
Hacking Team hacked, attackers claim 400GB in dumped data - sandmansandine
http://www.csoonline.com/article/2943968/data-breach/hacking-team-hacked-attackers-claim-400gb-in-dumped-data.html
======
Fede_V
I do not want to sound shockingly naive, but I wonder how these people can
sleep at night. You've just sold software to some of the most brutal
governments in the world, who will use your technology to track down and
brutally torture incredibly brave human rights activists.

How can you do this, and still get up in the morning while looking at yourself
in the mirror? I can understand petty crime if the alternative is watching
your family starve, but these are all skilled software developers, it's not
like they will have a hard time finding a job.

The people who are involved in this should be forced to watch videos of what
those friendly governments do to the civil rights activists they catch.

~~~
Ntrails
_You 've just sold software to some of the most brutal governments in the
world, who will use your technology to track down and brutally torture
incredibly brave human rights activists._

You make so many assumptions about the viewpoint of the other person and then
state that you cannot understand how they behave like this. Of course you
cannot, you've phrased the question in a way which doesn't necessarily even
make sense from their point of view.

~~~
Fede_V
It's very possible that I've made some unfair assumptions. Could you give me a
more fair representation of what goes into the mind of someone selling
surveillance software to Sudan or Omar?

~~~
MichaelGG
I actually have software that'd be a decent fit for this use case. I'm working
on bringing it to market for VoIP companies to use in troubleshooting
networks. (Hint: It's super effective. At one place we cut ticket response
times down by an enormous factor.) And one benefit I'm planning on adding is
lawful intercept. A lot of VoIP companies are sitting at risk of getting a
valid warrant and having no way to respond. Some companies sell technical
insurance (pay monthly, they'll overnight an intercept box if you get a
warrant) for this exact reason and it's not cheap. Only problem is CALEA has
this dumbass weird format to provide the data in. But hey, that's worth like
$100K a year per company or so...

But it'd also be rather well suited for a government wanting to monitor
connections. Just some scaling issues. My thought process is currently going
"Well I could definitely use the money. And that'd put me in a better position
to compete. Otherwise another competitor will do it. Or worse, an open source
version will step up to the scale."

I'm not sure it's much different than selling general services to the public.
A lot of irrational people are going to buy your product and perhaps that
might propel them to success. Taken to its conclusion, I'd have a super
limited market as most people are idiots so given a choice, I'd only want to
help a very limited range of people. I just have to put my personal feelings
aside if I'm to deal with anyone in the real world.

~~~
TeMPOraL
Here's the problem: you think someone else will do it anyway thus damage is
certain, so you can at least be the first to profit from it. And guess what,
your competitors probably think the same thing. And you'll all rush to
delivering morally dubious products. Because hey, if someone will defect
anyway, it's best I defect fist.

I am increasingly convinced that the very point of morality is to steer
society away from stupid coordination failures like this.

~~~
MichaelGG
Fair point. I guess if I was convinced that my actions would actually matter,
then I'd care. It's like voting for a third candidate in US elections -
pointless.

Anyways I'm far more interested in how to get to a point to sell to
governments the first place. Hacking Team's marketing seems juvenile and lame
from the naming to the way they phrase stuff. But at E200K per license, they
were obviously successful.

------
antirez
I've no idea about the whole story and what Hacking Team exactly did during
the years, but I started to write serious code around 1998 working for
Vincenzetti, so I think I can provide some hint about this to counter-balance
all the hate.

* They allowed me to work on hping, releasing it as free software during most of my working hours. They supported my research that lead to [https://en.wikipedia.org/wiki/Idle_scan](https://en.wikipedia.org/wiki/Idle_scan)

* Vincenzetti taught me personally many things about POSIX, and he was a very skilled programmer. He wrote, AFAIK before SSH existed, a secure shell that was in use at least in Italy for some time. It used UDP and implemented the reliable connection on top of it in a secure way using state of art encryption. So we are talking about serious programmers.

* Bedeschi, the co-founder of the company, is an incredible hacker, from the way he typed to the keyboard to the incredible Unix knowledged he had.

I worked for a couple of months for their "SecLab", then left the company to
return in Sicily since I did not wanted to live in Milan. I don't want to
provide an ethical evaluation of the people and don't have enough information,
but I can assure you that they were an incredible team of talented hackers.

EDIT: For sure they were very competitive people. I remember than when I left,
Vincenzetti told me that it was a shame, I was a very talented programmer in
his opinion, and I would finish in my little town in Sicily writing "soccer
bet programs". He just wanted to push me to stay in the big city to know more
hackers and so forth. I'm glad I don't write soccer bet programs BTW.

~~~
mercurial
They are cut of the same cloth as people like Viktor Bout. As a direct result
of their actions, innocent people will be tortured and executed. Their
technical skill is irrelevant. Or rather, you could consider it an aggravating
circumstance: people of this class have a myriad of ways of earning a living,
they deliberately chose this course of action.

They shouldn't be protesting of their innocence on Twitter, they should be
wearing prison jumpsuits while awaiting sentencing.

~~~
antirez
I did not tried to justify any action, just provided what I remember of the
times I met with them. I don't have enough info to analyze what they did but
for sure I'm not a fan of seeing surveillance tools to governments killing
people or freedom. For my political visions I would not sell even to US since
I find death penalty not acceptable.

------
nickpsecurity
Poetic justice. Serves the bastards right. I'm sure hackers are flocking to
the download in search of awesome tools. If they're there, then we might see
independent, malware authors building some interesting things to produce
headaches with. Interesting times continue.

Note that many of us in INFOSEC said years ago that these offensive, cyber
companies developing weapons was a risk to us if they double-dealed _or got
breached_. Their weapons which we (and others) funded might get turned against
us. Depending on what's in the torrent, that scenario might begin playing out.

~~~
themartorana
Looks like they're double dealing, too. Invoices to Egypt and other oppressive
governments have already been found in the torrent dump.

 _Christopher Soghoian on Twitter: "Just from Torrent File listing, Hacking
Team's customers includes South Korea, Kazakhstan, Saudi Arabia, Oman,
Lebanon, and Mongolia."_

[https://mobile.twitter.com/csoghoian/status/6178628794050641...](https://mobile.twitter.com/csoghoian/status/617862879405064192)

Edit - just read Christopher Soghoian's entire Twitter stream for the juicy
bits. It's bad news for Hacking Team:

[https://mobile.twitter.com/csoghoian](https://mobile.twitter.com/csoghoian)

~~~
nickpsecurity
I posted a link to his stream with the rest on Schneier's blog. The stream
is... Hacking Team's own answer to Failblog. I only wish I had 400GB of
storage handy with a good network in case it gets taken down or something.
Hope people are copying the shit out of it.

Note: There torrent is so big and has so much stuff that this laptop I'm using
(few years old) was lagging on scrollbar with fan on full blast. Had to close
it lol.

------
bobcostas55
Someone is uploading things to github:
[https://github.com/hackedteam/](https://github.com/hackedteam/)

Take a look at the GeoTrust repo...

This is a very interesting file, too: [https://github.com/hackedteam/rcs-
common/blob/master/lib/rcs...](https://github.com/hackedteam/rcs-
common/blob/master/lib/rcs-common/evidence/file.rb#L17)

~~~
doki_pen
Looks like they are actively distributing child pornography. They should be
charged.

~~~
chris_wot
How do you figure that?

~~~
doki_pen
I was under the impression that they were planting files on the user's
computer to incriminate them. I don't really understand where this code is
getting it's payload from though.

~~~
DCoder
It seems like that code just builds random-ish data that conforms to the
wanted file format and then gives it incriminating names. For example:

[1] [https://github.com/hackedteam/rcs-
common/blob/38290d4eab2b2c...](https://github.com/hackedteam/rcs-
common/blob/38290d4eab2b2c295bea021429848a3666647827/lib/rcs-
common/evidence.rb#L110)

[2] [https://github.com/hackedteam/rcs-
common/blob/38290d4eab2b2c...](https://github.com/hackedteam/rcs-
common/blob/38290d4eab2b2c295bea021429848a3666647827/lib/rcs-
common/evidence/position.rb#L51)

~~~
ryan-c
That could plausibly be a tool for generating test data for forensics tools.
The hardcoded paths don't make a lot of sense for actually trying to plant
evidence.

------
kristofferR
Damn, this hack is massive.

This seems to include all their deals/financial data, the full source code to
everything (including some novel things like EFI malware and possibly some
Office/Flash 0days), all their mail, badges of every employee, personal
screenshots/porn habits etc etc.

It's not possible to get hacked harder than this.

~~~
Jugurtha
What if it was a deliberate effort from Hacking Team itself to fake a breach,
produce a torrent file to be downloaded and compromise whoever is downloading
it?

The size would need to be large enough that whoever trying to download it will
have to stay a relatively long time.

~~~
rjaco31
The massive PR hit they're taking means their company will most likely die.
And "compromising" someone merely by letting one download stuff is at best a
gamble, any decent infosec professional will examine this stuff with the same
precautions as when analyzing malware.

~~~
Jugurtha
This is exactly what I'm talking about: What I'm being downvoted for and what
each comment is doing is rationalizing why this simply _can 't happen_.
Everyone is confident about what Hacking Team is or isn't doing/thinking.

How can someone be so sure what an entity is thinking or doing? Yes, it's not
likely. Yes, it's risky.. but what if they were really bold?

The PR hit is a non issue if it is the case, since they can simply say what
happened: "Basically, here's how to own a huge number of very sophisticated
people". Make nice slides, and show them at Black Hat or something like that.
It's "research".

The icing on the cake would be to present this material to the very security
researchers who've been ownd. This would be a huge PR stunt since it's
basically security researchers who will download the file.. And if security
researchers are as confident as most people that this simply can't be a con,
then all the better :)

It is still not likely, but it would be beautiful.

PS: Something like that happened at NASA many, many, years ago. There was a
security breach and instead of shutting it down, the security team uploaded a
ton of bogus classified files, plans, and reports to keep the guy coming and
unsuspecting. Until they got him.

~~~
PavlovsCat
> Yes, it's risky.. but what if they were really bold?

Isn't the question really how careless the people downloading the file are?

Is it possible to infect hardware through a virtual machine? Let's just assume
it is; what's to stop someone from using a throwaway, one-way laptop? Get
fresh laptop, install the tools you need, copy the files over via USB or
network, disconnect the laptop and never connect it to anything ever again.
What am I missing?

To transfer a lot of data (e.g. analysis results) back from the potentially
infected machine, play back the data encoded as audio, record that with
another computer and convert it back to binary/plain text/whatever. (There
might be better ways but hey)

Sure, most people probably won't bother with any such stuff, and just stick to
"only" viewing text files and images etc., but then all HT would have shown is
what has been proven with email spam already: that if you can get people to
treat unknown files carelessly, not to mention run executables, you can infect
them.

------
bjterry
> ...Hacking Team's customers include South Korea, Kazakhstan, Saudi Arabia,
> Oman, Lebanon, and Mongolia. Yet, the company maintains that it does not do
> business with oppressive governments.

I was curious if those were all oppressive governments, especially since South
Korea was included. According to a couple indices on Wikipedia [1] South Korea
is pretty free (only the press freedom index is lower than America's), and
Mongolia's not so bad (political freedom, but weakness in press and economic
freedom). Pretty hard to lump South Korea in with Saudi Arabia or Kazakhstan.

1:
[https://en.wikipedia.org/wiki/List_of_freedom_indices](https://en.wikipedia.org/wiki/List_of_freedom_indices)

~~~
Zigurd
South Korea is fairly recently free-ish. Up until 1987 South Korea had a
heavily US-influenced authoritarian government with a token legal opposition.
The US still has a very strong influence in South Korea. There are also recent
incidents that betray a lack of confidence in democracy:
[http://www.wsj.com/articles/south-korea-court-dissolves-
left...](http://www.wsj.com/articles/south-korea-court-dissolves-left-wing-
political-party-1418960046)

It's a perfectly nice place to visit. People there apparently feel free to
talk about everything: The war, the Park era, etc. Unions can be quite
militant. But they are not as free as Americans.

~~~
veddox
> But they are not as free as Americans.

Oh, give over! As if the US of A were the ultimate land of freedom. With the
NSA, Guantanamo, race-based police violence...

[Disclaimer: I have nothing against the USA (well, almost nothing). But I
can't stand people talking about it as if it was the only true democracy/free
country/heaven on earth.]

~~~
celticninja
But they have guns. For some reason there is the belief that if you have guns
then you are more free than someone without guns. Perhaps because the original
intention was that if you have an armed population then they cannot be ruled
over by means of force or they would at least be able to rise up against their
opressors in a meaningful fashion.

Guns in America are a bit of an opiate for the masses, people have guns and
feel free therefore they dont need to rise up against their government no
matter what other constitutional freedoms they shit on as long as they dont
attempt to take their guns they will pretty much let them get away with
anything.

~~~
caskance
Freedom is a feeling. If you feel free, then you are free.

~~~
griffinmb
That's an interesting way of looking at it, though I disagree. Consider the
society depicted in Brave New World (or, more recently, District 1 in the
Hunger Games).

It may be fiction, but I think it showcases a true-to-life phenomenon where
people feel free only because of hyper-stimulation. Because they have so much,
they don't think about everything they lack.

~~~
caskance
One could say the same about any so-called free people. Do you feel free? Even
though you don't have eternal life? Even though you can't afford to fly to
work every day in a jetpack? Even though you can't have sex with a woman other
than your wife? If you have the things that matter to you, and can make the
choices that are meaningful to you, then you are free.

------
mikeyouse
They were stonewalling a UN investigation into selling their services to Sudan
during the civil war.. Unbelievable..

[https://twitter.com/csoghoian/status/617892200618291200](https://twitter.com/csoghoian/status/617892200618291200)

~~~
dev-da0
They're profiteers off deaths, abuse and repression of people, plain and
simple. The whole lot of these folks should be in jail.

~~~
contingencies
Yes.

However, the cynic in me suggests that those who sell weapons to nation-states
tend to receive protection from nation-states.

Which percentage of their customers will _not_ be pissed off enough to watch
them burn over sticking their neck out to help, though? Probably only the most
corrupt, if an appropriate amount of funds are dispersed to support rapid
processing.

------
HelloNurse
Don't miss: the bullshit at [http://www.hackingteam.it/index.php/customer-
policy](http://www.hackingteam.it/index.php/customer-policy)

"We do not sell products to governments or to countries blacklisted by the
U.S., E.U., U.N., NATO or ASEAN.

We review potential customers before a sale to determine whether or not there
is objective evidence or credible concerns that Hacking Team technology
provided to the customer will be used to facilitate human rights violations."

------
cinquemb
"regulations are annoying, it cuts into our profit margin when we have to find
a reseller and give them a percentage"[0]

Well this could certainly shed light on the role that contractors operate in
ways we have yet to see from the snowden _" leaks"_ (of which most still
remains unleaked[1])…

RE: "Media practice of consulting with governments on what to publish or
withhold of material disclosed by risk takers, is anti-democratic,
unconsitutional, venal, protective of privilege and betrayal of public
trust."[2]

[0]:
[https://twitter.com/hackingteam/status/617892908583243776](https://twitter.com/hackingteam/status/617892908583243776)

[1]: [http://cryptome.org/2013/11/snowden-
tally.htm](http://cryptome.org/2013/11/snowden-tally.htm)

[2]: [http://thecryptosphere.com/2014/07/24/cryptome-kills-the-
kic...](http://thecryptosphere.com/2014/07/24/cryptome-kills-the-kickstarter-
an-interview-with-john-young/)

~~~
tptacek
Re [0]: TunsmosPetroleum.com is a weird, weird website.

~~~
cinquemb
Much weirder things are bound to show up in in these files… :)

------
sarciszewski
Good. Serves them right.

Normally I'm a bit more reserved when a company I dislike gets hacked, but
take a look at Hacking Team's history and you'll probably want to celebrate
too.

~~~
nickpsecurity
Not just hacked: this is almost on the Sony level. They got...

H A C K E D !!!!!

Maybe we'll get lucky and they'll face bankruptcy with their stuff available
for free now. :)

~~~
sarciszewski
I'm also hoping for criminal charges ;)

~~~
nickpsecurity
If we're lucky. They are in Italy and defense contractors after all with what
that entails...

------
justinjlynn
Direct link to the announcement tweet
[https://twitter.com/hackingteam/status/617852091390935040](https://twitter.com/hackingteam/status/617852091390935040)

------
lawnchair_larry
This is actually really bad, happy as I am to see this company get ruined.

People with an agenda are going to latch on to this to further push bad
legislation like Wassenar, and criminalize security research, or worse, make
it "terrorism", because Soghoian runs his mouth and policy makers don't
understand how things really work.

~~~
tptacek
By "runs his mouth", you mean, "says things people like us disagree with"?

This whole "demonize Soghoian" strategy simply isn't working. People who
engage in it sound petulant, not persuasive.

My guess is more than half of HN readers would sympathize with his positions.

~~~
sarciszewski
I've previously had disagreements with Soghoian before, but he's generally
reasonable. He's not exactly cartoon villain material.

~~~
hacktivistic
Generally reasonable? You've gotta be kidding. The guy launches into Twitter
rants daily, often blasting away with ad hominems.

On balance, I think he probably does more good than harm for our community.
But it's a very close call.

~~~
sarciszewski
Yeah, Twitter's not exactly a medium that promotes civility.

------
wslh
Just looking at the torrent I found Coca Cola, Google, Carrefour, and
Movistar. I would love to see an index of this information to quickly search
the content.

~~~
Veratyr
I had a look at the contents of the files I grepped with Google in the name
and it appears most of them are invoices and contracts for things like Maps,
Earth and Adwords.

My guess is they use Google Maps for finding addresses from GPS or vice versa.
Or something like that.

------
gruez
magnet link: magnet:?xt=urn:btih:51603bff88e0a1b3bad3962614978929c9d26955

~~~
ahofmann
I'm on windows trying to download this. qBittorent gives an error message on
import, utorrent does nothing (0% metadata loaded) and transmission loads
metadata to 100 % and then starts over. In the logfile it says: "[ERROR]
Hacked Team: Invalid metadata entry "path"". Transmission version is 2.84
(14386). Is there anyone loading this torrent on windows?

~~~
lhecker
The magnet link didn't work for me. But then I tried using
[http://infotomb.com/eyyxo.torrent](http://infotomb.com/eyyxo.torrent)
instead, which worked immediately with Transmission 2.90 (OSX) and Tixati
(Windows).

btw:

The MD5 of eyyxo.torrent is 26183ae8f24e798a15d77dd3476f5ed9

I mirrored the torrent file on my server in case infotomb gets offline again:
[https://hecker.io/eyyxo.torrent](https://hecker.io/eyyxo.torrent)

~~~
brobinson
You could also throw it up on Torcache, since that's basically its entire
purpose: just a dedicated .torrent mirror.

------
evilDagmar
What I find most entertaining is that they've gone to get help from the
police.

Seriously, guys? Live by sword, die by the sword.

------
HelloNurse
David Vincenzetti's page on LinkedIn
([https://www.linkedin.com/in/vincenzetti](https://www.linkedin.com/in/vincenzetti))
features a recommendation from Tommaso Vincenzetti (brother? Cousin?) and a
list of many skills, including "Information Security", "Security Audits",
"Vulnerability Management", "Ethical Hacking" and less funny ones.

Marco Valleri, another Hacking Team employee, lists himself on LinkedIn as a
"Jedi". Nice corporate culture.

------
infinitysgame
400GB dump?! Can't imaging how many 'accomplices' will get sucked into this!

------
Globz
FTP link to all files : [http://ht.musalbas.com/](http://ht.musalbas.com/)

------
Globz
This link is part of their knowledge base :
[http://ht.musalbas.com/KnowledgeBase/Windows%20-%20Soldier%2...](http://ht.musalbas.com/KnowledgeBase/Windows%20-%20Soldier%20Feature%20Compatibility%209.6%20-%20%5dHT%5b%20%3a%3a%20KnowledgeBase%20Product.html)

This one is about "Soldier"

------
danr4
I'm actually surprised this doesn't happen more often. I think it's hacking
organizations like Anonymous that steer away people from "justice" hacking
into populism hacking. We need more of these shady & dirty secrets to come to
light.

------
eyeareque
The screen shots of the email showed they didn't use pgp it seems. Whoops.

Time to break out the popcorn.

~~~
woodman
I don't know how it is over there, but legally mandated record keeping
requirements are a pretty good excuse for not using public key encryption on
corporate mail servers. There are products that act as middlemen that
transparently convert between keys that are public and self generated... but
that kind of defeats the purpose of public key encryption.

~~~
HappyTypist
Not at all. Just securely store a copy of all work keys on a non-networked,
"cold storage" server and back it up for redundancy. Record keeping is
preserved while you gain the full benefits of PGP.

~~~
woodman
You're right about the cold storage aspect, I was thinking about some of the
transparent encryption gateway products that are out there. Email sent to
folks without PGP would still be unencrypted when it goes through the
corporate MTA, but a copy encrypted with the sender's public key would be
stored long term.

------
nissehulth
For those curious about file contents, this seems to be a mirror:
[http://ht.musalbas.com/](http://ht.musalbas.com/)

------
Apaze
Here you can the tree of the archive:
[https://paste.ee/r/N3rg7](https://paste.ee/r/N3rg7)

------
mirimir
Lorenzo Franceschi-Bicchierai at Motherboard reports evidence that
PhineasFisher hacked Hacking Team.[0] It's also possible that someone else
hacked both Hacking Team and PhineasFisher, of course.

[0] [http://motherboard.vice.com/read/hacker-claims-
responsibilit...](http://motherboard.vice.com/read/hacker-claims-
responsibility-for-the-hit-on-hacking-team)

~~~
ikeboy
I doubt it was PhineasFisher that was hacked; there's almost no attack vector.
S/he hadn't used the twitter account in almost a year , there's extremely
little info about them for any attacker to go on, and there's little obvious
motive for a hacker to impersonate them as opposed to starting their own
pseudonym or anything.

The only method of attack would be to know what email is used for the twitter
and hack it, or guess the password, neither of which should be easy against
someone using _minimal_ security precautions. (Or, I guess, it could be a
false-flag by the US, who could force twitter to do stuff; but that seems way
too much risk of PhineasFisher coming out elsewhere and exposing that. Did PF
ever put a pgp key somewhere?

------
dewyatt
Looks like libtorrent-rasterbar based clients are not able to handle the dump
(bencoded item limit). Transmission is working (slowly).

------
drannex
Why do I always find it funny (and sad) when this happens?

Interesting to see that they do in fact work with oppressive governments...

------
thomasrossi
Another question came to my mind, slightly related, what is another
interesting Italian company to check? I think "movimento 5 stelle", it's a
"""party""" which makes up whatever, it would be fun to show the fake votes
and all.

------
nohostname
i wonder who is behind this massive hack, is it a positive or even worst
group?

i wouldn't want to be in the private pictures leaked once the world knows you
are responsable for torture and murder of potential innocent people, very
nasty karma

~~~
ikeboy
According to
[https://twitter.com/lorenzoFB/status/618060756198772736](https://twitter.com/lorenzoFB/status/618060756198772736),
it's the same guy who hacked finfisher a year ago.

~~~
ikeboy
And now a follow up article [http://motherboard.vice.com/read/hacker-claims-
responsibilit...](http://motherboard.vice.com/read/hacker-claims-
responsibility-for-the-hit-on-hacking-team)

------
rurban
The childporn evidence being planted and esp. the violation of the Sudan
export restrictions will make a very good case for the procuratore di milano,
which famously is very independent. So they will face jailtime, yeah.

------
ophelia
Results of a static code analysis of the leaked git repos. I hope this
contributes to further research

[http://bit.ly/ht-code-analysis](http://bit.ly/ht-code-analysis)

------
giancarlostoro
It's been quite a while, surprised Twitter hasn't caught on to this and
stepped in or something? I guess it's not necessarily their responsibility
though.

------
chinathrow
What I want so see now is legal action, anything else is not relevant.

------
s-afra
How to download files hacking team?

------
thomasrossi
do you think there was some help from the inside? Or just overruled?

------
redwood
Palantir Europe?

------
curiousjorge
South Korea? Well I'm not surprised. Beneath the veil of democracy is a nanny
state, forcing kids to install surveillance tool on their mobile phones,
forcing bank and military to use IE and wonderfully secure ActiveX (required
to do just about anything private and sensitive in Korea), requiring social
insurance number to sign up for any website, use your real name so they can
take you away if you write a blog post in Korean about smoking marijuana in
Amsterdam, insanely bizarre Korean defamation law, polarized view of 'right'
and 'left', with left being persecuted and painted in the same light as North
Koreans, oppression of laborers, workers working for family owned
conglomerates, indecency law (make Korean porno in Canada and get arrested
once in Korea), hiding Gwangju massacre (officially a north korea inspired
rebellion), silence and censorship of poor treatment of foreign workers
(especially poorer Asian countries), east & west regionalism that creates
discriminating policies based on lineage, the shit list far too long to go on.

It's no North Korea or Saudi Arabia, but there is _active_ surveillance which
seems to be readily tolerated along with nepotism and corruption, because
Confucius says you should do what someone with an earlier birth date or higher
social status. To go against this machine is to give up the government's
version of Korean identity, a constant victim of passed aggressions of
neighboring countries which happened because Korea has never been blessed with
a great government or kings that always put the country in such predicaments.

~~~
meric

        Confucius says you should do what someone with an earlier birth date or higher social status
    

That's categorically false.

In one example in an old confucian book I read - if you are the ruler of the
country, and your parents committed a murder, you should first send an arrest
order against your parents - even if they protest otherwise, and then abdicate
and help your parents escape the law.

This example directly contradicts your generalised assertion[1].

In confucianism - you must try to fulfil your roles at all times. Yes you must
respect your elders, but in no way you should obey their commands without
considering your own position - and even if you wish to, do not obey them
blindly to the point of betraying the responsibilities of your other roles.
Don't murder your brother just because your parents told you to do so.

The "in confucianism you must obey your elders at all times" is a convenient
myth perpetrated by various governments and parents throughout history.

[1] According to confucianism, the parent always has higher social status than
the child, and, the parent could also be a visiting ruler of a much larger
country.

~~~
contingencies
Your argument may be true but it's semantics. The poster's point was that
Confucianism has a hierarchical/obedience type of effect on society, promoting
a mindset that fosters an acceptance of totalitarian rule. That's hard to
argue against.

The major Confucian-derived modern states are China, Japan, North Korea, South
Korea, arguably Singapore, Taiwan and Vietnam.

Personally, my visit to the headquarters of one of the major Korean major
mobile device manufacturer felt like a hideous preview of a dystopian future
where the workers are forced in to utter obedience: entering through airport
levels of security on a daily basis, living in numbered cells provided by the
company, taking company-provided transport from their assigned residence to
work. Even smoking was only permitted between certain regulated minutes, at
certain areas. Everyone wore a personalized tracking device used in order to
move about the campus. It was hard to describe as anything but oppressive, yet
the conditions for those workers are reportedly sought after!

(Edit in reply to below: Yes, I'm definitely in the Taoist camp.)

~~~
meric
Ah, what you see is one reason why the old Taoists railed against Confucianism
so much in their philosophy - Confucianism tells people what they should or
should not do, and in doing so, defeats itself in the kind of society it wants
to promote.

Confucianism claims the values of humanity are filial piety, kindness,
benevolence, justice, loyalty. The following passage from Tao Te Ching
challenges Confucianism directly.

    
    
        The great Tao fades away
        There is benevolence and justice
        Intelligence comes forth
        There is great deception
    
        The six relations are not harmonious
        There is filial piety and kind affection
        The country is in confused chaos
        There are loyal ministers
        
        Chapter 18, Tao Te Ching
    

The Taoists say, by the time you're writing a rulebook about how to have
humanity, all the values you're "treasuring" have already been lost. They
complain as you do the lack of spontaneity in a society following confucian
order.

The Sinic civilisation has been following a cycle swinging the pendulum
between Taoism "spontaneity" and Confucian "filial piety and benevolence" for
the past two thousand years, so I wouldn't worry about it.

    
    
       The Tao is constant in non-action
       Yet there is nothing it does not do
    
       Chpater 37, Tao Te Ching

~~~
curiousjorge
Interesting...so why is Taoism more prevalent in Sino countries and
Confucianism elsewhere?

Tao seems a bit like buddhism when it comes to the ephemeral, I like it.

~~~
contingencies
Not sure at all what you mean by 'Sino countries'.

AFAIK in Japan the predominant pre-Buddhist _shinto_ beliefs paralleled Taoism
in their nature-focus.

Korea and Vietnam had Taoism, at least in Vietnam it is still sort of alive,
though Buddhism far dominates. In Korea Buddhism and Christianity dominate.
Taiwan has numerous Taoist shrines, though Buddhism dominates it is not to the
same extent. Mainland China has effectively killed off Taoism almost entirely.

------
johansch
[https://twitter.com/hackingteam/status/617951037954125824](https://twitter.com/hackingteam/status/617951037954125824)

"Our network security staff hard at work while 5 MB/s is transferred out of
our internal network through his computer." along with presumably is a
screenshot of said staff watching youtube and reading facebook.

~~~
liviu-
His personal twitter got compromised as well
[http://i.imgur.com/OojV7zc.png](http://i.imgur.com/OojV7zc.png)

Also, various content:
[https://github.com/hackedteam](https://github.com/hackedteam) (repo with
their malware source code)
[https://twitter.com/Viss/status/617950211239837696](https://twitter.com/Viss/status/617950211239837696)
[http://i.imgur.com/26jLFmH.png](http://i.imgur.com/26jLFmH.png) (torrent
content) [http://i.imgur.com/XtVUiI8.png](http://i.imgur.com/XtVUiI8.png)
(torrent content)
[http://i.imgur.com/W4mzsHa.png](http://i.imgur.com/W4mzsHa.png) (emails)
[http://i.imgur.com/tdAKXFD.jpg](http://i.imgur.com/tdAKXFD.jpg) (emails)
[http://i.imgur.com/3ALTFdB.jpg](http://i.imgur.com/3ALTFdB.jpg) (their
customers) [https://archive.is/SYrgc](https://archive.is/SYrgc)

~~~
jacquesm
That Outlook window has a header labeled 'product activation failed'.

[http://i.imgur.com/tdAKXFD.jpg](http://i.imgur.com/tdAKXFD.jpg)

~~~
liviu-
They also have keygens for VMWare laying around, so they might have some
additional lawsuits coming their way.

~~~
chrisper
How do you know this?

------
stefantalpalaru
[https://www.privacyinternational.org/?q=node/147](https://www.privacyinternational.org/?q=node/147)
:

> It has come to Privacy International’s attention that Hacking Team appears
> to have received €1.5 million from two venture capital funds originating
> from the Region of Lombardy in 2007. One of the funds, Finlombarda Gestioni
> SGR S.p.A (FGSGR) has only a single shareholder - Finlombarda S.p.A, a
> public financial services agency whose only shareholder is the Region of
> Lombardy. Finlombarda S.p.A. designs, builds and manages financial services
> on behalf of the Region of Lombardy, placing the profits of Hacking Team
> hand-in-hand with the public finances of Lombardy. FGSGR also lists the Head
> of Venture Capital as being a Board Member of Hacking Team itself.

------
bitmapbrother
How can a security firm even be taken seriously when they don't even employ
two factor authentication at the very least.

------
bitmapbrother
They should now change their name to Hacked Team.

~~~
buren
They've changed get their display name to just that:
[https://mobile.twitter.com/hackingteam](https://mobile.twitter.com/hackingteam)

~~~
palmer_eldritch
They're probably not the ones who made that change though...

~~~
chris_wot
You think?

------
yAnonymous
Not sure how EU directives translate into Italian law, but I think what
they're doing would be illegal in Germany and other EU member states.

[http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:320...](http://eur-
lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32013L0040)

~~~
mikecb
Directives are generally binding, but leave implementation to member states.

------
curiousjorge
David Vincenzetti will forever go down in history as a piece of shit.

~~~
middleclick
Got a link or two I can read about?

~~~
mikeyouse
[http://www.telegraph.co.uk/technology/8899353/The-spies-
behi...](http://www.telegraph.co.uk/technology/8899353/The-spies-behind-your-
screen.html)

~~~
keithpeter
_" The licences, which cost €200,000 (£171,228) per annum, are never sold to
states that are under EU or UN arms embargoes or to private companies or
individuals."_

Quote from the Telegraph article seems to provide the definition of 'ethical
government' that the company was using.

[https://www.gov.uk/current-arms-embargoes-and-other-
restrict...](https://www.gov.uk/current-arms-embargoes-and-other-restrictions)

The list is quite short.

