Hacking
For the average business, however, anti-virus or more sophisticated malware-blocking tech won’t be enough to keep government-grade malware like that created by Hacking Team out. But there are other services on offer and one of them is free.
Facebook announced today it was pushing out some “query packs” on its code page that would enable IT folk to quickly look for signs of Hacking Team infection. These query packs form part of Facebook’s “osquery”, a free and open source framework that can be used to gather network data and quickly ask questions to uncover potential security threats. It’s part of the social network’s own security defences and was updated recently to protect against some critical Apple Mac and iPhone vulnerabilities.
Whilst query packs can be created to bunch specific, commonly-used sets of questions for datasets, Facebook has released a handful of its own, including ones related specifically to
Facebook told FORBES it hadn’t put together other query packs for other operating systems but noted that users can simply create their own queries to identify other "indicators of compromise", such as slow performance or daemon processes.
There’s also a vulnerability management pack that promises to help IT “collect and quickly identify outdated and vulnerable software”. “Whether you're interested or responsible for the operating system, browsers, browser plugins, particular applications, or packages, you can audit for vulnerable hosts and validate whether an upgrade was successful,” Marcos added.
Hacking Team has capabilities across operating systems far beyond Apple’s Mac OS X, including Microsot Windows and Linux, as well as mobile platforms Android and iOS. The emails show it’s had mixed successes with different systems, with iOS proving tricky, often requiring the device to be jailbroken, where Apple’s controls over the iPhone are removed by exploiting the device.
One email outlining future plans, dated 1 July 2015, includes updates for Hacking Team’s Galileo surveillance tool so that it could infect Windows 10 clients, and do more on Macs, including the capture of a token for iCloud, so snoops could sneak into targets’ accounts.
“The capabilities are more or less similar to that of windows with just some features missing,” noted former Hacking Team Android developer, and founder of defensive firm ReaQta.
Perhaps most concerning of all Hacking Team’s malware is one that can infect the heart of the computer, the BIOS, which loads before the operating system, giving it incredible stealth. Though now Intel and other chip makers have been gifted insight into the workings of police-grade BIOS “rootkits”, the defenders of the world might have some time to man the digital barricades.