Does “hacking” apply to data found in publicly accessible locations? Lorenzo Franceschi-Bicchierai thinks so in Government Spyware Vendor Left Customer, Victim Data Online for Everyone to See.
However you answer that question, the post is an amusing tale of a spyware startup that left 20 gigabytes of data exposed to the public.
And it’s a valuable article, given the targeting data gthered:
…
Wolf Intelligence is part of the so-called “lawful intercept” industry. This is a relatively unregulated—but legal—part of the surveillance market that provides hacking and spy software to law enforcement and intelligence agencies around the world. Hacking Team, FinFisher, and NSO Group are the more well-known companies in this sector. According to a recent estimate, this market is expected to be worth $3.3 billion in 2022.These companies generally sell spyware that infects computers and cell phones with the goal of extracting evidence for police or intelligence operations, which can be particularly useful when authorities need to get around encryption and have a warrant to access the content of a target’s communications. But in the past, companies like Hacking Team, FinFisher, and NSO Group have all sold their malware to authoritarian regimes who have used it against human rights defenders, activists, and journalists.
As demand for these technologies has grown, many smaller players have entered the market. Some of them have made embarrassing mistakes that have helped cybersecurity researchers expose them.
…
You can spend $$$ on R&D developing cutting-edge malware or wait for rent-a-spy vendors and the like to leak it. Rent-a-spy vendors hire from the same gene pool that makes phishing the #1 means of cybersecurity breaches. Picking up malware litter has a higher ROI.
Is anyone keeping a list of rent-a-spy vendors? Pointers? Thanks!