Hark, the Hacking Team angels sing, it’s not us who’ve actually sinned The Hacking Team pushed out a new statement on Wednesday, moaning that the only victim of the mega-breach against its systems is Hacking Team itself. Eric Rabe, the firm's chief marketing and communications officer, complained that the controversial outfit is “being treated as the offender, and the criminals who attacked the …
They're good contenders, but there's been a couple of whoppers regarding Snowden and aftermath, Apple's ebook "misunderstanding of terms", and various others that are right up there with the Hacking Team's effort at ..damage mitigation.
I propose we call the fenomenon BBS ( Burnt Bum Syndrome) and measure it in BAUD ( Belligerent Arguments Under Distress )
Well, the choice of unit really depends on what is being measured - is it the hand-wringing and pleading and bullshit PR damage control or is it the scale of the offence that has been discovered?
On the second measure, this one rates quite high, to the point where calling it a 'Rabe' would perhaps be unwieldy as nearly everything must be expressed as a fraction of the whole unit - much like a Farad being rather too large for everyday usage.
Thus, Facebook's frequent land-grabs of personal content would rate about 50 millirabes, it being something people are largely entering into of their own volition. Perhaps a 'Schmidt', in honour of how much data Google hoovers up about everyone - even when you have told them to stop.
In terms of the former metric - the 'PR' response - the 'Rabe' might be a good measure but I think a 'Zuckerberg' may well be a good option as they are very much used to explaining things as just a 'misunderstanding' - nothing dodgy is going on, really.
So, I would estimate that Hacking Team is currently at about 20 kSt (kiloschmidts) and 5 Zb - rounding for simplicity.
But this is cumbersome; what's needed is a measurement to represent the level of farce.
Utilising our units, above, we can propose the Whisper, which represents the amount of straining of public belief that results from a breach of 1 St, being forcefully decelerated through a PR filter of 1 Zb.
Thus, Hacking Team are current outputting an estimated 100 kWsp.
At that level, the bullshit is visible from the moon on a clear day below and with a cheap pair of binoculars.
Reading this man's words, it takes a supreme effort not to vomit.
So, their software is not a 'weapon'. Okay, let's run with that for a moment.
The thing about 'weapons', is that they are usually at least somewhat obvious. If you supply a nation's police force with sidearms then, when they use them, it's known. You can't deny that your officers don't have guns because anyone seeing them on the street will be able to look at their hips and see the weapon.
If they draw the weapon, you know about it and if they use it against someone, that, too is generally known.
So let's compare that to the 'tools' supplied by Hacking Team.
In complete contrast with 'weapons', these 'tools' are supplied confidentially, without the knowledge of the people. Their existence is not admitted and is not readily able to be discerned. Moreover, when these 'tools' are used, they are used silently and secretly, hidden from the people they are used against.
So, fine -let's agree that the 'tools' developed and sold by Hacking Team are not 'weapons'. I am comfortable with that.
So let's now investigate the nature of these 'tools'.
The best analogy I can think of at the moment is to imagine (not very hard at the moment) a flaw in the software of cars that caused the brakes to be applied when the pedal was not pressed. Now imagine that that flaw was found by someone like Hacking Team and methods to exploit it were developed and then sold to law enforcement agencies, who were very keen to get their hands on some 'tools' to help them stop police chases.
To them, these 'tools' were, of course, 'necessary' and were justified because they 'helped save lives' and preventing access to these important 'crime-fighting tools' would only result in more danger to officers and reduce the safety of the public.
But here's the rub - even if we truly believe that these 'tools' were only sold to the most ethically upstanding institutions who, in turn, only used them in the most ethically justified situations and only after the most rigorous scrutiny and vetting and approval, the tools being used are not the whole pictures.
Why? Because they only work by exploiting vulnerabilities and those vulnerabilities exist however careful you are with the dissemination of those exploits and however ethical you are in their application. They are there, and their existence is a risk for anyone making use of the software - in the case of our analogy, to anyone driving one of the cars affected.
So, imagine that this vulnerability in the braking software causes so random issue where a car suddenly brakes, in heavy traffic on a freeway, causing a pile-up of a dozen or so cars, resulting in great delays for huge numbers of people, many injuries and a few deaths.
The software developed to exploit the vulnerability in that software is not the cause - the underlying vulnerability is. But to to know about this vulnerability - and not only that but to have researched it and tested it and understood it enough to know exactly how it might be triggered - but to not tell the manufacturer? I don't understand how that can fit any definition of ethical.
And to then bleat on about how what you are doing is necessary to protect people? Well, that is just an astonishing level of self-delusion at best or, more probably, outright lying.
But that is, again, assuming that they really do sell only to ethical institutions and their software really is only used for ethically-justified purposes in an ethically-guided fashion.
And that is something that, frankly, I doubt even they believe.
We now have a very real-world equivalent in the form of the Fiat-Chrysler 2013+ models, with the Fiat engine, that allows wireless remote control of the brakes, power-steering, etc. The POC is to be demoed at BlackHat next month. You can do some serious evil with that.
It seems that a Black-Hat actually has better moral sense than HT. Curious that.
"complained that the controversial outfit is “being treated as the offender, and the criminals who attacked the company are not”."
Well Boo fucking Hoo.
Is this guy really so deluded to not see why he is being treated like the villain by people who find his behaviour reprehensible (even if it is technically legal)?
He is a disingenuous turd-bot that's out of control.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
