Activist coder seeks help finding Hacking Team malware targets

A developer is building a way to detect Hacking Team malware. Can you help her?


Patrick Howell O'Neill


Published Jul 7, 2015   Updated May 28, 2021, 10:06 am CDT

It’s been 48 hours since Hacking Team found itself exposed due to a massive data breach. The notorious Italian cyberweapons dealers are likely now in emergency clean-up mode.

The race is on to identify the targets of Hacking Team across the world before the company’s clients—which include repressive regimes guilty of war crimes, like Ethiopia—can erase the links that point back to them.

Among the leaked data sits the code behind Hacking Team’s malware. A pseudonymous hacker named Poly is building a new tool able to sweep potentially infected machines and sniff out whether or not Hacking Team has it successfully infected. 

“I believe that the Internet has a great potential to aid democracy and free speech around the globe.”

Poly, a self-described cypherpunk who says she lives in “a pretty oppressive country” that is also a Hacking Team customer, is asking for help from the security community and amplification from the broader audience. Security experts can visit Hacking Team Sweeper’s GitHub page in order to help compile signatures unique to Hacking Team’s malware.

“I believe that the Internet has a great potential to aid democracy and free speech around the globe,” Poly told the Daily Dot. “However, others see it as a tool for oppression and control. I just think that actions speak louder than words, and thus [I] code for the future I want.”

Poly is a contributor to the Tor Project as well as her own security software.

“[Hacking Team] seem to sell their exploits to any paying client,” Poly explained. “One reason I hope to crowdfund these signatures is to protect activists where the law doesn’t protect them.”

Illustration by Max Fleishman

Share this article
*First Published: Jul 7, 2015, 8:16 pm CDT