Hacking Team has sent a warning that its devastating data breach will allow its spying tools to be used by criminals and terrorists. They witnessed more than 400GB of internal data released on Sunday, with this including emails (now available through WikiLeaks), client lists, financial information and source code.
Hacking Team's top product, the Remote Control System (RCS), is marketed to government agencies as a tool to intercept data on desktop computers and mobile devices. However, the company's claim isn't clear as to why someone would attempt to use software that has been under close examination.
Hacking Team spokesman Eric Rabe wrote that the investigation showed “that sufficient code was released to permit anyone to deploy the software against any target of their choice.”
Analysts that have looked at the breach have discovered at least one zero-day vulnerability that was part of Hacking Team's storage to get its software onto devices. The vulnerability has been patched. If others attempt to deploy the software, they would need to deceive people into installing it or use an exploit for another software vulnerability.
Engineers are updating RCS to allow clients to resume criminal and intelligence investigations. A majority of the company's clients have suspended use of RCS now.