Hackers have written rootkits and backdoors for decades. But the development of commercial hacking software — complete with custom features, regular updates, and tech support — is fairly new.
“You’re actually getting a commercially developed product,” says Morgan Marquis-Boire, a security researcher who has authored reports on Hacking Team and the market for state-sponsored hacking tools for University of Toronto’s Citizen Lab. “That’s actually what makes it different from the sort of backdoors that hackers were using sort of for the lulz, like 18 years ago when I was opening my flatmate’s CD-ROM drive to freak him out.”
Companies like Hacking Team, Gamma International, and VUPEN are now developing this software and pitching it to government agencies around the world. And instead of opening people’s CD-ROMS, these clients are spying on citizens.
Hacking Team says it only sells to law enforcement and intelligence agencies and will not sell to countries that are blacklisted by NATO. Critics say the software has ended up in rogue hands, resulting in the near-hacking of one American citizen, the beating of a UAE activist, and the surveillance of pro-democracy Moroccan journalists, incidents the company has obliquely denied, citing client confidentiality and calling the claims “largely circumstantial.”