Milan Based IT Company That Sells Bitcoin Surveillance Capability To Law Enforcement, Hacked. Bitcoin transactions are much easier than once thought after Hacking Team, the Italian spy-ware vendor, was hacked early this month, and 400GB of internal data was released, after after review of internal e-mails from the company. These documents clearly illustrate how simple Hacking Team’s “Money Module” worked, and they provide a small glimpse into why customers were particularly interested in it.
In general, the Italian spy-ware company sold software allowing targets to be under a stealth type of surveillance using a computer or smart-phone, clients included law enforcement agencies worldwide. In January 2014, Hacking Team internally introduced a new feature as part of the version 9.2 upgrade of the RCS (Remote Control System) suite, the new version includes a way to track cryptocurrencies like Bitcoin and many others.
The Money Module also included support for Bitcoin alternatives including Litecoin, Feathercoin, and Namecoin.
Nick Weaver, a researcher at the International Computer Science Institute in Berkeley, California, also reviewed the same e-mails saying that “this feature should not be surprising, it is pretty straight-forward to grab the wallet.dat and related files using malicious code to get the password for the file when the user attempts to access their bitcoin.
Similarly, one can also do a search for Bitcoin related keywords in e-mail messages and other content on targeted computer, once you have a copy of the wallet.dat file you have the entire transaction history.
The wallet.dat file contains a user’s private keys, when combined with public transactions posted to the blockchain, the Bitcoin veil of protection is extracted. To make a long story short, the attacker gets the keys to untold amounts of data.
Very close to what American federal authorities came up with to prove that the Ross Ulbricht Bitcoin transactions were the same as Dread Pirate Roberts transactions.
Using Hacking Team’s solution, it would not matter if a target had encrypted wallet.dat, or was using an online wallet such as Coinbase. The embedded key-logger would the password, as as one leaked company e-mails revealed, the Money Module feature by default would instantly export data to the evidence files of the RCS software.