Government Spyware Vendor Left Customer, Victim Data Online for Everyone To See (vice.com) 25
The Germany-based spyware startup Wolf Intelligence exposed its own data, including surveillance target's information, passports scans of its founder and family, and recordings of meetings. From a report: A startup that claims to sell surveillance and hacking technologies to governments around the world left nearly all its data -- including information taken from infected targets and victims -- exposed online, according to a security firm who found the data. Wolf Intelligence, a Germany-based spyware company that made headlines for sending a bodyguard to Mauritania and prompting an international incident after the local government detained the bodyguard as collateral for a deal went wrong, left a trove of its own data exposed online. The leak exposed 20 gigabytes of data, including recordings of meetings with customers, a scan of a passport belonging to the company's founder, and scans of the founder's credit cards, and surveillance targets' data, according to researchers.
Security researchers from CSIS Security discovered the data on an unprotected command and control server and a public Google Drive folder. The researchers showed screenshots of the leaked data during a talk at the Virus Bulletin conference in Montreal, which Motherboard attended. "This is a very stupid story in the sense that you would think that a company actually selling surveillance tools like this would know more about operational security," CSIS co-founder Peter Kruse told Motherboard in an interview. "They exposed themselves -- literally everything was available publicly on the internet."
Security researchers from CSIS Security discovered the data on an unprotected command and control server and a public Google Drive folder. The researchers showed screenshots of the leaked data during a talk at the Virus Bulletin conference in Montreal, which Motherboard attended. "This is a very stupid story in the sense that you would think that a company actually selling surveillance tools like this would know more about operational security," CSIS co-founder Peter Kruse told Motherboard in an interview. "They exposed themselves -- literally everything was available publicly on the internet."
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
But your sister enjoys my lignite
Re: (Score:3)
It appears you have never worked anywhere.
There is always that one guy who you have no idea why they were hired, and why they are still there. And is a net loss to your work.
Surprising if 2016, but common now (Score:2)
I've lost respect for people who use "easy" cloud services.
Re: (Score:2)
Funny that it's a German company. "Cloud" is pronounced exactly the same as the German "klaut", which means "he/she/it steals", as well as the imperative plural of "steal!"
Best kind of advertising (Score:1)
They were just demonstrating their software on themselves! Look at how well it works!
Wolf Intelligence... (Score:2)
Doesn't sound very intelligent to me.
(disclaimer, I only RTFS)
Re: (Score:2)
I wonder if the German spy company Wolf Intelligence's name was inspired by Markus Wolf [wikipedia.org], the most notorious spymaster of the East German Stasi -- the spy organization with a state attached.
Re: (Score:2)
I'm pretty sure Wolf would turn green in envy when he could see just how easy it could've been. All the time and effort he put into it... only to see capitalism succeed yet again where communism failed.
Re: (Score:2)
I think this is (Score:2)
taking corporate transparency a little too far.
Summed up nicely in six words (Score:2)
What more does anyone need to say?
#facepalm
Re: (Score:2)
In response to the observation:
mark-t inquired:
What more does anyone need to say?
Only that editor msmash appears to have "corrected" Motherboard's proper use of the apostrophe following the plural word "targets" by inserting it between the second "t" and the pluralizer "s" - thus publicly displaying her ignorance of proper English punctuation.
Imagine my surprise ...
Hey, politicians, take a good look (Score:2)
This is the kind of company you want to make deals with concerning spying on your voters? If they can't even keep their own crap secure, do you think they will keep your shady deals with them from public eyes? From the eyes of the people you want to spy on that you on the other hand also want to vote for you?
Yeah. Smart move. Then again, we didn't exactly expect you to know anything about IT anyway, considering your track record.