Italian online surveillance company, Hacking Team, has owned up to the fact that its Flash software was compromised by attackers and private data stolen as a result of the leak – which was later posted online by the attackers.
Hacking Team is an Italian firm that sells spying software to intelligence agencies everywhere in the world. But the fact that the software was stolen before being posted online indicated Hacking Team knew of a flaw in the software without telling Adobe, the original manufacturer.
“This is one of the fastest documented cases of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by the Hacking Team,” Jerome Segura of Malwarebytes wrote about the stolen Flash software.
Online security analysts said the stolen Flash software was part of a 400 GB stolen data that later surfaced online. And Hacking Team had said the data flaw was “the most beautiful Flash bug for the last four years.”
“When you know the severity of a flaw, there’s a duty to disclose it to the software vendor,” said Bharat Mistry, cybersecurity expert at Trend Micro. “Maybe they saw this as an avenue they could use for their own purposes and wanted to keep it under wraps. But Flash has a big presence on the web. There is mass potential for this bug to be exploited by criminals.”
Trend Micro, a software company, revealed that the attackers had put the exploit into computer codes and tools which they are sure to use to spread malicious software for stealing encrypted information and perpetuating online crimes.
According to Adobe, the flaw is capable of causing “a crash and potentially allow an attacker to take control of the infected system.”
The Flash 18.104.22.168 is at the heart of this flaw, and older versions of Macintosh, Linux, and Windows would be affected; but Adobe promises to release a fix on Wednesday.
Source: Hacking Team