Italian spyware vendor Hacking Team’s internal data was hacked and released this week, leaking research and information on how its bitcoin spyware called “Money Module,” which was used to spy on protesters and political dissidents works.
The Italian spyware vendor has been selling the software that surveils computers or smartphones to a range of clients, including international law enforcement agencies. The software was launched in January 2014, and has been used to track down transactions of cryptocurrencies such as bitcoin, litecoin, feathercoin and namecoin.
The software targets one key file in a bitcoin wallet called wallet.dat, which contains a set of private keys needed to settle a transaction on the blockchain. Once the software gets hold of the keys, it acquires the entire transaction history.
“It is straightforward to grab the wallet.dat and related files and for malcode to get the password for this file when the user accesses their bitcoins,” Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California,told ArsTechnica. “Similarly, one can also search for Bitcoin-related keywords in e-mail messages and other content on their computer. And once you have a copy of the wallet.dat file, you have the entire transaction history (as Ross Ulbricht can attest to).”
According to the email leaks on Wikileaks, the software is able to collect a wide range of information apart from bitcoin and cryptcurrencies.
“The module is able to collect various information: list of contacts and local accounts, wallet (i.e., the money) and the history of transactions,” reads an email dated January 12, 2014, published by Wikileaks. “Currently it is intended only for Desktops (Windows, OS X, Linux), while introduction in Mobiles is still under evaluation.”