Hacked emails reveal surveillance tool can hack Bitcoin wallet file

Ray Walsh

Ray Walsh

July 17, 2015

Earlier this month an unknown hacker broke into Italian spyware company Hacking Team’s computers.  During the breach, the black hat hacker copied much of the firm’s sensitive information, including vast amounts of private communications. The hacker also made a copy of this data, and subsequently released the source code for the company’s high-profile spy software onto the internet.  Now, in a new chapter of the story, it is believed that Hacking Team software may have been putting Bitcoin transaction anonymity in danger since 2014.

Hacking Team is a company that works hand in hand with government spy agencies (including the FBI) to provide them with the tools they need to access people’s computers. According to Hacking Team, the hack was a massive security breach for a number of reasons. Firstly, enough code was released to allow criminals with the know-how to be able to access any computer they wish. Do not forget, after all, that this is the surveillance software that top government agencies use. Eric Rabe, the company’s spokesperson, said,

‘Hacking Team’s investigation has determined that sufficient code was released to permit anyone to deploy the software against any target of their choice.’

Despite the company’s loud protests claiming that the unknown hacker has put their spyware in the hands of criminals, terrorists, and extortionists – an act it believes has caused an ‘extremely dangerous’ and ‘major threat’, most security experts, including Pedro Vilaca (an analyst who specializes in reverse engineering malware) agree that in reality criminals already have a broad range of spyware at their disposal that does much the same job.

Assuming this is true, the hacker may have been carrying out what he (or she) felt was a ‘vigilante’ mission. Releasing the source code to the world gives antivirus firms the opportunity to update their products so they can detect Hacking Team’s spyware. It also means that government agencies may (soon) no longer be able to use these tools to spy covertly on the general public.

Another aspect of the hack that has brought to light valuable information is the theft of private emails between Hacking Team and government agencies.  This content (which was also dumped on the internet for people to sift through) is where the discovery was made about Hacking Team’s ability to target an important Bitcoin file called a wallet code.

The emails reveal that back in January 2014 Hacking Team sent out internal correspondences to its clients, informing them of a new feature bundled with the 9.2 upgrade of its software. This upgrade to its ‘Remote Control System suite’ (RCS) boasted the ability to ‘track cryptocurrencies, such as BitCoin, and all the related information.’ The emails also reveal that the new feature was not confined to Bitcoin but worked with an array of cryptocurrencies, including (but not necessarily limited to) Litecoin, Namecoin and Feathercoin.

One researcher, Nicholas Weaver, from the International Computer Science Institute in Berkeley, California, has had a close look at the hacked emails. He feels that it should come as no surprise that Hacking Team’s software can do what it does,

‘It is straightforward to grab the wallet.dat and related files and for malcode to get the password for this file when the user accesses their bitcoins. Similarly, one can also search for Bitcoin-related keywords in e-mail messages and other content on their computer. And once you have a copy of the wallet.dat file, you have the entire transaction history.’

What we are discussing, then, is a very malicious bit of software. It works by waiting for the user to type in their password, and using a keylogger captures that password, giving it access to all transactions. Also, it does not matter whether the Bitcoin user has encryption or uses an online wallet like Coinbase. The nature of the attack, which waits for the user to type in their password, means that eventually Hacking Team’s software gets access to the wallet.dat file. There is no escaping it.

It is true, of course, that Bitcoin’s anonymity has made it a treasure trove for criminals who have been able to easily purchase and sell illegal goods, and launder vast amounts of money. There is no doubt that this is a primary reason law enforcement are desperate for a solution like the one Hacking Team provided last January.  However, with the code now in the public domain, concerns have undoubtedly been raised over the safety of Bitcoin transactions.

For now, no one knows exactly who has had access to the spyware, although leaked emails do give a few clues – the Egyptian Ministry of Defense and the Saudi Ministry of the Interior e-mailed Hacking Team with support queries. These reveal them to be amongst the governments that did use, or at least show an interest in using the cryptocurrency surveillance platform. On top of that, the hacker has released invoices that show a number of repressive governments have used RCS in one form or another, including Russia, Bahrain, the United Arab Emirates, Azerbaijan, Kazakhstan, and Uzbekistan.

What this all means for the future of Bitcoins is unclear. Hacking Team have warned that the source code is out there, and could be reverse-engineered, meaning that someone could, in theory, create their own version of RCS. Add to that the uncertainty of knowing that governments can snoop on Bitcoin wallets (and the damage that does to illegal dark web markets), and you certainly have a recipe for bearish sentiment.

Ray Walsh

I am a freelance journalist and blogger from England. I am highly interested in politics and in particular the subject of IR. I am an advocate for freedom of speech, equality, and personal privacy. On a more personal level I like to stay active, love snowboarding, swimming and cycling, enjoy seafood, and love to listen to trap music.

2 responses to “Hacked emails reveal surveillance tool can hack Bitcoin wallet file

  1. Excellent article, Ray. Reveals how risky BitCoins are with the source code still out there. Unless corrective measures are taken, this may well be the end of BitCoins. Thanks, Niraj (Founder at

    1. Don’t forget that the surveillance tool in question uses a keylogger, as such it could also wait for a user to enter their regular online banking details. I would argue that considering Bitcoins gained steeply in value during the time that the Grexit was being discussed ($50 in a month at one stage), and because they are in fact no more at risk from this than regular accounts, Bitcoins are still a relatively safe investment, and not likely to die anytime soon. This security breach is much more terrifying for lawbreakers than ordinary investors. Also, the possible Grexit has highlighted an advantage of Bitcoins – they can be used to move money out of a country when things go wrong. I’m glad you like the article.

Leave a Reply

Your email address will not be published. Required fields are marked *

Your Information will never be shared with any third party.
Enter your email address to receive your Beginner's Guide to Online Security for Free
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the ebook:
Your Information will never be shared with any third party.
Enter your email address to receive your Ultimate Online Privacy Guide eBook!
You'll also receive great privacy news and exclusive software deals!
Enter your email to get the eBook:
Special VPN Deal
Exclusive Offer
Get a Special Deal - 72% OFF!
With a biannual subscription
Exclusive Offer for Visitors!
50% Off Annual Plan
Limited Time Only
Exclusive price of
Exclusive Offer
Get NordVPN for only