Hacking Team: 5 Tips For Recovering From The Alleged Breach

Hacking Team, an Italian company that helps governments spy on its own citizens has apparently been hacked itself.

As the story is such big news today I’ll let you get the details elsewhere – Graham Cluley’s article is as good a place to start as any.

Instead, here are a few ideas for how the company can respond to the alleged incident:

1. Move quickly

If Hacking Team has indeed been breached then the speed with which they respond could be key to mitigating the effects.

We’ve already seen what appears to be torrents full of corporate data appear on the web and attract an undue amount of attention via social networks.

Given the sensitive nature of their business, and the even more sensitive makeup of their alleged client list, it would make sense to do whatever possible to limit any further exposure of the company’s corporate data.

Taking the website offline until it can be thoroughly checked for the point of entry – and fixed – could be a good starting point.

Hacking Team would also we well-advised to remember it has other public-facing assets on the web too, i.e. Twitter accounts which also appear to have been compromised. Taking those down, along with any other accounts on Facebook, Google or elsewhere would also be prudent until fixes are made.

2. Get help

Normally sound advice to a small company would be to employ the services of a security professional following a breach. Their particular field of expertise could prove invaluable to an organisation whose main line of business lays outside the security field.

In the case of Hacking Team, we can only assume that some top talent is already on the payroll but, given the line they operate in, I’d imagine it has friends within some pretty interesting government departments.

Time to call in some favours?

3. Own it

Telling the world you take security seriously after a breach which demonstrated that you didn’t beforehand is an increasingly lame way of doing business. Given Hacking Team’s client list, that’s not an approach that will win it much repeat business should the hack claims be true – and let’s not forget that the internet is awash with nothing more than opinion right now; I’ve seen nothing to say a breach categorically did occur.

That said, if the claims are true, Hacking Team would be well advised to own up, at least to its customers, and start working towards building their trust again.

Denials and delays never helped anyone.

4. Disclose it

Disclosure is always important after a breach, either for regulatory reasons or simply to maintain goodwill with customers current and future. In this case, if a hack did occur, Hacking Team would likely be talking to clients who already know what’s gone on. Even so, working with the authorities seems like it’s a given.

5. Ensure it doesn’t happen again

This is the big one.

If the company has been hacked once there is every chance it could be targeted again, especially given the nature of its business.

While no-one likes to think about lightning striking once, there is a real danger it could strike twice. If that is a sentiment that applies to Hacking Team, it may wish to brush off its disaster recovery plan, check its security procedures and, depending on how the alleged attack was initiated, look into some staff security training.

Even more importantly, the company may need to employ some expert negotiators if it wishes to continue attracting nation-state contracts for its services.

So there are my thoughts – can you offer Hacking Team any extra tips for coping with the apparent hack it has experienced?

image credit: Reactions to the Hacking Team breach

Leave a Reply