Rook Security collaborates with FBI Indianapolis Cyber Task Force to reduce impact of Hacking Team breach

rook 112Rook Security, an Indianapolis, IN-based provider of global IT security solutions protecting sensitive data against dynamic, emerging threats, announced on July 17 that it has been collaborating with the FBI Indianapolis Cyber Task Force in response to the recent Hacking Team breach and subsequent global fallout, confusion, and concern. Rook Security has been briefing FBI Indianapolis throughout the week regarding key findings that its researchers have identified, within the breached and publicly-leaked Hacking Team company files, which have been categorized as malicious and weaponizable. In addition, Rook Security also released a free automated detection tool, dubbed ‘Milano’, which helps organizations ascertain whether or not they are affected by the breached files.

On July 5, the Italy-based company Hacking Team, which specializes in surveillance technology, was reportedly breached and significant data was obtained and publicly leaked. The attackers published a torrent file with 400GB of internal documents, source code, and email communications including detailed customer information.

“This breach has been very unique in nature and challenging for security technology vendors to obtain code samples to create signatures and patches, thereby leaving scores of systems potentially vulnerable to nefarious actors seeking to weaponize Hacking Team’s once proprietary tools,” said J.J. Thompson, CEO of Rook Security. “After our Intelligence Team quickly deduced how the leaked code could be weaponized and used for harm, we immediately put a team in place to identify, analyze, and detect malicious files located in this data.”

Due to the potential impact to critical infrastructure, Rook Security and the FBI Indianapolis Cyber Task Force collaborated to decrease the amount of time it would take to analyze and disseminate the intelligence. The objectives were to:

  1. Identify any malicious files that could be weaponized from the leaked data set, consisting of over 50 projects (bundles of code) and 2200 binaries
  2. Create IOCs and briefs for the affected vendors, clients, critical infrastructure, FBI, U.S. Secret Service, DHS, ISPs and others.
  3. Examine if any clients were impacted in the Hacking Team breach
  4. Create a capability that can be use to determine if they were compromised by Hacking Team files.

“A primary part of our mission is to facilitate information sharing between public and private organizations, particularly when it involves timely and sensitive issues associated with data breaches, weaponizable code and their potentially harmful fallout,” said W.J. Abbott, Special Agent in Charge of the FBI Indianapolis Division.

Thompson concluded, “It is critical that private entities continue to increase collaboration with local, state, and national officials and law enforcement agencies to protect critical infrastructure, and private sector resources. None of us can be successful in this mission when acting alone.”

Source: Rook Security