hackingteam.it - How is this legal/allowed?

[chapp]

Sure, EndGame (http://www.endgamesystems.com),  VUPEN (http://www.vupen.com/), NetraGard (http://www.netragard.com/)

Of course most companies involved in this sort of stuff keep it relatively quiet.

VUPEN is not quite at all. CEO and head of research at VUPEN Chauki Bekrar is an attention whore. There is a reason why they do pwn2own contests, it's all about fame.


I have to agree with Alin on this. There exist a number of companies making money on their security research, it does not matter if they sell this research to governments, send it to vendors or to other business.

[Mordred]

Again, kidding me? Do you have any idea about the laws for these kind of things? Selling applications is not illegal in any country yet, that same ting goes for an application that exploit flaws in other computer software.
On the other hand the laws for reverse engineering of software is very fuzzy.

So just because there aren't any laws you should do it, right? It seems to me that you're one of the people who's part of the problem rather than one who's looking for a solution. But then again, to each his own. If you want to sell security flaws on the black-market for financial compensation you're free to do so, but that doesn't mean it's the right thing to do.

I've sort of had enough of this human population trying to exploit eachother. Instead of working for the betterment of society you work for the money, a piece of paper which you were convinced has value, but which actually has none.

When having a 0-day you have four options;
1. Sell it on the black market and make potentially a lot of money.
2. Sell it to a company like ZDI.
3. Send the shit to full disclosure and get famous.
4. Coordinate release with vendor and expect 5-10 e-mails and 3-4 months until some random french idiot gets the point and then a couple months more testing 3-4 patches that does not fix the problem.

Those are the only options you find viable, not the only options in existence. I would offer any exploit I find for free to the developer because I can make my money via a stable job, not by being a thorn in society's back. But again, you're free to do whatever you want and it's not like anyone will waste their time trying to argue with you. There's bigger problems out there, but I guess those are irellevant as well with this kind of mindset.


Then again we digress from the original topic, which was how come is it legal to have a company which literally sells hacking services, when hacking itself is illegal in most (if not all) countries. If you want to have a discussion on the ethics of selling/buying vulnerabilities/exploits we can start a new topic.

[vezzy]

I think proxx nailed it when he mentioned the twisting of language to make two identical concepts appear different.

"Hacking" may be illegal in most countries, but the term itself is highly broad with at least ten definitions. It is legal when it's done with one's consent or under the banner of "penetration testing", "security auditing", "ethical hacking" and so on.

This software probably isn't classified as hacking, but likely under the legitimate category of policeware. While in reality policeware is no different from any malicious software that would normally be considered illegal, using different mnemonics to make it sound like it's beneficial for law enforcement and national security turns the game around.

It's all a simple matter of language manipulation/Newspeak and the fact that security is offensive as well.

[imation]

not herd of endgame systems...?

develop 0day for all three letter agenices!

[Mordred]

"Hacking" may be illegal in most countries, but the term itself is highly broad with at least ten definitions. It is legal when it's done with one's consent or under the banner of "penetration testing", "security auditing", "ethical hacking" and so on.

This software probably isn't classified as hacking, but likely under the legitimate category of policeware. While in reality policeware is no different from any malicious software that would normally be considered illegal, using different mnemonics to make it sound like it's beneficial for law enforcement and national security turns the game around.

Yeah, I guess that's the key point. Basically this applies:

This is no exception really.
weapons; illegal unless you call it peace
murder; illegal unless you call it freedom
....

You got the point.

[Z3R0]

Mordred, forgive me for giving such a short reply, but I really have nothing more to say other than: in the eyes of the US Government specifically (at least from what I have seen) anything is justifiable in the name of "national security"

[vezzy]

Forgive me for bumping this thread, but I just wanted to mention that 'Hacking Team' and their proprietary surveillance product were briefly mentioned in the documentary film Terms and Conditions May Apply. It was a great film overall, and highlights a whole bunch of privacy concerns, legal matters and coverups, some surveillance companies and so on.

There's probably some things you weren't aware of, so I definitely recommend people here watch it. It's freely available on lots of public BitTorrent trackers, despite being quite recent.

[Mordred]

Forgive me for bumping this thread, but I just wanted to mention that 'Hacking Team' and their proprietary surveillance product were briefly mentioned in the documentary film Terms and Conditions May Apply. It was a great film overall, and highlights a whole bunch of privacy concerns, legal matters and coverups, some surveillance companies and so on.

There's probably some things you weren't aware of, so I definitely recommend people here watch it. It's freely available on lots of public BitTorrent trackers, despite being quite recent.

Nice vezzy, thank you for the suggestion. I'll definitely watch it  today or tomorrow.

[WirelessDesert]

--snip--

Sweet! I'll definitely watch it!
XD, take a look at their websites terms and conditions, it's awesome!

4) For your protection

• (Should be C)By using these services, your information may be stored by legal entities in Utah, or other facilities. We are not responsible for that either

• 6) In Exchange for These Services

• In exchange for visiting this website, you have agreed to publish a post stating that you have visited this website on Facebook. Failure to do so may result in legal action.
• Furthermore, and with the same applicable penalties, you have also agreed to watch the film "Terms and Conditions May Apply", in any or all of the following mediums: Theatrical, VOD, SVOD, DVD, airplane, cruise ship, hotel, or building wall.
• [/l][/l][/l][/l][/l][/l]

• Ugh, stupid formatting.... it evens go on here....

[/list]

[Alin]

I'm also sorry for bringing up this old topic, but I'm really surprised by the reaction towards the use of "hacking" services by different governments. I don't know if the recent revelations just make you believe NSA is the only agency using the services, but you must never forget that NSA are working together with other top agencies around the world.


Why should the agencies not use these services, and why should people not provide these services? The internet do not have any general laws, and I am not aware of _any_ country that prohibited the use of bits and bytes and therefore no country has forbidden hacking by laws. In most countries, the use of hacking is prohibited by e.g. stealing data, but the question of "borrowing" a computer has never been raised. We will see a lot of malware mining some kind of online currency in the future, but is it illegal to borrow CPU resources? And do not just say yes, because in general there are no countries that has any specific laws with regard to this problem.





One must realise the use for intelligence agencies and it's not investigating what the wankers here at evilzone do. We are simply not a target, due to lack of intelligence in here. The pack of newbies in here makes the forum non-interesting for government agencies.


Stop bringing up moral questions about "hacking" as they are out of the scope, we must discuss what is really going on.


And at last, stop being naive. If the underground is using 0 days to target certain companies, why should the government not do so? Should moral be the reason _not_ to catch a bad guy? Have you ever watched a cops TV show and complained about the police breaking rules to catch criminals, cause they are doing it all the time.

[Architect]

The website and corporation is basically a whitehat recruiting center. Basically, it could be one of two things:

A. Legit, structured recruitment agency built by talented individuals for intelligence agencies who are great with programming and know their way around software, or
B. A federal honeypot disguised as a shady invite to an underground, little-known group who claim skill and offer no proof.

I agree with Ande. Either way, there's no way I'm going anywhere near that shit.

[ande]

I'm also sorry for bringing up this old topic, but I'm really surprised by the reaction towards the use of "hacking" services by different governments. I don't know if the recent revelations just make you believe NSA is the only agency using the services, but you must never forget that NSA are working together with other top agencies around the world.


Why should the agencies not use these services, and why should people not provide these services? The internet do not have any general laws, and I am not aware of _any_ country that prohibited the use of bits and bytes and therefore no country has forbidden hacking by laws. In most countries, the use of hacking is prohibited by e.g. stealing data, but the question of "borrowing" a computer has never been raised. We will see a lot of malware mining some kind of online currency in the future, but is it illegal to borrow CPU resources? And do not just say yes, because in general there are no countries that has any specific laws with regard to this problem.





One must realise the use for intelligence agencies and it's not investigating what the wankers here at evilzone do. We are simply not a target, due to lack of intelligence in here. The pack of newbies in here makes the forum non-interesting for government agencies.


Stop bringing up moral questions about "hacking" as they are out of the scope, we must discuss what is really going on.


And at last, stop being naive. If the underground is using 0 days to target certain companies, why should the government not do so? Should moral be the reason _not_ to catch a bad guy? Have you ever watched a cops TV show and complained about the police breaking rules to catch criminals, cause they are doing it all the time.

The agencies should not use these services because they are breaking the exact laws they are trying to enforce. The Internet itself has no laws, but there are PLENTY of country wide and union wise laws that prohibits the use of unauthorized systems and breaking into them. Here are a few US ones: http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx http://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

"borrowing" as you put it, is unauthorized access (seeing how you presented the argument). Borrowing something without permission is theft. Of course it is illegal to borrow CPU resources without permission. And there are laws against it.


Very nice of you to call us wankers and a pack of newbies. Don't expect to be here very long.

Moral questions about hacking should be brought up as much as possible. There are several cases where hacking can and are used for "good".

[Mordred]

One must realise the use for intelligence agencies and it's not investigating what the wankers here at evilzone do. We are simply not a target, due to lack of intelligence in here. The pack of newbies in here makes the forum non-interesting for government agencies.


Stop bringing up moral questions about "hacking" as they are out of the scope, we must discuss what is really going on.

Wow... You're really in your own world I see. Moral questions about hacking (I dunno why you use commas) are the number 1 topic discussed in any proper course/study where you learn about Sec. But obviously you don't even value morals related to hacking, so I can assume you are a self-tutor. In that case I recommend you take a class or something, cause you're missing big chunks of Basic Security 101.

I'm sure you can find a nice course to attend. Just a quick Google search and a bunch of options popped up.

But, as usual, ande managed to summarize all my thoughts, so read his post again and imagine it was me saying that.

[vezzy]

He makes a point about the forum, however.

[lucid]

He makes a point about the forum, however.

That there's no intelligence here? I mean sure there's a lot of stupid people anywhere you go but come on..