Analyzing an Off-the-Shelf Surveillance Software: Hacking TeamCase Study

In July 2015, a major distributor and developer of covert surveillance tools, Italian company Hacking Team, has been hacked. Due to the attack, nearly 400 GB of internal data leaked on sharing networks. The data contained the latest version of the surveillance software named Galileo, including full technical and user documentation. We use this opportunity to examine key features of surveillance software that was designed for governmental agencies and its specification was kept secret. In this paper, we deploy the system in an isolated virtual environment and test its behavior during a surveillance operation. We use collected information to classify the advancement level of Galileo among similar mass-spread malware and the advanced persistent threats tools. With the hindsight of nearly two years, it is also possible to evaluate the impact the data leak had.