INDIANAPOLIS – July 17, 2015 – Rook Security, a provider of global IT security solutions protecting sensitive data against dynamic, emerging threats, today announced that it has been collaborating with the FBI Indianapolis Cyber Task Force in response to the recent Hacking Team breach and subsequent global fallout, confusion, and concern. Rook Security has been briefing FBI Indianapolis throughout the week regarding key findings that its researchers have identified, within the breached and publicly-leaked Hacking Team company files, which have been categorized as malicious and weaponizable. In addition, Rook Security also released a free automated detection tool, dubbed ‘Milano’, which helps organizations ascertain whether or not they are affected by the breached files. This beta release of the Milano Hacking Team Malware Detection Utility, along with a list of the indicators of compromise (IOCs) for the Hacking Team breach can be downloaded here: https://www.rooksecurity.com/resources/downloads/.
On July 5, the Italy-based company Hacking Team, which specializes in surveillance technology, was reportedly breached and significant data was obtained and publicly leaked. The attackers published a torrent file with 400GB of internal documents, source code, and email communications including detailed customer information.
“This breach has been very unique in nature and challenging for security technology vendors to obtain code samples to create signatures and patches, thereby leaving scores of systems potentially vulnerable to nefarious actors seeking to weaponize Hacking Team’s once proprietary tools,” said J.J. Thompson, CEO of Rook Security. “After our Intelligence Team quickly deduced how the leaked code could be weaponized and used for harm, we immediately put a team in place to identify, analyze, and detect malicious files located in this data.”
Due to the potential impact to critical infrastructure, Rook Security and the FBI Indianapolis Cyber Task Force collaborated to decrease the amount of time it would take to analyze and disseminate the intelligence. The objectives were to:
1. Identify any malicious files that could be weaponized from the leaked data set, consisting of over 50 projects (bundles of code) and 2200 binaries
2. Create IOCs and briefs for the affected vendors, clients, critical infrastructure, FBI, U.S. Secret Service, DHS, ISPs and others.
3. Examine if any clients were impacted in the Hacking Team breach
4. Create a capability that can be used to determine if they were compromised by Hacking Team files.
“A primary part of our mission is to facilitate information sharing between public and private organizations, particularly when it involves timely and sensitive issues associated with data breaches, weaponizable code and their potentially harmful fallout,” said W.J. Abbott, Special Agent in Charge of the FBI Indianapolis Division.
Thompson concluded, “It is critical that private entities continue to increase collaboration with local, state, and national officials and law enforcement agencies to protect critical infrastructure, and private sector resources. None of us can be successful in this mission when acting alone.”
About Rook Security
Rook Security is a provider of global IT security solutions protecting sensitive data against dynamic, emerging threats. Rook’s advisory and managed security services deliver visibility, intelligence, and response® in security operations to overcome the complex problems that continue to plague most organizations. As an integrated extension of their internal team, Rook helps organizations achieve a mature security and risk management program. Rook's advisory and managed security services have helped to improve the way organizations from start-ups to Fortune 100 firms protect their data and manage their risk. For more information, join us on Twitter @RookSecurity, Facebook, or www.rooksecurity.com.