Massive security leaks as spy company hacked; NSW privacy law inquiry; AISA appoints CEO

A company that produces surveillance tools for law enforcement agencies around the world has been hacked and its client list — which includes organisations in Sudan, Russia and Australia — leaked online, according to news reports.

Hacking Team is a company that provides “effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities”, according to the company’s website.

The Guardian reported that the firm appears to have been hacked. According to CSO Online, those behind the attack released a 400 GB torrent containing Hacking Team internal documents, source code and email communications, supposedly obtained during the hack.

According to the Guardian’s report on the story, the documents indicate Hacking Team has been working with “numerous repressive governments”, though that reporter said it “has not been possible” to independently verify the veracity of the documents.

According to what seems to be a Hacking Team client list posted by CSO, the breach has revealed the Australian Federal Police as an ex-customer of Hacking Team. Countries including Sudan, Russia, Ethiopia, Switzerland and the United States also had agencies on the apparent client list.

The leaked cache of data includes details of security vulnerabilities in various pieces of software, according to Krebs on Security.

One of these was a critical vulnerability in the Windows, Macintosh and Linux versions of Adobe Flash Player, and there is evidence that bug is already being actively exploited, according to Krebs.

Adobe reportedly said, “Successful exploitation [of the vulnerability] could cause a crash and potentially allow an attacker to take control of the affected system.”

Privacy invasion laws

The Legislative Council of the NSW Parliament is asking for comment from the public on the existing legal ramifications for privacy invasions like online revenge porn and drone surveillance.

Titled ‘Remedies for the serious invasion of privacy in New South Wales (Inquiry)’, the inquiry is being conducted by the Legislative Council’s Standing Committee on Law and Justice.

The inquiry will examine whether the existing remedies for “serious invasions of privacy” in New South Wales are adequate.

The standing committee is chaired by Natasha Maclaren-Jones, a Liberal Party member of the Legislative Council.

“The proliferation of social media has meant that invasions of privacy through online forums, such as the alarming trend of jilted lovers posting sexually explicit photographs of ex-partners on the internet, has immediate and vast-reaching repercussions,” Maclaren-Jones said.

“Privacy is also being impacted by other new technologies, such as increasingly affordable surveillance drones which fly overhead and can film people in their backyards and on private property,” she said.

Maclaren-Jones said the committee will “specifically consider whether there is a need for a statutory cause of action, or whether existing remedies — including the equitable action of breach of confidence — are adequate”.

For more information on the inquiry and on how to make a submission, visit the Law and Justice website.

The closing date for submissions is Friday, 4 September 2015.

AISA appoints first CEO

The Australian Information Security Association (AISA) has appointed Arno Brok as its CEO.

AISA’s board of directors announced the appointment on Friday, but the appointment was effective from a few days earlier on 1 July. Brok is the first CEO to be appointed by AISA’s board.

“After an exhaustive selection process, both internally and externally, the AISA board of directors determined that Arno was the best candidate to manage AISA’s strategy, represent AISA and further grow the organisation,” AISA’s board said in a statement.

Brok has been an executive at AISA since 2008 and was appointed national director at the organisation in December 2013. He previously worked as a director at Protiviti and has also worked at BAE Systems, Deloitte and Accenture.

In a statement to AISA members, Brok said: “I am honoured to be charged with managing this growing organisation, and AISA’s future.

“Given I now have the opportunity to move into a full-time role as CEO at AISA, I am excited to have my full focus and motivation dedicated to the goals of our organisation and members,” he said.

In an interview with ITnews, Brok said: “I believe we can grow and really become the voice of information security in Australia.”

Image credit: ©lollo/Dollar Photo Club