incorporated as HT in Milan and develops a computer surveillance program called Remote Control System (RCS), or Galileo. The system is sold to law enforcement and other government agencies from around the world, along with access to computer intrusion tools that are needed to deploy it.
News broke out that Hacking Team had its network compromised on Sunday, when the hacker released 400GB worth of data stolen from the company's servers, including email communications, source code, client lists, invoices, various server backups and more.
The company has been accused by privacy and human rights groups in the past of selling its software to governments with a poor track record for respecting human rights which then used it to spy on journalists and political activists. The newly leaked data suggests that the company's customers includes government agencies from countries like Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Oman, Saudi Arabia and Sudan.
Most antivirus products detect Hacking Team's RCS as malware, but the company actively modifies the program to evade such detection.
The security community had a field day on Monday sifting through the 400GB data dump. They found things like weak passwords stored in text files; key generators and serial numbers for pirated commercial software; the source code for versions of RCS for Windows, Linux, Android, iOS, OS X and other platforms or internal documents explaining the company's services and prices.
More importantly, some security researchers claim to have found exploits for previously unknown and unpatched vulnerabilities -- these are known as zero-day exploits. They suspected that such exploits existed among the files because they're perfect for infecting users' computers with RCS and because the company's documentation suggested so.
For example, one document contains details about a service that Hacking Team calls the RCS Exploit Portal.
"HackingTeam combined its expertise in offensive security and software design to build a service that make simple to prepare and use exploits as installation vectors for RCS agents," the document reads.
According to the document, the service contains social engineering exploits, public exploits, private exploits and zero-day exploits and the company notes that the Exploit Portal always contains at least three zero-day level exploits.
Sign up for Computerworld eNewsletters.