Hacking Team hack: Industry reaction and insight

Following the news that cybersecurity firm Hacking Team was hacked itself, losing 400GB worth of confidential data, various industry experts have offered their comments and insight.

Mark James, Security Specialist at IT Security Firm ESET:

“It could be just as simple as a client of a company that delivers network monitoring software for internal use. Whether that’s for internal use or to warn of a potential hack, all the hype around the Hacking Team is to do with “bad” software that put them on the map.

"They had to start somewhere and this client list makes no indication of exactly what does and does not make them a client for. Large corporations need to protect their data, for some it’s one of the most important aspects of their portfolio, it makes sense to protect that."

Craig Young, Security Researcher at Tripwire:

"These tools could be used by a private corporation to monitor employees. For example, a company concerned about employees stealing trade secrets may pre-load employee computing devices with monitoring software. It could also be the case that some companies would like to glean information from competitors.

"In some cases the software may also be used to gain intelligence on customers like a bank validating whether funds are coming from an illegal enterprise. The worst case would be private corporations using this type of software to gain marketing intel by spying on the customers and the general public.

"It will definitely be interesting in the coming months to hear responses from the companies and anti-virus vendors about where HT software has been deployed."

Mark Kraynak, Chief Product Officer at Imperva:

"One important take away from all of this is that governments around the world are focusing their resources on offensive techniques. Ironically, this means they are doing many of the same things - building malware and surveillance tools similar to spyware - that the “bad” guys are doing but for different purposes.

"Also ironically, it means that the incremental exposure represented by this breach might not actually be so big, as the “bad” guys already are doing many of the same things. In the end it means that businesses and individuals are left to their own devices to defend themselves."

Image Credit: Shutterstock/Benoit Daoust